Worry-Free Business Security (On-Premises) and Worry-Free Business Security Services (WFBS-SVC) minimal Windows requirements for ACS (Azure Code Signing)

Quelle: Link

 

Worry-Free Business Security (On-Premises) and Worry-Free Business Security Services (WFBS-SVC) minimal Windows requirements for ACS (Azure Code Signing)
Product/Version includes:Worry-Free Business Security Advanced , Worry-Free Business Security Standard , Worry-Free Business Security Services , View More
Update Date: 2023/05/29
Article Number: 000291908
Category: Install, Update

Microsoft requires security vendors to sign binaries using ACS. WFBS (On-Premises) and WFBS-SVC will be changing to this new certificate accordingly. However, a minimal update of the Microsoft KB will be required to support this new certificate.

Impact

Customers who do not have the minimum OS build/patch of Microsoft Windows after February 18, 2023 may encounter the following errors:

  • Agent Program and Services may not work properly.
  • There will be a reporting issue between the Windows Security Center (WSC) and the Trend Micro Security Agent which could result to the agent co-existing with Windows Defender. This could possibly lead to slow login, application lockup, or machine unresponsiveness.

To prevent this situation, Trend Micro will add a mechanism to the products to check whether ACS is already supported on the machine. If minimum OS build/patch of Microsoft Windows is not applied, it will prevent security agent fresh installation and agent hot fix after February 18, 2023.

 
Agent Program Upgrade blocking on non-ACS machines is a best effort implementation to prevent accidental deployment of new build on non-ACS compliant system. The ACS complaint detection logic however may not work correctly on some environment. Customers are strongly advised to apply appropriate MS KB to enable ACS support before deploying WFBS Patch 2472 or later.

Check Mechanism Release Schedule

  • Worry-Free Business Security Services (WFBS-SVC): January 9, 2022 Hot fix Maintenance
  • Worry-Free Business Security (On-Premises): To be included in all patches released after Patch 2459.

Customers who will be performing an update or install newer builds released after February 18, 2023 must have applied a minimum Microsoft Windows patch depending on the version of Windows you have deployed mentioned on the article, IMPORTANT BULLETIN: Trend Micro Server and Endpoint Protection Agent Minimum Windows Version Requirements for Updated Binaries After Mid-February 2023.

 
For machines that do not allow “trusted root CA auto update” or are in air-gapped or otherwise locked down environments, please make sure to apply Microsoft Identity Verification Root Certificate Authority 2020. A tool can be utilized for this by following the steps mentioned in this KB article. You may use the command EasyFixSysCerts.exe A1 .

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.