In the 2023.1 release of Sophos Central Endpoint/Server, we updated our requirements to comply with Microsoft's Azure Code Signing Program. All user-mode Portable Executables (PE) files are now signed using new Azure Code Signed (ACS) digital code signing certificates.
Read more here: Central Windows Endpoint/Server Azure Code Signing changes
For customers requiring a bit more time to get patched, we've included the ability to bypass ACS checks so you can deploy a version that doesn’t have ACS requirements. This will require you to use a Fixed Term Support (FTS) package, along with an installer command-line switch. The expiry date for FTS versions are as follows.
- FTS 2022.4.3.2 for Endpoints - October 10th, 2023
- FTS 2022.4.3.2 for Servers - November 14th, 2023
Our ACS KB Article has been updated to provide details on using the new bypass switch at the time of installation, along with defining an update management policy to deploy a software package that does not have ACS requirements. Check out the ‘New Installations’ sub-section under ‘I need time to apply the Windows Security Updates, is there an available option?’.
Note: If you try to use the ACS bypass switch to deploy a version of the software that does have ACS requirements, the installation will fail.