Hi Community,
As of Sophos Endpoint Core Agent 2.7.6 (Started release May 20th for Endpoints, June 4th for Servers), all drivers are signed with only SHA256 (Previously they were SHA1 and SHA256 signed). This is a Microsoft driven change. In March 2019, Microsoft released an update to Windows 7 and Windows 2008 R2 to support SHA256 only driver signing. This Microsoft update is required in order to run Sophos Endpoint.
Systems which are current with Windows Updates will not be impacted.
Impact
As of Sophos Endpoint Core Agent 2.7.6, Customer may see following error:
C:\Windows\system32\drivers\SophosED.sys. error 0xc00004228 "cannot verify the digital signature"
This is due to Sophos start using only the SHA-2 hash algorithm. Please see below Microsoft article regarding this issue
What to do
Perform Windows Update to get the latest updates. Alternately, install Windows KBs 4474419 and 4490628.
Next update
This article will be updated as information becomes available.
This thread was automatically locked due to age.