SHA-2 support in Microsoft Windows for installing Kaspersky business solutions

 

General articles: Software compatibility

 
 
 

SHA-2 support in Microsoft Windows for installing Kaspersky business solutions

Back to "Software compatibility"
Latest update: September 20, 2021 ID: 15728
 
 
 
 

This article concerns:

  • Kaspersky Security 11.0.1 for Windows Server (version 11.0.1.897)
  • Kaspersky Endpoint Agent 3.10 MR3 and later
  • Kaspersky Industrial CyberSecurity for Nodes 3.0 and later
 
 
 
 

Microsoft stops the support of root certificates that allow signing the code of the drivers that works on the operating system kernel level. Now drivers are signed with the WHQL (Windows Hardware Quality Lab) signature which is based on the SHA-2 (SHA-256) algorithm. Verification of such a signature requires SHA-2 support in the operating system.

Before installing a Kaspersky business solution on a protected device with an operating system from the list below, please make sure that the system has updates that bring SHA-2 support. If SHA-2 is not supported, installation will be interrupted.

If the installation is performed:

  • When installing using the Installation Wizard, a notification about the lack of SHA-2 support is displayed, allowing you to abort or continue the installation.
  • When installing from the command line or remotely, you can ignore the verification by specifying the SKIP_SHA2_KB = 1 parameter.

Skip the check only if you are sure that the operating system on the protected device supports SHA-2.

If the OS on the protected device lacks SHA-2 support, the correct installation of the application modules and their operation cannot be guaranteed. The operating system might not work correctly.

The table below contains a list of supported Microsoft Windows OS versions that require updates for SHA-2 support:

Operating systemUpgrade
Windows 7 Professional/Enterprise/Ultimate (32/64 bit)KB3033929 or KB4474419
Windows Embedded Standard 7 SP1 (32/64 bit)KB3033929 or KB4474419
Windows Embedded POSReady 7 SP1 (32/64 bit)KB3033929 or KB4474419
Windows Embedded Standard/Enterprise 7 SP1 (32/64 bit)KB3033929 or KB4474419
Windows Vista SP2 (32/64 bit)KB4039648 or KB4474419
Microsoft Windows Server 2008 Standard/Enterprise/Datacenter SP2 or laterKB4039648 or KB4474419
Windows Server 2008 Core Standard/Enterprise/Datacenter SP2 or later (32/64 bit)KB4039648 or KB4474419
Windows 2008 Server Microsoft Remote Desktop Services SP2KB4039648 or KB4474419
Microsoft Small Business Server 2008 SP2 Standard/Premium and later (64 bit)KB4039648 or KB4474419
Windows Server 2008 R2 Foundation/Core/Standard/Enterprise/Datacenter SP1 or later (x64)KB3033929 or KB4474419
Windows Hyper-V Server 2008 R2 SP1 or later (x64)KB3033929 or KB4474419
Windows 2008 Server R2 Microsoft Remote Desktop ServicesKB3033929 or KB4474419
Microsoft Small Business Server 2011 Essentials/Standard SP1 or later (64 bit)KB3033929 or KB4474419
Microsoft Windows MultiPoint Server 2011 (64 bit)KB3033929 or KB4474419

This table does not include the operating system updates with SHA-2 support that were published after the release of Kaspersky business solutions mentioned in this article.

 
 
 
 
Was this information helpful?
Yes No
Thank you
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK