Endpoint Security not starting. "Windows can not verify the digital signature"

Hello

We recently deployed elastic-agent with defend policy to windows servers and on some older ones 2012R2 we have following error. This is with agent 8.12.2

Checking status of elastic-agent.exe

PS C:\Program Files\Elastic\Agent> .\elastic-agent.exe status
┌─ fleet
│  └─ status: (HEALTHY) Connected
└─ elastic-agent
   ├─ status: (DEGRADED) 1 or more components/units in a failed state
   └─ endpoint-default
      ├─ status: (FAILED) failed install endpoint service: failed starting the command: failed to start "C:\\Program Fil
es\\Elastic\\Agent\\data\\elastic-agent-de80b0\\components\\endpoint-security.exe": fork/exec C:\Program Files\Elastic\A
gent\data\elastic-agent-de80b0\components\endpoint-security.exe: Windows cannot verify the digital signature for this fi
le. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that migh
t be malicious software from an unknown source.
      ├─ endpoint-default
      │  └─ status: (FAILED) failed install endpoint service: failed starting the command: failed to start "C:\\Program
Files\\Elastic\\Agent\\data\\elastic-agent-de80b0\\components\\endpoint-security.exe": fork/exec C:\Program Files\Elasti
c\Agent\data\elastic-agent-de80b0\components\endpoint-security.exe: Windows cannot verify the digital signature for this
 file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that m
ight be malicious software from an unknown source.
      └─ endpoint-default-aa988ac1-2a08-46f9-9cb0-3a2fc6f7c190
         └─ status: (FAILED) failed install endpoint service: failed starting the command: failed to start "C:\\Program
Files\\Elastic\\Agent\\data\\elastic-agent-de80b0\\components\\endpoint-security.exe": fork/exec C:\Program Files\Elasti
c\Agent\data\elastic-agent-de80b0\components\endpoint-security.exe: Windows cannot verify the digital signature for this
 file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that m
ight be malicious software from an unknown source.

Checking version of endpoint-security.exe

PS C:\Program Files\Elastic\Agent\data\elastic-agent-de80b0\components> .\endpoint-security.exe version
Program 'endpoint-security.exe' failed to run: Windows cannot verify the digital signature for this file. A recent
hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be
malicious software from an unknown sourceAt line:1 char:1
+ .\endpoint-security.exe version
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
At line:1 char:1
+ .\endpoint-security.exe version
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
    + FullyQualifiedErrorId : NativeCommandFailed

image

I've seen some posts for older versions where this was fixed, and some workarounds on windows that need server reboot to disable signature verification.

If you check the Support Matrix Elastic Defend 8.10.x was the last one supported on Windows Server 2012 R2

There's a pending PR to make this more obvious to the user Update Windows Defend Support by bjmcnic · Pull Request #4201 · elastic/elastic-agent · GitHub

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.