Endpoint Security not starting. "Windows can not verify the digital signature"

Elastic Security Endpoint Security
1

Hello

We recently deployed elastic-agent with defend policy to windows servers and on some older ones 2012R2 we have following error. This is with agent 8.12.2

Checking status of elastic-agent.exe

PS C:\Program Files\Elastic\Agent> .\elastic-agent.exe status
┌─ fleet
│  └─ status: (HEALTHY) Connected
└─ elastic-agent
   ├─ status: (DEGRADED) 1 or more components/units in a failed state
   └─ endpoint-default
      ├─ status: (FAILED) failed install endpoint service: failed starting the command: failed to start "C:\\Program Fil
es\\Elastic\\Agent\\data\\elastic-agent-de80b0\\components\\endpoint-security.exe": fork/exec C:\Program Files\Elastic\A
gent\data\elastic-agent-de80b0\components\endpoint-security.exe: Windows cannot verify the digital signature for this fi
le. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that migh
t be malicious software from an unknown source.
      ├─ endpoint-default
      │  └─ status: (FAILED) failed install endpoint service: failed starting the command: failed to start "C:\\Program
Files\\Elastic\\Agent\\data\\elastic-agent-de80b0\\components\\endpoint-security.exe": fork/exec C:\Program Files\Elasti
c\Agent\data\elastic-agent-de80b0\components\endpoint-security.exe: Windows cannot verify the digital signature for this
 file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that m
ight be malicious software from an unknown source.
      └─ endpoint-default-aa988ac1-2a08-46f9-9cb0-3a2fc6f7c190
         └─ status: (FAILED) failed install endpoint service: failed starting the command: failed to start "C:\\Program
Files\\Elastic\\Agent\\data\\elastic-agent-de80b0\\components\\endpoint-security.exe": fork/exec C:\Program Files\Elasti
c\Agent\data\elastic-agent-de80b0\components\endpoint-security.exe: Windows cannot verify the digital signature for this
 file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that m
ight be malicious software from an unknown source.

Checking version of endpoint-security.exe

PS C:\Program Files\Elastic\Agent\data\elastic-agent-de80b0\components> .\endpoint-security.exe version
Program 'endpoint-security.exe' failed to run: Windows cannot verify the digital signature for this file. A recent
hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be
malicious software from an unknown sourceAt line:1 char:1
+ .\endpoint-security.exe version
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
At line:1 char:1
+ .\endpoint-security.exe version
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
    + FullyQualifiedErrorId : NativeCommandFailed

image

I've seen some posts for older versions where this was fixed, and some workarounds on windows that need server reboot to disable signature verification.

2

If you check the Support Matrix Elastic Defend 8.10.x was the last one supported on Windows Server 2012 R2

There's a pending PR to make this more obvious to the user Update Windows Defend Support by bjmcnic · Pull Request #4201 · elastic/elastic-agent · GitHub

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.