Hello
We recently deployed elastic-agent with defend policy to windows servers and on some older ones 2012R2 we have following error. This is with agent 8.12.2
Checking status of elastic-agent.exe
PS C:\Program Files\Elastic\Agent> .\elastic-agent.exe status
┌─ fleet
│ └─ status: (HEALTHY) Connected
└─ elastic-agent
├─ status: (DEGRADED) 1 or more components/units in a failed state
└─ endpoint-default
├─ status: (FAILED) failed install endpoint service: failed starting the command: failed to start "C:\\Program Fil
es\\Elastic\\Agent\\data\\elastic-agent-de80b0\\components\\endpoint-security.exe": fork/exec C:\Program Files\Elastic\A
gent\data\elastic-agent-de80b0\components\endpoint-security.exe: Windows cannot verify the digital signature for this fi
le. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that migh
t be malicious software from an unknown source.
├─ endpoint-default
│ └─ status: (FAILED) failed install endpoint service: failed starting the command: failed to start "C:\\Program
Files\\Elastic\\Agent\\data\\elastic-agent-de80b0\\components\\endpoint-security.exe": fork/exec C:\Program Files\Elasti
c\Agent\data\elastic-agent-de80b0\components\endpoint-security.exe: Windows cannot verify the digital signature for this
file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that m
ight be malicious software from an unknown source.
└─ endpoint-default-aa988ac1-2a08-46f9-9cb0-3a2fc6f7c190
└─ status: (FAILED) failed install endpoint service: failed starting the command: failed to start "C:\\Program
Files\\Elastic\\Agent\\data\\elastic-agent-de80b0\\components\\endpoint-security.exe": fork/exec C:\Program Files\Elasti
c\Agent\data\elastic-agent-de80b0\components\endpoint-security.exe: Windows cannot verify the digital signature for this
file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that m
ight be malicious software from an unknown source.
Checking version of endpoint-security.exe
PS C:\Program Files\Elastic\Agent\data\elastic-agent-de80b0\components> .\endpoint-security.exe version
Program 'endpoint-security.exe' failed to run: Windows cannot verify the digital signature for this file. A recent
hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be
malicious software from an unknown sourceAt line:1 char:1
+ .\endpoint-security.exe version
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
At line:1 char:1
+ .\endpoint-security.exe version
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [], ApplicationFailedException
+ FullyQualifiedErrorId : NativeCommandFailed
I've seen some posts for older versions where this was fixed, and some workarounds on windows that need server reboot to disable signature verification.