Allow Disabling of Status - Missing Support for Azure Code Signing

[whitefern 5]

Hello,

How can I turn off this notification? I understand that Windows 10 Version 21H2 or higher needs to be installed. However, I have zero intention of updating my Windows OS at this point in time. 

Could you please allow this status to be disabled in the "Application Status" under Advance setup.

Thank you.

 

 

[Marcos 5,074]

It's enough to update Windows 10 to update 21H2 or newer or install the appropriate update from https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4.

According to https://learn.microsoft.com/en-us/lifecycle/announcements/windows-10-21h1-end-of-servicing, Windows 10 21H1 reached EOL on Dec 13, 2002.

Without ACS support, ESET won't be able to update to newer versions after Dec 2023.

The notification cannot be disabled in home products.

[whitefern 5]

1 hour ago, Marcos said:

It's enough to update Windows 10 to update 21H2 or newer or install the appropriate update from https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4.

According to https://learn.microsoft.com/en-us/lifecycle/announcements/windows-10-21h1-end-of-servicing, Windows 10 21H1 reached EOL on Dec 13, 2002.

Without ACS support, ESET won't be able to update to newer versions after Dec 2023.

The notification cannot be disabled in home products.

 

Hello,

Thanks for your reply.

But there are millions of users who are still on Windows 10. And some of use may not be on 21H2.

I also understand that ESET won't be able to update to newer versions after Dec 2023 and the notification cannot be disabled in home products at the moment.

Could you please release an update where the users can at least hide the notification? It is annoying at the moment.

Thank you.

[Marcos 5,074]

In home products it won't be possible. With Microsoft ending support for Windows 10 21H1 and older, you won't receive any security updates which will make your Windows more vulnerable as time goes. It is crucial to keep the operating system as well as applications up to date all the time.

[whitefern 5]

17 minutes ago, Marcos said:

In home products it won't be possible. With Microsoft ending support for Windows 10 21H1 and older, you won't receive any security updates which will make your Windows more vulnerable as time goes. It is crucial to keep the operating system as well as applications up to date all the time.

Yes, I understand with all the ending support. But each users are on a different timeline.  I also understand the users won't be receiving any security updates. But the is the user's choice.

But you need to provide the users to suppress the notification. Suppressing the notification has nothing to do with security update. When the user suppress the notification, he/she is doing intentionally knowing the consequence.

Hence, please allow this option. Thank you.

[LesRMed 23]

Just out of curiosity, is there a reason you don't want to update to 22H2? It's still Windows 10.

[whitefern 5]

3 hours ago, LesRMed said:

Just out of curiosity, is there a reason you don't want to update to 22H2? It's still Windows 10.

I am using Windows 10 LTSC for my organisation/team client computers. And we have disabled Windows Update for various/several reasons. 

 

@Marcos

If currently the users are able to suppress the notification the notification for Windows Update, ESET developers can definitely allow the users to suppress the notification the notification for "Missing Support for Azure Code Signing"

Not everyone/organisation is on the same timeline as Microsoft proposes. We have number of PCs that are running earlier builds of Windows 10 LTSC. Even though, each client is managed individually and locally. Hence, we are not using Endpoint version of ESET. We have company wide policy to  disabled Windows Update for various/several reasons (specific production workflows and custom applications).

 You are going to provide Endpoint users the option to suppress the notification. Hence, I humbly request ESET developers to provide users the option to suppress the notification for your regular version of ESET.

Thank you.

[kurczak88 1]

14 hours ago, whitefern said:

I am using Windows 10 LTSC for my organisation/team client computers. And we have disabled Windows Update for various/several reasons. 

 

@Marcos

If currently the users are able to suppress the notification the notification for Windows Update, ESET developers can definitely allow the users to suppress the notification the notification for "Missing Support for Azure Code Signing"

Not everyone/organisation is on the same timeline as Microsoft proposes. We have number of PCs that are running earlier builds of Windows 10 LTSC. Even though, each client is managed individually and locally. Hence, we are not using Endpoint version of ESET. We have company wide policy to  disabled Windows Update for various/several reasons (specific production workflows and custom applications).

 You are going to provide Endpoint users the option to suppress the notification. Hence, I humbly request ESET developers to provide users the option to suppress the notification for your regular version of ESET.

Thank you.

 

21 hours ago, Marcos said:

In home products it won't be possible. With Microsoft ending support for Windows 10 21H1 and older, you won't receive any security updates which will make your Windows more vulnerable as time goes. It is crucial to keep the operating system as well as applications up to date all the time.

Also, I am asking the developers to do something about this notification so that it can be turned off.
I know that the system update, but it would also be useful for eset nod32 so that you can turn off the notification,
I don't want to change the antivirus because it is one of the best.  😕

[dany-nl 4]

I totally agree with whitefern and kurczak88  

I use Windows 10 (1703 Build 15063.2078) 64bit  and i don't want to upgrade it for personal reasons

I hope you will find a solution for us (turn off the notification)

regards

[Peter Randziak 1,130]

Hello guys,

as my colleague Marcos stated, in the products for the home users, the notification cannot be disabled as it will prevent future upgrades of your ESET protection.

The migration / Windows upgrade is not necessary, just installation of an update bringing the ACS support is needed https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4

The notification can be disabled in the ESET security products for business users, where the administrator is responsible for the system and it's security.

Peter

[kurczak88 1]

3 hours ago, Peter Randziak said:

Hello guys,

as my colleague Marcos stated, in the products for the home users, the notification cannot be disabled as it will prevent future upgrades of your ESET protection.

The migration / Windows upgrade is not necessary, just installation of an update bringing the ACS support is needed https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4

The notification can be disabled in the ESET security products for business users, where the administrator is responsible for the system and it's security.

Peter

So updates will still come even when this notification appears?

Is it possible to enter the key after the license has ended if it is a notification?

 

[Marcos 5,074]

Program updates won't work, only module updates will. Without ACS support you won't be able to install ESET either when the SHA2 Entrust certificate expires in Dec 2023.

[kurczak88 1]

1 hour ago, Marcos said:

Program updates won't work, only module updates will. Without ACS support you won't be able to install ESET either when the SHA2 Entrust certificate expires in Dec 2023.

1. Can I renew my license after it expires by entering a key?
 With this notification that is

2.I mean, will I be able to renew my license in March?

[Peter Randziak 1,130]

Yes sure. that you will be able to renew your license.
The licenses are not tight to a particular version.

[whitefern 5]

18 hours ago, Peter Randziak said:

 

The notification can be disabled in the ESET security products for business users, where the administrator is responsible for the system and it's security.

 

@Peter Randziak @Marcos

We are not "Home" Users. Isn't it oxymoronic? On your very website for business users, you also recommending "Home" products for business users who wants to lets users manages their endpoints/client PCs individually. The word "administrator" has a broad term for different organisation. 

Even for small  business who are letting users manages their endpoints individually, there is an IT administrator. Hence the lines are blurred.  
 

Quote

 as it will prevent future upgrades of your ESET protection.

It is administrator's and business owners choice when to upgrade their Apps and OS. There are various mission critical factors. We are not on the same timeline as everyone. I strongly believe there tons of business who are in the same position. 

1. If your "Home" products can be using in small and medium business environment, then the "Home" automatically becomes a "business" product. 
2. If currently the users of "Home" products  are able to suppress the notification the notification for Windows Update, ESET developers can definitely allow the users to suppress the notification the notification for "Missing Support for Azure Code Signing"
3. If you can let business users disabled the notification, due to "administrator" are "responsible" for the system and it's security, you can certainly and definitely let administrator of small and medium business environment who uses "Home" product. Which technically becomes a  "business" product. Which is by you own admission. 

Those who disable it, knows fully the consequence. Please and simply allow disabling of status - Missing Support for Azure Code Signing. It is not rocket science.

Thank you!

[dany-nl 4]

We live under pressure and oppression , you must upgrade your  Windows ...  browser... antivirus... otherwise you will not be able to use them after that , you have no choice 

i know how to protect myself, but let me choice

 

regards

[itman 1,659]

It appears "the message is not getting across here."

It also appears no one has bothered to read the posted link Microsoft article which states;

Quote

The /INTEGRITYCHECK linker option provides Windows kernel digital signature verification for user mode Portable Executables (PE) files. This linker option is required for anti-malware and anti-cheat scenarios to register components with the Windows Security Center.  

No one is forcing anyone to upgrade their Win OS version. That said, it is imperative to apply the appropriate KB update depending on Win version. If you don't, you will find Microsoft Defender real-time protection running side-by-side with Eset's.

Edited September 8, 2023 by itman

[Marcos 5,074]

The effect of not installing the KB adding ACS support will be that after Dec 2023 ESET will not be able to update to newer versions and users won't be able to install our products again unless ACS support is added to the OS.

[whitefern 5]

6 hours ago, Marcos said:

The effect of not installing the KB adding ACS support will be that after Dec 2023 ESET will not be able to update to newer versions and users won't be able to install our products again unless ACS support is added to the OS.

Users who don't update to the latest version of ESET Apps, knows fully of the consequence.

Just give the users the choice to disable the status. You can also prompt a explicit dialogue box letting users of the consequence. 

Since it would be after Dec 2023, you should release an update to the app to let suppress the notification. 

Thank you.

[m_b 0]

Please. Please. Please allow users to freeze updates of modules, but not the anti-virus signatures during general updates.  I am like many others who have chosen not to update to later versions of Windows 10 as I have taken a very long and extensive effort to get what software I use to work correctly with the earlier Windows 10 version I use, hence I have not nor want to continuously update.  When version 16.2.13.0 of EIS updated over my working verson 16.0.26.0 of EIS, I received the message about Azure support, but also the firewall was disabled as a result of the product version update.  There seemed to be no way around this.  I could not restart the firewall.  So the result was even less security.

So, please allow freezing the product version while receiving signature updates to at least keep that current.  Otherwise ESET is untenable.

Thank you.

[Marcos 5,074]

We don't force you to update Windows, it's your decision when you will do so even that keeping the OS up to date is crucial for maintaining the system protected against newly emerging exploits. In order for your ESET program to update after Dec 2023, it is enough to install just ACS support as per https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4. That said, you don't have to update whole Windows to a newer version to get ACS support.

[dany-nl 4]

Sorry to tell you this, but you are forcing us to upgrade our Windows
otherwise, let me get the antivirus updates and upgrade it in the future without having to update Windows
Well, i tried your link ... my version is Windows 10 (1703 Build 15063.2078) 64bit, and i did not find the update for my version, so i tried all the updates, and i always get this error (the update is not applicatble to your computer )
What should i do now ?
thank you all

[itman 1,659]

2 hours ago, dany-nl said:

Well, i tried your link ... my version is Windows 10 (1703 Build 15063.2078) 64bit, and i did not find the update for my version, so i tried all the updates, and i always get this error (the update is not applicatble to your computer )
What should i do now ?

Based on a Sophos article on this subject, "KB5022661—Windows support for the Azure Code Signing program," mitigation only applies to Win OS versions listed in the KB article. Otherwise, you will have to upgrade your Windows version;

Quote

If running a Windows version where Microsoft has not provided an ACS update, customers must migrate to a supported version of Windows and ensure the Microsoft Updates to support ACS have been applied.

https://support.sophos.com/support/s/article/KB-000045019?language=en_US#impacted

Edited September 10, 2023 by itman

[whitefern 5]

@Marcos

Now that I/We have established all the valid reasons, could you please allow the disabling of the status/notification in the next update.

Thank you.

[Marcos 5,074]

As itman pointed out, other AV vendors have the same recommendation re. ACS:

Quote

• If running a Windows version where Microsoft has not provided an ACS update, customers must migrate to a supported version of Windows and ensure the Microsoft Updates to support ACS have been applied.
• If running a Windows version no longer supported by XXXX,  but where an ACS update is available, the update could be applied to work around this issue. However, customers should be migrating to a supported version of Windows and ensure the Microsoft Updates to support ACS have been applied.
• If running a supported Windows version, customers must ensure the Microsoft Updates to support ACS have been applied. 

On all Windows operating systems, you must have the "Microsoft Identity Verification Root Certificate Authority 2020" certificate authority (CA) installed into the certificate store of "Local Computer" under "Trusted Root Certification Authorities."

From the 18th April 2023, new installations to operating systems that don't support Azure Code Signing (ACS) will fail.

From early-June 2023, Windows 10 (x64) operating systems and above that don't support Azure Code Signing (ACS) will fail to complete the upgrade process.

For ESET this deadline is the beginning of December 2023, ie. in less than 3 months from now.