Code integrity windows signing error - KES11.4

[ahs]

Hi

Is anyone able to give advice on this error which occurs every 10 minutes within the CodeIntegrity log on all machines running KES 11.4.0.233 (Win 10 1909)

We’re trying to troublshoot some vague issues elsewhere and want to get this rules out by fixing.

Is there a way to get this fixed or does this require the next KES release to resolve with updated certificate signatures?

Thanks

 

[alexcad]

I have the same events - please contact support:

https://companyaccount.kaspersky.com/account/login

 

Regards
Alex

[ahs]

cheers good to know someone else with a big estate also has this, i didn’t really want to go through the whole support cycle and generating GSI’s, was hoping a Kaspersky person would be able to give some general advice or confirm if known/problematic first (presumably they’ll also see this error their end)

[ahs]

I’ve not been here since this community forum came into life, does this mean Kaspersky no longer have some staff who respond to queries like they used to?

[aehrlich]

Well… will the “metoo” hashtag help anybody?
There are two sha256 digital signatures, one’s root is win-default-trusted “DigiCert High Assurance EV Root CA” and the other's self-signed “Kaspersy Lab”. It is the latter “This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store” that probably causes EventLog message.
Annoying, filling up logs, but as long as the 1st signature (DigiCert-assured) is ok this is not a problem. You could even call it a bug in Windows instead if you prefer...

[alexcad]

Has anyone made a request to support? Then please post the ticket ID.

Regards
Alex