As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, Microsoft has released an update to Windows 7 SP1 and Windows Server 2008 R2 SP1 on August 13th, 2019 where the Microsoft Windows Updates are now SHA-2 signed instead of SHA-1 signed.. 

Updates that are only SHA-2 signed are not visible as an available download when certain versions of Symantec Endpoint Protection are installed.

This currently affects all versions of SEP.

Symantec has identified the potential for a negative interaction between Symantec Endpoint Protection and the changes explained within this Microsoft KB.

Symantec and Microsoft worked together to only allow the update to be visible to versions of Symantec Endpoint Protection that offer full support for Windows 7/Windows 2008 R2 Updates that are solely SHA-2 signed.

An upcoming version of Symantec Endpoint Protection will be released which adds support for the installation of updates that are only SHA-2 signed.

Symantec will update this article once more information is available. Click the Subscribe to this Article button to be notified of future updates through email.

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

Enterprise Support Virtual Agent
Rate Me :
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.
Feedback Will open a new window