SHA-2 required compatibility

Microsoft announced deprecation of Secure Hash Algorithm 1 (SHA-1) and started migration process to SHA-2 in early 2019. Therefore, all certificates signed with the SHA-1 algorithm will no longer be recognized and will cause security alerts. Unfortunately, the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing.

The SHA-2 hashing algorithm (as a successor to SHA-1) is now the preferred method to guarantee SSL security durability. See Microsoft Docs article about Hash and Signature Algorithms exlink for further details.


This change means that on operating systems without SHA-2 support, your ESET security solution will no longer be able to update its modules, including the detection engine, ultimately making your ESET Mail Security not fully functional and unable to provide sufficient protection.

If you are running Microsoft Windows Server 2008 or Windows Server 2008 R2, ensure your system is compatible with SHA-2. Apply the patches according to your particular operating system version as follows:

Microsoft Windows Server 2008 R2 SP1 — apply KB4474419 exlink and KB4490628 exlink (an additional system restart might be necessary)

Microsoft Windows Server 2008 SP2 (x86 or x64) — apply KB4493730 exlink and KB4039648 exlink (an additional system restart might be necessary)


Once you have installed the updates and restarted your system, open ESET Mail Security GUI to check its status. In case the status is orange, perform an additional system restart. The status should then be green indicating maximum protection.


We strongly recommend that you install the latest Service Pack for your Microsoft Server operating system and server application. We also recommend that you install the latest Windows updates and hotfixes whenever available.