SHA-2 required compatibility

Microsoft announced deprecation of Secure Hash Algorithm 1 (SHA-1) and started migration process to SHA-2 in early 2019. Therefore, all certificates signed with the SHA-1 algorithm will no longer be recognized and will cause security alerts. Unfortunately, the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing.

The SHA-2 hashing algorithm (as a successor to SHA-1) is now the preferred method to guarantee SSL security durability. See Microsoft Docs article about Hash and Signature Algorithms for further details.


This change means that on operating systems without SHA-2 support, your ESET security solution will no longer be able to update its modules, including the detection engine, ultimately making your ESET Mail Security not fully functional and unable to provide sufficient protection

Microsoft Windows Server 2008 R2 SP1 — apply KB4474419 and KB4490628 (an additional system restart might be necessary)


When you have installed the updates and restarted your system, open ESET Mail Security main program window to check its status. If the status is orange, perform an additional system restart. The status should then be green, indicating maximum protection.


We strongly recommend installing the latest Service Pack for your Microsoft Server operating system and application. We recommend installing the latest Windows updates and hotfixes whenever available.