[KB5858] Signature of ESET Live Installer is corrupt or invalid

Issue

  • You receive an error message about a corrupted/invalid signature after downloading ESET Live Installer

    Figure 1-1

The signature is valid; however, due to a new policy introduced by Microsoft at the beginning of this year, files that have been signed with a SHA-1 code-signing certificate and that have been time-stamped with a value greater than January 1, 2016, will no longer be considered as "trusted".

Affected operating systems:

  • Windows 7 and later
  • Windows Server operating systems

Affected browsers:

  • Microsoft Internet Explorer
  • Microsoft Edge

Details

This security measure from Microsoft comes in response to recent attacks on the SHA-1 algorithm. For more details, please see the following article from Microsoft:
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx

Solution

ESET has signed all affected Live Installer files with a new signature, which has resolved this issue.

To run older versions of ESET Live Installer, click View downloads, right-click the ESET Live Installer file and in then select Run anyway from the context menu.

Figure 1-2

You can now proceed with the installation.

Not recommended for all files 

Running applications with corrupted or invalid signatures is not a good security practice; the steps above should not be applied outside this context.