Digital signature identification conflict when installing updates for Kaspersky Security 10.x for Windows Server released after May 23, 2016

Latest update: September 05, 2019 ID: 13192
The article concerns Kaspersky Security 10.0 for Windows Server.

An error may occur when critical application updates released after May 23, 2016 are applied on devices running under Microsoft Windows Server 2003. For example, this may happen when you run the integrity check task.


On May 23, 2016 Microsoft cross-certificates, which were used for signing builds and updates of Kaspersky Security 10.x for Windows Server, have expired. All critical updates and installation packages released after May 23, 2016 are signed with the new certificate. If root certificate updates are not installed and applied to your operating system, digital signature identification errors occur at the launch of the kavfs.exe service.


Please renew root certificates using one of the following methods:

  • Automatically. Automatic update of root certificates requires Internet connection for the protected server. 
  • Manually. Use this method when the protected server is not connected to the Internet. To update root certificates, please manually replace the digital certificate file before installing and applying critical updates. 
Did you find what you were searching for?
Thank you for your feedback!