If you cannot run Breach Remediation or Forensic Timeliner on an endpoint, there may be an issue with the security certificates on the endpoint.
Symptoms
The following error messages display when running Breach Remediation or Forensic Timeliner.
- Breach Remediation: Application integrity verification failed
- Forensic Timeliner: Error: Timeliner's digital signature is not trusted or tampered
Environments
- Breach Remediation
- Forensic Timeliner
- Windows endpoints
Cause
Windows endpoints running Breach Remediation or Forensic Timeliner require certificates to connect with the servers.
Resolution
- On the affected endpoint, go to the following repositories and download the corresponding certificates:
Repository Certificates Microsoft - Microsoft Identification Verification Root Certificate Authority 2020
Digicert - Baltimore CyberTrust Root
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
Starfield Technologies - Starfield Class 2 Certification Authority Root Certificate - G2
- Starfield Class 2 Certification Authority Root Certificate
Sectigo/COMODO - AAA Certificate Services
- Import security certificates to the Trusted Root Certification Authorities store.
- Refer to the instructions in Microsoft's article Manage Trusted Root Certificates.
- For the Verisign Universal Root Certification Authority certificate, export one from an endpoint with a working certificate.