+34 900 840 407

Installation requirements of Cytomic products for Windows

Related Products_
  • Cytomic EPDR
  • Cytomic EDR
Supported Operating Systems_
  • Workstations with an x86 or x64 microprocessor
    • Windows XP SP3 (32-bit)
    • Windows Vista (32-bit and 64-bit)
    • Windows 7 (32-bit and 64-bit)
    • Windows 8 (32-bit and 64-bit)
    • Windows 8.1 (32-bit and 64-bit)
    • Windows 10 (32-bit and 64-bit)
    • Windows 11 (64-bit)
      Supported from Cytomic Windows protection version
  • Computers with an ARM microprocessor
    • Windows 10 Pro
    • Windows 10 Home
  • Servers with an x86 or x64 microprocessor
    • Windows 2003 (32-bit, 64-bit and R2) SP2 and later
    • Windows 2008 (32-bit and 64-bit) and 2008 R2
    • Windows Small Business Server 2011, 2012
    • Windows Server 2012 R2
    • Windows Server 2016 and 2019
    • Windows Server Core 2008, 2008 R2, 2012 R2, 2016 and 2019
    • Windows Server 2022 (64-bit)
      Supported from Cytomic Windows protection version
  • IoT and Windows Embedded Industry
    NOTE: Windows Embedded systems allow custom installations that could possibly impact the installation and working of the Cytomic protections. After you install the different protection modules, we recommend that you verify that they work correctly.

    • Windows XP Embedded
    • Windows Embedded for Point of Service
    • Windows Embedded POSReady 2009, 7, 7 (64 bits)
    • Windows Embedded Standard 2009, 7, 7 (64 bits), 8, 8 (64 bits),
    • Windows Embedded Pro 8, 8 (64 bits)
    • Windows Embedded Industry 8, 8 (64 bits), 8.1, 8.1 (64 bits)
    • Windows IoT Core 10, 10 (64 bits)
    • Windows IoT Enterprise 10, 10 (64 bits)
Hardware Requirements_
  • Processor: CPU with x86 or x64 architecture and with support of at least SSE2

Pre-checks before the installation

Verify that the processor meets the requirements:

  1. Download tool CPU-Z and run it on the computer where you want to install.
  2. CPU-Z will display the following, depending on whether the processor is supported or not:
    Processor VALID for the installation:
    Processor NOT VALID for the installation:
  • RAM: 1 Gbyte
  • Free space in disk for the installation: 650 Mbytes
Root Certificates_

Panda solutions require SHA-256 encryption algorithms in order to ensure secure communication between the endpoint and the Panda servers. However, certain operating systems, such as Windows XP SP3 and Windows 2003, do not include such certificates and ciphering methods by default. To solve this issue, please ensure the following Microsoft’s KBs are installed:

  • KB948963
    This KB adds support for the Windows Server 2003 cipher suites TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA and TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA AES. If it is not installed, please download the x64 or the x32 version accordingly.
    IMPORTANT! Please note that the download files are not hosted on a Microsoft official server as it is no longer supported. Should you require them in any other language, please contact Microsoft.
  • KB3072630
    This KB verifies the digital signature of the Panda installation packages and their corresponding files. If the computer does not have this KB, download it from here and install it.
    IMPORTANT! The installation requires restarting the computer.
  • KB3033929
    This KB adds SHA 256 support for Windows 7 and 2008. If it is not installed, download the x64 or x32 version from here.
  • KB4474419
    Adds Support to SHA-2 for Windows 7 + SP1 y Windows 2008 R2 + SP1. Access this link to download it.
  • KB4490628
    Adds Support to SHA-2 for Windows 7 + SP1 y Windows 2008 R2 + SP1. Access this link to download it.

Once the KBs mentioned above are installed, download and extract the content of the WESCertCheck.zip file (password: panda) and run the file called WESCertCheck.exe with administrator privileges from CMD or from Windows Explorer. If this continues failing, use the psexec tool to update the SYSTEM account certificate container.

Example: psexec.exe -s -i WESCertCheck.exe

X32 https://live.sysinternals.com/PsExec.exe
X64 https://live.sysinternals.com/PsExec64.exe

In Citrix environments we recommend running WESCertCheck.exe with the psexec tool.

NOTE: Windows 2008 R2 does not support TLS 1.2 natively, only by installing a patch available for certain winHTTP protocols. See article Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows for further details.

  • Rootsupd
    Microsoft tool to update the computer’s certificates. It has been withdrawn from the download site because Windows XP is no longer supported, so use it under your responsibility and preferably on a test box before you deploy it to more computers. Contact Microsoft for help if you have any questions.Download rootsupd, unzip the file (password panda) and run the rootsupd.exe file.
    NOTE: We strongly recommend to verify that the operating system does not block the execution of the rootsupd.exe file. To do so, go to the Properties of the file and unblock the file.
Requirements for Windows Exchange Platforms_

Supported operating systems

  • Exchange 2003: Windows Server 2003 32-bits SP2+ and Windows Server 2003 R2 32-bits
  • Exchange 2007: Windows Server 2003 64-bits SP2+, Windows Server 2003 R2 64-bits, Windows 2008 64-bits and Windows 2008 R2
  • Exchange 2010: Windows 2008 64-bits and Windows 2008 R2
  • Exchange 2013: Windows Server 2012 y Windows Server 2012 R2
  • Exchange 2016: Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016.
  • Exchange 2019: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019.

Hardware and software requirements

The hardware requirements to install the protection on Exchange servers are the ones determined by the Exchange Server:

Exchange versions supported

  • Microsoft Exchange Server 2003 Standard and Enterprise (SP1 / SP2)
  • Microsoft Exchange Server 2007 Standard and Enterprise (SP0 / SP1 / SP2 / SP3)
  • Microsoft Exchange Server 2007 included in Windows SBS 2008
  • Microsoft Exchange Server 2010 Standard and Enterprise (SP0 / SP1 / SP2)
  • Microsoft Exchange Server 2010 included and Windows SBS 2011
  • Microsoft Exchange Server 2013 Standard and Enterprise
  • Microsoft Exchange Server 2016 Standard and Enterprise
  • Microsoft Exchange Server 2019 Standard and Enterprise