We have noticed on a few recent updates the install packages are being recognized from an unknown developer and we have to whitelist or do a work around to get the update installed. It is frustrating having to do this. Is there a process in which all updates are tested to make sure they are digitally signed or whatever needs to happen so Windows or MacOS does not think its a suspicious install package?
We've been seeing something similar with DLL files being blocked. We have Defender for Endpoint P2 licensing with ASR rules in place and we're finding that the rule for Block executable files from running unless they meet a prevalence, age, or trusted list criterion is blocking updates on our technicians' workstations. We've added exclusions based on digital signatures for the executables, but the DLL files are also getting blocked and are not digitally signed.
It's become a royal PITA every time an update is rolled out.
This would also be helpful with AV/script monitoring tools like Cylance to prevent Automate scripts from being flagged as suspicious. In Cylance, adding the signing certificate for Automate would allow seamless and secure operation of Automate with script blocking enabled IF all scripts generated by Automate are signed with this certificate.