Attempting to download an Intelligent Updater package causes a warning notification by either Internet Explorer or Microsoft Edge that the file is not trusted. The warning still allows the file to be downloaded.
Internet Explorer: The signature of <file>.exe is corrupt or invalid.
The signature of this file is corrupt or invalid
A Microsoft security advisory deprecated the use of SHA-1 hashing for certificates on January 12, 2016. Any download of a signed file timestamped January 1, 2016 or later, without a SHA-2 (SHA-2 256) or better hash will be affected.
From Microsoft KB 3123479: “For customers running either Internet Explorer or Microsoft Edge who download a SHA-1 signed file from the Internet that is timestamped and released on January 1, 2016, or later, SmartScreen will mark the file as not trusted. This status does not prevent customers from downloading the file or running these browsers on their computers. But customers are warned of the not trusted status of the file.”
Symantec has added dual signing using SHA-1 and SHA-2 256 hashes to resolve this issue. This allows trust to be maintained on a legacy OS, such as Windows Server 2003 or Windows XP, while supporting the enhanced security offered by SHA-2.