Summary

Threat actors are constantly looking to exploit trusted tools. This update helps ensure PDQ products continue to run safely in verified environments. This is strictly preventative on our part. Your data, systems, PDQ applications, and certificates are all secure. To maintain access, update to the latest product versions before October 18, 2025. SimpleMDM is not impacted.

Before you start

• Who’s impacted: PDQ Deploy, PDQ Inventory, PDQ Connect, and SmartDeploy customers.
• Not impacted: SimpleMDM.
• Why this is happening: Malicious actors sometimes try to abuse trusted IT tools across the industry. Rotating certificates helps ensure PDQ software only runs in trusted, verified environments.

What happened

We rotated (replaced) the signing certificate used to validate PDQ products. Certificates used by older versions will be revoked on October 18, 2025. After that date, older builds may fail to launch, install, or validate.

What you need to do

PDQ Deploy & PDQ Inventory

1. Update to the latest versions:
   • In the lower-right corner of Deploy or Inventory, click A new version is available, or
     
   • Log in at portal.pdq.com to download the latest installers.
2. Run the installers to update your products.
3. Restart your PDQ services or console to activate the new certificate.
4. AllSigned environments (refers to PowerShell execution policies): Add the new PDQ certificate to your Trusted Root CA Store so signed deployments continue to run smoothly. Guidance on this process is available here: All Signed PowerShell Execution Policy

SmartDeploy

1. From the SmartDeploy Desktop Console, select Update available, or download the latest version at app.smartdeploy.com.
   
2. Run the installer to update.
3. Update SmartDeploy clients:
   • In Computer Management, select client devices and click Update Client.
   • Additional guidance is located here: Updating the SmartDeploy Client

PDQ Connect

• Agents will auto-update in the background to 5.10.5 or later when devices remain online — no manual action needed in most environments.
• If an agent isn't updated to 5.10.5 or later by October 18, 2025, you’ll need to manually reinstall the agent.
• AllSigned environments (refers to PowerShell execution policies): Add the new PDQ certificate to your Trusted Root CA Store so signed deployments continue to run smoothly. Guidance on this process is available here: PDQ Connect and All Signed PowerShell Environments

Verify and troubleshoot

• Connect agent version: In Connect, check the Agent version column on the Devices page. Confirm 5.10.5 or later.
• If older versions are blocked or flagged: Update using the steps above. Once updated, flags should clear as the new certificate is recognized.
• If Deploy/Inventory won’t start after updating: Restart the PDQ services or the console to ensure the new certificate is active.

FAQ

Is this a breach?
No. This is a preventative measure. There has been no compromise to PDQ customers, applications, systems, or certificates.

Why the deadline?
The previous certificate will be revoked after October 18, 2025. Updating ensures your software continues to validate and function normally.

Do trials or SimpleMDM change?
SimpleMDM is not affected. This article is for existing customers; pre-trial access changes are handled elsewhere and aren’t required here.

Need help?

• PDQ Deploy & Inventory Support: Submit a ticket
• PDQ Connect Support: Submit a ticket
• SmartDeploy Support: Submit a ticket
• Community Discord: Join the conversation