Hi Jeff,

> We have a certificate that expires in a few months.
>
> Do the new Comodo certificates also support dual signing?

yes, the Comodo code-signing certificates support SHA-1, SHA-2 and
SHA-1/SHA-2. IMO, your current one should also be SHA-2 enabled. Comodo
supports SHA-2 for any Code-signing certificate issued after September 22,
2014 which expires after 2015.

You can use the following configuration:
http://www.lindersoft.com/forums/showthread.php?47199

Windows itself stopped accepting SHA-1 signed code and SHA-1 certificates
that are time stamped after 1 January 2016 amd have a
"Mark of the Web" attribute. A "Mark of the Web" attribute means that the
executable is flagged as downloaded from an untrusted source (e.g. the
Internet). Code signature status behavior might depend on specific Policy
settings and Trusted Zones, and SmartScreen data may be used to allow
certificates with good reputation.

Friedrich