Current Version plugins

Add McAfee products to the list of security products that don't play well with latest Windows patches

When Microsoft released the monthly cumulative updates for Windows 7, Windows 8.1, and Server products, no one could imagine what a nightmare these patches would become for many system administrators.

Microsoft acknowledged two days later that something was not alright, and that the updates caused compatibility issues with certain Sophos and Avast security products. Microsoft added products by Avast and ArcaBit to the list of known issues later that week.

Users and the security companies reported that devices might fail to boot or appear frozen or locked for a long period of time. The only solution back then was to uninstall the updates to resolve the issue.

mcafee issue windows patches

Today, Microsoft added products from another security company — McAfee — to the list of products that did not like the newly released update.

Patch notes for KB4493472 and KB4493446, the cumulative monthly rollup updates for Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows Server 2012 R2, highlight the issue:

Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.

Microsoft lists McAfee Security (ENS) Threat Prevention 10.x and McAfee Host Intrusion Prevention (Host IPS) 8.0 specifically, and links to McAfee support articles (here, and here).

McAfee provides some insight on the cause of the issue, and it seems likely that it is the same cause for all systems with affected security products.

Changes in the Windows April 2019 update for Client Server Runtime Subsystem (CSRSS) introduced a potential deadlock with ENS.

The company’s workaround suggests that system administrators should “disable any Access Protection rule that protects a service”.

Woody Leonard notes — correctly — that the “announcement’s strange” as Microsoft lists the issue only for the monthly rollup patches but not the security-only patches. The security-only patches list issues with Sophos, Avira, and Avast products only; ArcaBit and McAfee are missing.

Are not devices with security-only patches and McAfee or ArcaBit software installed affected as well? Woody suggests that it could be “sloppy documentation”; it would not be the first time that Microsoft’s provided documentation lacks vital information.

Anyway, if you run an Enterprise security solution on devices running any of the affected operating systems, you better avoid the released patches until things are sorted out. At the very least, create a backup on a single machine, apply the update and monitor the behavior carefully.

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Add McAfee products to the list of security products that don’t play well with latest Windows patches appeared first on gHacks Technology News.


Leave a Comment

Your email address will not be published. Required fields are marked *

Menu Title