Report: Windows 7 PCs without antivirus solution can't receive new updates
A report on Myce suggests that Windows 7 PCs without installed antivirus solutions can't receive new updates via Windows Update anymore unless a change is made to the Windows Registry.
Microsoft identified a compatibility issue with "Windows security updates released in January [2018] and a small number of antivirus products".
Some antivirus products "make unsupported calls into Windows kernel memory" which can lead to blue screen errors on systems these products are installed on. The company states that devices that run incompatible software may not boot properly anymore.
Any antivirus solution for Windows needs to set a key in the Windows Registry to confirm to the operating system that it is compatible and does not use these banned methods anymore.
Windows PCs that don't have the Registry key set won't receive security updates anymore according to Microsoft.
Microsoft security products such as Windows Defender Antivirus, System Center Endpoint Protection and Microsoft Security Essentials are compatible with the new requirements and set the required Registry key if no third-party solution is installed.
Microsoft's Windows 7 operating system is special as it only includes a security tool called Defender which is limited when compared to Windows Defender or Microsoft Security Essentials. Defender won't set the Registry key which means that Windows 7 systems without installed antivirus solution won't have the key in the Registry set.
This means ultimately that affected systems don't receive security updates despite the fact that they are still supported by Microsoft. Support for Windows 7 ends on January 14, 2020.
Microsoft recommends that Microsoft Security Essentials or a compatible third-party antivirus application is installed on affected Windows 7 machines to resolve the issue.
In a default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1, customers will not have an antivirus application installed by default. In these situations, Microsoft recommends installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party anti-virus application. The anti-virus software must set a registry key as described below in order to receive the latest Windows security updates.
Set the Registry key to enable updates again
Windows 7 administrators can set the required Registry key manually on the other hand. This should not cause issues on the machine as no incompatible antivirus solution is installed (none is installed).
- Tap on the Windows-key and type regedit.exe to launch the built-in Registry Editor.
- Confirm the UAC prompt if it is displayed.
- Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
- Right-click on QualityCompat and select New > Dword (32-bit) Value.
- Name it cadca5fe-87d3-4b96-b7fb-a231484277cc
- Give it the value 0
You can download the following Registry file instead and run it on machines to add the Registry key directly. Download it with a click on the following link: (Download Removed)
Related articles
- Bypass for Windows Update lock for next-gen processors found
- Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities
- Microsoft Security Updates January 2018 release
- Microsoft Security Updates February 2018 release
- Windows Update KB4078130 deactivates Spectre Patch
So every currently supported Windows version is affected, unless for one who would pretend that defender is not just an “antivirus solution” but a mandatory part of Windows 8-10 (I won’t judge).
Only old defender is affecter, unlike win10. Did u read the article?
That’s only partly true. On Windows 8.1 user can disable Windows Defender. On Widows 10 user can’t do that in supported way without installing another antivirus SW.
Windows Server 2016 in not affected by hat logic either.
I think the same thing happened to my windows 10 machine that I had to manually update for the last 2 months.
Immediately after applying the reg it was able to find the flash update from 6/2/2018
Windows 10 don’t have this problem because of integrated Windows Defender ….so you maybe had incompatible 3party antivirus…
Windows Defender is disabled and no antivirus is running.
That’s answer ! :-)
Registry key is delivered via antivirus definitions. If you have antivirus disabled, then defender could not create that key.
My updates are disabled so this doesn’t really affect me.
As a computer consultant I see quite a few malfunctioning systems. The troublesome part though is that in the last year those malfunctioning computers resulted from one crypto-virus issue. All the rest were computers that had ceased to function because of some kind of Microsoft update. Luckily, precious few of my customers want Windows 10 so I only need to support a handful of unfortunate Win 10 users, but they make up the bulk of my “emergency” calls.
Let’s face it folks, Windows 10 will be the death of Windows. Every bad idea at Microsoft seems to stem from Win 10. Win 7 was fine until the same brain dead individuals involved with Win 10 (and 8/8.1) decided to trickle down the win 10 garbage to Win 7.
Let’s get back to granular updates.
Let’s return to well laid out menus and start bars.
Let’s kill all that telemetry for good.
Let’s really kill Cortana.
And let’s stop thinking a desktop operating system has anything to do with a fluff phone operating system. Heck, windows phone couldn’t even make it as a phone operating system. Why a company would bet the farm on a failed project like windows Phone totally eludes me.
I’m really curious to see what Microsoft does in 2020 when windows 7 still holds 47% of the user base. And no, I don’t think that’s an unrealistic percentage. The Win 10 “HATE” I see every day will translate into a definite roadblock for Microsoft. Boy have they squandered their goodwill and reputation.
I wont receive updates as well as I blocked all Microsoft’s updates on my Windows 7, 3 years ago.
My 6 years old laptop works like a charm and I haven’t seen a BSOD, crash….. in 3 years.
Hello, I can confirm it. Windows 7 or Windows 2008 R2 without antivirus need that registry key deployed (possibly via group policy) to offer Windows updates…
Only think that I know understand is why is why write about it now…January updates was impacted also…
It is funny how MS pushes to deep throat its “update windows or die” policy, yet it makes those “strange” mistakes in windows 7.
Due to that both Meltdown and Spectre has been known since at least 1985 according to a Swedish IT site for corporations, i haven’t cared to install these patches. Why install something that gives Your computer worse performance than it already has ? I also use WSUS Offline Installer every sixth month, just to be sure i don’t install buggy updates (99% of Microsoft’s updates are buggy today)
@seeprime, there was a story on beepingcomputer.com on 4th Jan which described the issues arising from both meltdown and spectre and incompatible antivirus programs.
https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/
They made reference to a google docs file which listed most of the AV programs:-
https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true
We who don’t use Google anymore, where can we find that list ?
You don’t need to have a Google account to see Google Docs.
True, but that doesn’t really solve anything if you’re avoiding Google.
The story contradicts the title and the 3rd sentence ends with “, so microsoft.” I’ve never seen such sloppy writing here before. Have a hard, or fun, night?
I know that you intended to say. Maybe “Windows 7 PC’s with anti-virus programs that Microsoft has deemed incompatible will be blocked from updating.” would be clearer?
Most of journalists in my country (FRANCE) are paid by the arms industry, the chemical industry, the pharmaceutical industry, banks, etc. You can call that “sloppy writing”, clickbaity title, etc, but what is clear is Martin is a good and sincere journalist compared to all the mafia mentioned above. So please keep your unpleasant remarks for yourself. Thanks.
Problem is that PCs without any anti-virus also won’t get updates as there’s no “compatible” anti-virus tool on the system to set the registry key. Hence, the article title is correct.
The issue here is that this situation has been handled in an awful way by MS. I can understand them stopping updates temporarily if you have a dodgy AV on your system to stop the system from being bricked, but the simple registry key handling of this is very poor. No warning dialogs or any other information to advise users that they don’t have compatible AV and therefore aren’t receiving security updates? No checks by the system to confirm there is no AV and therefore allow updates? MS know how to do this as if you leave AV off your system, Security Centre constantly moans at you for this.
Whether you love or loathe Microsoft, this particular issue has been handled in a dreadfully amateurish way by them.
Oh, and how long before malware writers realise that you can stop all security updates on a Windows 7 PC simply by tweaking a registry key – and the user won’t get any warnings that updates are not being installed?
“and the user won’t get any warnings that updates are not being installed?”
I think that this registry key solution is only temporary. At some point, MS will be confident that most antivirus SW are already compatible and disable this registy control…
Dave, you just criticized his grammar with at least three grammar mistakes of your own. He provided informative information on the stupid decisions that Microsoft is making. I appreciate that effort.
@Tony
Muphry’s law is an eternal truth.
I agree, very clickbaity title. The quality of journalism certainly hasn’t been the highest recently.
Hello, it is not clickbait. If you don’t have antivirus, you don’t have that registry key and you don’t have updates (from january)
You can test it on some virtual machine :)
I can’t seem to find which specific antivirus programs are still using the kernel, which allows some buffer overflow errors that actually makes the AV program a conduit for infection. So, does anyone have a current list of the non-compliance programs? Microsoft apparently doesn’t want to be sued again by their “partners”, who have had a very long time to tighten up their code.
I can tell you Webroot is compatible.
So is Panda Free, and it’s top rated.
Portable(s) an issue? I see they are not mentioned in the article. So they work as long as the user has the Pro version of W7 (or higher) and the registry is updated as per the article
OMG This is insane
Just now i realised why i didn’t saw any security updates since the new year, after i applied the reg key i got 3 Security monthly quality rollup 226 mb in size
a big thanks to you martin for bringing this issue to our attention, and a double middle finger to you Microsoft.
Is there anyone at microsoft who’s still got a functional brain? Who the hell approves these moronic ideas there?
The functional brains at Microsoft got sacked some years ago. Today, only idiots, work for Microsoft !