Report: Windows 7 PCs without antivirus solution can't receive new updates - gHacks Tech News

Report: Windows 7 PCs without antivirus solution can't receive new updates

A report on Myce suggests that Windows 7 PCs without installed antivirus solutions can't receive new updates via Windows Update anymore unless a change is made to the Windows Registry.

Microsoft identified a compatibility issue with "Windows security updates released in January [2018] and a small number of antivirus products".

Some antivirus products "make unsupported calls into Windows kernel memory" which can lead to blue screen errors on systems these products are installed on. The company states that devices that run incompatible software may not boot properly anymore.

Any antivirus solution for Windows needs to set a key in the Windows Registry to confirm to the operating system that it is compatible and does not use these banned methods anymore.

Windows PCs that don't have the Registry key set won't receive security updates anymore according to Microsoft.

Microsoft security products such as Windows Defender Antivirus, System Center Endpoint Protection and Microsoft Security Essentials are compatible with the new requirements and set the required Registry key if no third-party solution is installed.

Microsoft's Windows 7 operating system is special as it only includes a security tool called Defender which is limited when compared to Windows Defender or Microsoft Security Essentials. Defender won't set the Registry key which means that Windows 7 systems without installed antivirus solution won't have the key in the Registry set.

This means ultimately that affected systems don't receive security updates despite the fact that they are still supported by Microsoft. Support for Windows 7 ends on January 14, 2020.

Microsoft recommends that Microsoft Security Essentials or a compatible third-party antivirus application is installed on affected Windows 7 machines to resolve the issue.

In a default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1, customers will not have an antivirus application installed by default. In these situations, Microsoft recommends installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party anti-virus application. The anti-virus software must set a registry key as described below in order to receive the latest Windows security updates.

Set the Registry key to enable updates again

antivirus registry key windows

Windows 7 administrators can set the required Registry key manually on the other hand. This should not cause issues on the machine as no incompatible antivirus solution is installed (none is installed).

  1. Tap on the Windows-key and type regedit.exe to launch the built-in Registry Editor.
  2. Confirm the UAC prompt if it is displayed.
  3. Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
  4. Right-click on QualityCompat and select New > Dword (32-bit) Value.
  5. Name it cadca5fe-87d3-4b96-b7fb-a231484277cc
  6. Give it the value 0

You can download the following Registry file instead and run it on machines to add the Registry key directly. Download it with a click on the following link: SetAntivirusRegistryKeyWindows.zip

Related articles

Summary
Report: Windows 7 PCs without antivirus solution can't receive new updates
Article Name
Report: Windows 7 PCs without antivirus solution can't receive new updates
Description
A report on Myce suggests that Windows 7 PCs without installed antivirus solutions can't receive new updates via Windows Update anymore unless a change is made to the Windows Registry.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Yuliya said on February 27, 2018 at 9:47 pm
    Reply

    Is there anyone at microsoft who’s still got a functional brain? Who the hell approves these moronic ideas there?

    1. Stefan said on February 28, 2018 at 8:14 am
      Reply

      The functional brains at Microsoft got sacked some years ago. Today, only idiots, work for Microsoft !

  2. klementin said on February 27, 2018 at 11:19 pm
    Reply

    OMG This is insane

    Just now i realised why i didn’t saw any security updates since the new year, after i applied the reg key i got 3 Security monthly quality rollup 226 mb in size

    a big thanks to you martin for bringing this issue to our attention, and a double middle finger to you Microsoft.

  3. LD said on February 27, 2018 at 11:46 pm
    Reply

    Portable(s) an issue? I see they are not mentioned in the article. So they work as long as the user has the Pro version of W7 (or higher) and the registry is updated as per the article

  4. seeprime said on February 28, 2018 at 12:08 am
    Reply

    I can’t seem to find which specific antivirus programs are still using the kernel, which allows some buffer overflow errors that actually makes the AV program a conduit for infection. So, does anyone have a current list of the non-compliance programs? Microsoft apparently doesn’t want to be sued again by their “partners”, who have had a very long time to tighten up their code.

    1. Dave said on February 28, 2018 at 2:48 am
      Reply

      I can tell you Webroot is compatible.

      1. DVDRambo said on February 28, 2018 at 5:07 am
        Reply

        So is Panda Free, and it’s top rated.

  5. Dave said on February 28, 2018 at 2:47 am
    Reply

    The story contradicts the title and the 3rd sentence ends with “, so microsoft.” I’ve never seen such sloppy writing here before. Have a hard, or fun, night?

    I know that you intended to say. Maybe “Windows 7 PC’s with anti-virus programs that Microsoft has deemed incompatible will be blocked from updating.” would be clearer?

    1. Jed said on February 28, 2018 at 3:27 am
      Reply

      I agree, very clickbaity title. The quality of journalism certainly hasn’t been the highest recently.

      1. WSUS said on February 28, 2018 at 5:16 pm
        Reply

        Hello, it is not clickbait. If you don’t have antivirus, you don’t have that registry key and you don’t have updates (from january)
        You can test it on some virtual machine :)

    2. Tony said on February 28, 2018 at 5:04 am
      Reply

      Dave, you just criticized his grammar with at least three grammar mistakes of your own. He provided informative information on the stupid decisions that Microsoft is making. I appreciate that effort.

      1. John Fenderson said on February 28, 2018 at 5:46 pm
        Reply

        @Tony

        Muphry’s law is an eternal truth.

    3. DaveyK said on February 28, 2018 at 9:22 am
      Reply

      Problem is that PCs without any anti-virus also won’t get updates as there’s no “compatible” anti-virus tool on the system to set the registry key. Hence, the article title is correct.

      The issue here is that this situation has been handled in an awful way by MS. I can understand them stopping updates temporarily if you have a dodgy AV on your system to stop the system from being bricked, but the simple registry key handling of this is very poor. No warning dialogs or any other information to advise users that they don’t have compatible AV and therefore aren’t receiving security updates? No checks by the system to confirm there is no AV and therefore allow updates? MS know how to do this as if you leave AV off your system, Security Centre constantly moans at you for this.

      Whether you love or loathe Microsoft, this particular issue has been handled in a dreadfully amateurish way by them.

      Oh, and how long before malware writers realise that you can stop all security updates on a Windows 7 PC simply by tweaking a registry key – and the user won’t get any warnings that updates are not being installed?

      1. WSUS said on February 28, 2018 at 5:18 pm
        Reply

        “and the user won’t get any warnings that updates are not being installed?”

        I think that this registry key solution is only temporary. At some point, MS will be confident that most antivirus SW are already compatible and disable this registy control…

    4. Anonymous said on February 28, 2018 at 2:20 pm
      Reply

      Most of journalists in my country (FRANCE) are paid by the arms industry, the chemical industry, the pharmaceutical industry, banks, etc. You can call that “sloppy writing”, clickbaity title, etc, but what is clear is Martin is a good and sincere journalist compared to all the mafia mentioned above. So please keep your unpleasant remarks for yourself. Thanks.

  6. Tony C said on February 28, 2018 at 2:52 am
    Reply

    @seeprime, there was a story on beepingcomputer.com on 4th Jan which described the issues arising from both meltdown and spectre and incompatible antivirus programs.

    https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/

    They made reference to a google docs file which listed most of the AV programs:-

    https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

    1. Stefan said on February 28, 2018 at 8:23 am
      Reply

      We who don’t use Google anymore, where can we find that list ?

      1. Paul's Dad. said on February 28, 2018 at 1:33 pm
        Reply

        You don’t need to have a Google account to see Google Docs.

      2. John Fenderson said on February 28, 2018 at 5:49 pm
        Reply

        True, but that doesn’t really solve anything if you’re avoiding Google.

  7. Stefan said on February 28, 2018 at 8:20 am
    Reply

    Due to that both Meltdown and Spectre has been known since at least 1985 according to a Swedish IT site for corporations, i haven’t cared to install these patches. Why install something that gives Your computer worse performance than it already has ? I also use WSUS Offline Installer every sixth month, just to be sure i don’t install buggy updates (99% of Microsoft’s updates are buggy today)

  8. o_O said on February 28, 2018 at 1:46 pm
    Reply

    It is funny how MS pushes to deep throat its “update windows or die” policy, yet it makes those “strange” mistakes in windows 7.

  9. WSUS said on February 28, 2018 at 5:14 pm
    Reply

    Hello, I can confirm it. Windows 7 or Windows 2008 R2 without antivirus need that registry key deployed (possibly via group policy) to offer Windows updates…

    Only think that I know understand is why is why write about it now…January updates was impacted also…

  10. ilev said on February 28, 2018 at 5:30 pm
    Reply

    I wont receive updates as well as I blocked all Microsoft’s updates on my Windows 7, 3 years ago.
    My 6 years old laptop works like a charm and I haven’t seen a BSOD, crash….. in 3 years.

  11. Kevin said on March 1, 2018 at 5:26 am
    Reply

    As a computer consultant I see quite a few malfunctioning systems. The troublesome part though is that in the last year those malfunctioning computers resulted from one crypto-virus issue. All the rest were computers that had ceased to function because of some kind of Microsoft update. Luckily, precious few of my customers want Windows 10 so I only need to support a handful of unfortunate Win 10 users, but they make up the bulk of my “emergency” calls.

    Let’s face it folks, Windows 10 will be the death of Windows. Every bad idea at Microsoft seems to stem from Win 10. Win 7 was fine until the same brain dead individuals involved with Win 10 (and 8/8.1) decided to trickle down the win 10 garbage to Win 7.

    Let’s get back to granular updates.

    Let’s return to well laid out menus and start bars.

    Let’s kill all that telemetry for good.

    Let’s really kill Cortana.

    And let’s stop thinking a desktop operating system has anything to do with a fluff phone operating system. Heck, windows phone couldn’t even make it as a phone operating system. Why a company would bet the farm on a failed project like windows Phone totally eludes me.

    I’m really curious to see what Microsoft does in 2020 when windows 7 still holds 47% of the user base. And no, I don’t think that’s an unrealistic percentage. The Win 10 “HATE” I see every day will translate into a definite roadblock for Microsoft. Boy have they squandered their goodwill and reputation.

  12. TianlanSha said on March 1, 2018 at 9:56 am
    Reply

    My updates are disabled so this doesn’t really affect me.

  13. kinarky said on March 1, 2018 at 3:29 pm
    Reply

    I think the same thing happened to my windows 10 machine that I had to manually update for the last 2 months.
    Immediately after applying the reg it was able to find the flash update from 6/2/2018

    1. WSUS said on March 1, 2018 at 7:52 pm
      Reply

      Windows 10 don’t have this problem because of integrated Windows Defender ….so you maybe had incompatible 3party antivirus…

      1. kinarky said on March 3, 2018 at 4:16 am
        Reply

        Windows Defender is disabled and no antivirus is running.

      2. wsus said on March 3, 2018 at 9:07 am
        Reply

        That’s answer ! :-)

        Registry key is delivered via antivirus definitions. If you have antivirus disabled, then defender could not create that key.

  14. kinarky said on March 4, 2018 at 2:19 pm
    Reply

    So every currently supported Windows version is affected, unless for one who would pretend that defender is not just an “antivirus solution” but a mandatory part of Windows 8-10 (I won’t judge).

    1. WSUS said on March 4, 2018 at 3:46 pm
      Reply

      That’s only partly true. On Windows 8.1 user can disable Windows Defender. On Widows 10 user can’t do that in supported way without installing another antivirus SW.

      Windows Server 2016 in not affected by hat logic either.

    2. wut said on May 16, 2018 at 5:27 pm
      Reply

      Only old defender is affecter, unlike win10. Did u read the article?

Leave a Reply