Add McAfee products to the list of security products that don't play well with latest Windows patches
When Microsoft released the monthly cumulative updates for Windows 7, Windows 8.1, and Server products, no one could imagine what a nightmare these patches would become for many system administrators.
Microsoft acknowledged two days later that something was not alright, and that the updates caused compatibility issues with certain Sophos and Avast security products. Microsoft added products by Avast and ArcaBit to the list of known issues later that week.
Users and the security companies reported that devices might fail to boot or appear frozen or locked for a long period of time. The only solution back then was to uninstall the updates to resolve the issue.
Today, Microsoft added products from another security company -- McAfee -- to the list of products that did not like the newly released update.
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.
McAfee provides some insight on the cause of the issue, and it seems likely that it is the same cause for all systems with affected security products.
Changes in the Windows April 2019 update for Client Server Runtime Subsystem (CSRSS) introduced a potential deadlock with ENS.
The company's workaround suggests that system administrators should "disable any Access Protection rule that protects a service".
Woody Leonard notes -- correctly -- that the "announcement's strange" as Microsoft lists the issue only for the monthly rollup patches but not the security-only patches. The security-only patches list issues with Sophos, Avira, and Avast products only; ArcaBit and McAfee are missing.
Are not devices with security-only patches and McAfee or ArcaBit software installed affected as well? Woody suggests that it could be "sloppy documentation"; it would not be the first time that Microsoft's provided documentation lacks vital information.
Anyway, if you run an Enterprise security solution on devices running any of the affected operating systems, you better avoid the released patches until things are sorted out. At the very least, create a backup on a single machine, apply the update and monitor the behavior carefully.Advertisement