May 2019 updates for Windows 7 and Server 2008 R2 don't play nice with McAfee or Sophos software, again - gHacks Tech News

May 2019 updates for Windows 7 and Server 2008 R2 don't play nice with McAfee or Sophos software, again

It seems that the saying "history repeats itself" is true, at least when it comes to Microsoft patches. Microsoft released updates for all supported versions of Windows -- client and server -- on the May 2019 Patch Day.

We covered the updates in our monthly security updates overview for Windows. Microsoft confirmed two issue: an update might be installed twice on affected systems, and some UK government sites were not accessible in Internet Explorer 11 or Microsoft Edge.

Microsoft added gov.uk to the list of HTTP Strict Transport Security Top Level Domains, and that caused issues for government sites that did not support it.

Things looked better compared to last month. Several Enterprise-focused security products did not play nicely with last month's updates for Windows 7, Windows 8.1, Windows 10, and the Server variants.

Security companies Sophos, Avast, Avira, ArcaBit and McAfee acknowledged issues with last month's updates. Machines would not boot into Windows anymore and appeared frozen or locked on startup.

Patch notes suggest that the issues are fixed. The monthly rollup patch KB4493472 for Windows 7 SP1 and Windows Server 2008 R2 SP1 states that the issues with security software has been resolved and that Microsoft removed the temporary update block as a consequence.

Fast forward to May 2019. If you check the known issues of the monthly rollup patch KB4499164 for Windows 7 and Windows Server 2008 R2, you may have a deja vu when you go through the known issues.

mcafee issue windows

A new issue, added on May 18, 2019 suggests that systems with McAfee security products installed may freeze, hang or start very slowly after update installation.

Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.

The known issue and the listed products are identical. McAfee updated its knowledge center on May 14 (the Patch Day) and May 16 (Endpoint Security), and on May 17 (VirusScan Enterprise).

McAfee reveals that all Microsoft updates released in April 2019 or later are known to cause the issues. Workarounds should work for the May 2019 updates as well.

sophos updates issue

Sophos is not listed by Microsoft but Sophos published a support article that suggests that the May 2014 updates are causing issues on Windows 7 and Windows Server 2008 R2 devices after installation. (via Ask Woody)

We have had an increase in customers reporting that following on from the Microsoft Windows 14th May patches they are experiencing a hang on boot where the machines appear to get stuck on "Configuring 30%"

Both issues appear to be limited to Windows 7 and Windows Server 2008 R2 updates. It is possible that the products of other security companies are affected by the issue again as well but that has not been confirmed.

Open questions:

  • Is the issue limited to Windows 7 and Windows Server 2008 R2?
  • Is the security-only update affected? Microsoft says no (McAfee), Sophos says yes for its products.
  • Are all other security products unaffected by the issue?

Closing Words

The issue is limited to Enterprise security software; Home users and small businesses should not run into these issues. It is still a good idea to create backups before updates are installed, and to wait with the installation of updates until absolutely necessary (e.g. active exploit of security issues or major bug fixes).

Now You: Any bets for next month's updates?

Summary
May 2019 updates for Windows 7 and Server 2008 R2 don't play nice with McAfee or Sophos software, again
Article Name
May 2019 updates for Windows 7 and Server 2008 R2 don't play nice with McAfee or Sophos software, again
Description
The May 2019 updates for Windows 7 SP1 and Windows Server 2008 R2 cause conflicts with certain security products (McAfee and Sophos confirmed).
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. anon said on May 20, 2019 at 1:37 pm
    Reply

    It’s time to blame third-party software for not being resilient enough to Windows changes, which means that they’re relying on bad programming practices.

    Just use Microsoft Security Essentials on Windows 7 or Windows Defender on Windows 8.1 and 10 on your PC and Microsoft’s equivalent enterprise solutions if it’s a work device.

    1. Bobby Phoenix said on May 20, 2019 at 2:32 pm
      Reply

      Agree 100%.

    2. ilev said on May 20, 2019 at 5:53 pm
      Reply

      It is time to take Microsoft to court for inflicting $Trillions in damages each month with unreliable, untested… updates.
      Microsoft has changed some fundamental components in kernel without notifying major A/V software developers and without testing in house before spreading malware updates to Enterprise PCs.
      Microsoft Defender… is just junk A/V software not suitable to use.

      1. Jack said on May 20, 2019 at 7:29 pm
        Reply

        Agree 100%

  2. chesscanoe said on May 20, 2019 at 1:57 pm
    Reply

    I got my current laptop when Windows 10 x64 Home was first released and have installed all Microsoft fixes shortly after they have been released. I do not recall a killer problem ever with this approach and have enjoyed the many improvements and fixes provided this way. It’s a mostly shame on Microsoft and application owners when shortcutting testing burns so many, but I and I suspect many others are happy campers.

  3. Dave said on May 20, 2019 at 4:14 pm
    Reply

    McAfee is crap, it’s creator, John McAfee says so.

    1. CJ said on June 4, 2019 at 4:19 pm
      Reply

      agree

  4. Jim said on May 20, 2019 at 5:05 pm
    Reply

    So far I’ve been lucky and none of this has impacted Mom, who is still on Windows 7, (She uses Norton(. But 2020 can’t come fast enough, so that I can migrate her to Linux.

    Her best friend already got a Chromebook and loves it.

    1. Jody Thornton said on May 20, 2019 at 5:36 pm
      Reply

      I would love a Chromebook if I could easily figure out a way to get a different Linux build on it (like Q4OS or Puppy)

      1. Jim said on May 20, 2019 at 8:29 pm
        Reply

        With some of them, it can be done. But this is potentially dangerous, as you are messing with the firmware on the device, basically converting it into a generic PC and kicking off Chrome OS completely and if something goes wrong with the firmware flash, it might get bricked.

        https://www.youtube.com/watch?v=AxsckwmRhfw

        (I did not make this video)

  5. Yuliya said on May 20, 2019 at 5:35 pm
    Reply

    McAfee or Sophos software don’t play nice with May 2019 updates for Windows 7 and Server 2008 R2, again
    I think would be the appropriate title. Shouldn’t these companies test their sowftware against the preview patches which MS is releasing? And as others have already stated, just stick with MSE/Defender, if you need an a/v – if you don’t just kill that one also, saves your resources and potential headaches.

    1. Harro Glööckler said on May 21, 2019 at 7:40 am
      Reply

      Nah, why test if it’s easier to blame “evil Microsoft” and their “crappy Windows” when something doesn’t work. The same happened with 1809 and some device drivers…wtf you had insider versions almost a year before the release and you couldn’t make your stuff compatible? That’s just laziness combined with blame-shifting, nothing else…sadly no customer will blame Intel for their broken GPU drivers or any of those incompetent 6 antivirus companies, just Win 10 and the updates.

  6. Mork said on May 20, 2019 at 7:56 pm
    Reply

    If only there existed some OS that doesn’t need antivirus, and wouldn’t get completely soiled garbage updates every month. Oh well, maybe sometime in the future.

    1. Peterc said on May 21, 2019 at 9:29 pm
      Reply

      @Mork:

      Yes, if only there *were* such an OS. And you know what would make it even better? If it were *free* and you could install it on whatever hardware-compatible machine you wanted to! Oh well, in the meantime I guess we can only dream… ;-)

  7. Richard Steven Hack said on May 20, 2019 at 10:35 pm
    Reply

    Pretty obvious that Microsoft is not caring about problems on Windows 7 or Server 2008, since they’d prefer those enterprises still on those systems move to Windows 10 and Server 2016 or 2019.

    This is par for the Microsoft “cause pain until you upgrade” policy.

  8. Peterc said on May 21, 2019 at 4:51 pm
    Reply

    My dad’s backup laptop runs Windows 7 Enterprise and Sophos Endpoint Security and Control. Tech support at his work does the initial OS installation and setup, but subsequent maintenance (for laptops and home-office desktops, at least) falls to users. Where my dad is concerned, that means maintenance falls to *me*. This makes two months in a row that I’ve been unable to install “critical” security updates on his Windows 7 laptop, and this month, one of the patched vulnerabilities is expected to be targeted by potentially serious real-world exploits in the near future. Accordingly, I asked my dad to ask tech support at his work to recommend an acceptable alternative antivirus. My first choice would be Kaspersky, but I don’t know whether his work and institution are covered by the US government ban.

    Okay, that was my calm, rational response. My emotional response is: *WTF*, Sophos?

  9. Scott W said on May 21, 2019 at 5:29 pm
    Reply

    How does the sequence go when MS releases a patch with important security fixes in it, but soon discovers that it corrupts or hangs many users’ systems? For example, the April 2019 rollup did this on Windows 7. Many users can’t or won’t install the buggy patch. But they need the security fix it was originally intended for. Does MS revise the buggy patch? If so, does it retain the same KB number or get a new one? Or for monthy rollups, does the next monthly rollup contain the security fix from the last one without the bug?

  10. Andy said on May 23, 2019 at 10:41 am
    Reply

    The May patch KB4499164 causes very slow startup (like 20minutes) on our machines with Sophos. We have to manually remove it and then hide it.

  11. Anthony Lombardo said on May 24, 2019 at 12:57 am
    Reply

    The update seems to have impacted Symantec EPP. As a fix, I found if you remove the page pool then reinstall it, the problem seems to go away. It also seems that it impacted only my VM’s physical machines seemed fine.

  12. cdg said on May 27, 2019 at 7:00 am
    Reply

    Despite M$ propaganda, the problem is NOT limited to McAfee and Sophos, or any third party applications. The same problem occurs without any of the aforementioned installed. M$ can’t solve a problem while they falsely blame it on others.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.

Be polite: we do not allow comments that threaten or harass, or are personal attacks. Please leave politics and religion out of discussions!