• Yet another conflict acknowledged with this month’s Win7 and 8.1 Monthly Rollups, this time with McAfee Endpoint Security

    And the hits keep on rolling…

    Last night, Microsoft added a new “Known issues with this update” entry to both KB 4493472, this month’s Win7 and Server 2008 R2 Monthly Rollup, and to KB 4493446, this month’s Win8.1 and Server 2012 R2 Monthly Rollup.

    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.

    We are presently investigating this issue with McAfee.

    Guidance for McAfee customers can be found in the following McAfee support articles:

    McAfee Security (ENS) Threat Prevention 10.x

    McAfee Host Intrusion Prevention (Host IPS) 8.0

    Both of those links are to essentially identical pages, which state:

    Changes in the Windows April 2019 update for Client Server Runtime Subsystem (CSRSS) introduced a potential deadlock with ENS.

    Workaround: Disable any Access Protection rule that protects a service.

    The announcement’s strange, not so much for what it contains (we’ve had similar reports for Sophos, Avast and Avira), but for what it doesn’t contain.

    First, the corresponding Security-only patches don’t have the same admonition. With Sophos, Avast and Avira we also got warnings for this month’s Win7 and 8.1 Security-only patches.

    Second, there’s no announcement for Server 2018.

    Third… why did it take so long? The bad patch is ten days old.

    The first two points may just be sloppy documentation. Heaven knows we’ve seen a lot of that lately. But the third one has me scratching my well-scratched pate.

    I’ll have more on this in Monday morning’s AskWoody Plus Newsletter.