Avira confirms that this month’s Win7 and Win10 patches slow down PCs running their AV products

Topic

New Reply

Details on this are a bit sketchy, but Avira just posted an explanation saying: Why does my system run very slow? We could reproduce the described beh
[See the full post at: Avira confirms that this month’s Win7 and Win10 patches slow down PCs running their AV products]

5 users thanked author for this post.

CyGuy, Geo, Myst, abbodi86, GreatAndPowerfulTech

Reply | Quote

Replies

Who tests this stuff, anyway??

5 users thanked author for this post.

deuce120, Geo, lurks about, Myst, woody

Reply | Quote

Let me guess.  The fix will be in the previews coming in two weeks?

Reply | Quote

Quite likely.

Reply | Quote

Unfortunately, not everyone knows about Woody’s and reads what is advised regularly here. Those of us who do, should know better than to install patches right away. Or to install them sooner than weeks after Patch Tuesday, except in some exceptional emergencies.

Unless one’s job makes it mandatory to patch everything right away, no matter what. Which, at this point, would seem like a good reason to start discreetly looking for another job.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

5 users thanked author for this post.

Lars220, Geo, lurks about, Myst, woody

Reply | Quote

My question is what is Microsoft doing that is now triggering issues with anti-virus products?

Red Ruffnsore

2 users thanked author for this post.

Myst, AlexEiffel

Reply | Quote

Mr. Natural wrote:

My question is what is Microsoft doing that is now triggering issues with anti-virus products?

Closing some of the holes & hooks that antivirus authors used to enable their products to see what they need to see. Malware authors are using the same vulnerabilities to ply their trade.

6 users thanked author for this post.

Myst, OscarCP, abbodi86, AlexEiffel, rc primak, woody

Reply | Quote

It all comes back to using undocumented APIs and inside the kernel drivers. These practices were bound to come back and bit end users in their b******** from the moment some vendors decided not to pay Microsoft for signed access inside the Windows (that the time Vista) 64-bit kernel.

Never blame on malice (Microsoft Updates) what can be explained by stupidity (the third party AV vendors and developers).

BTW, the main reason Windows Defender’s Protected Folders (anti-ransomware) feature must be turned off when you install and use third party security software is these same undocumented “back-doors”.  And some Windows security Updates don’t properly install even though they are listed in your Updates History as “Successfully Installed” when these undocumented “back-doors” are present and active. I’m not just talking about Feature Updates.

My advice is, if you are on at least Windows 10 Version 1709, ditch all active third party security products and use the Windows 10 Firewall, the Protected Folders feature and Windows Defender.

And stop blaming Microsoft for things which are not within Microsoft’s power to anticipate.

-- rc primak

4 users thanked author for this post.

CyGuy, OscarCP, AlexEiffel, Barry

Reply | Quote

I can’t speak for Susan but I know she’s been in favor of that position as well. (Just using w10 Defender) I have to admit I haven’t seen Microsoft so dedicated to AV protection since MS-DOS. I wonder why that is?…..

Red Ruffnsore

1 user thanked author for this post.

rc primak

Reply | Quote

Probably want you to use MSE or Defender instead.

1 user thanked author for this post.

rc primak

Reply | Quote

Like my fellow @ch100 once said, security updates and fixing vulnerabilities is about adding more restrictions and hardening the code

the risk of side effect issues will always be present 🙂

7 users thanked author for this post.

Myst, OscarCP, AlexEiffel, rc primak, woody, PKCano, Microfix

Reply | Quote

‘Can of worms’ and I don’t envy the the task, especially when attributes affect third party security. One small error, can result in huge consequences.
Heck, even parsers will need updating as the complexity of algorithms and code increase.
Moore’s law in code..whoah!

Keeping IT Lean, Clean and Mean!

Reply | Quote

Agree wholeheartedly, but….

If these patches were tested properly, the AV manufacturers would have a chance to fix their products and get the fixes out before they clobber all of their customers.

3 users thanked author for this post.

PKCano, lanceboil, AlexEiffel

Reply | Quote

The “error” is not within Microsoft Update. It is the third party AV companies using undocumented techniques to worm their way inside the Windows 64-bit kernel without paying for a signing license.

It is not up to Microsoft to test Windows for compatibility with third party software. That is the job of the third party developers. The only way a “testing” period would help here is if the patches were released to a specific group of Insiders who have each one of the third party security products assembled in every conceivable configuration. That would require an army.

Better to get at the problem at its roots, and rip out third party active security software and let Windows Defender and the Windows Firewall do their job. Not that there’s never been an update which clobbered Windows Defender…

-- rc primak

1 user thanked author for this post.

Microfix

Reply | Quote

any links to back this up?

Keeping IT Lean, Clean and Mean!

Reply | Quote

Third party antivirus and a critical Windows Defender security patch:

https://www.computerworld.com/article/3196124/third-party-antivirus-programs-interfere-with-windows-defender-critical-patch.html

Registry Key issue with third party antivirus:

https://tech.slashdot.org/story/18/01/09/1357228/microsoft-says-no-more-windows-security-updates-unless-avs-set-a-registry-key

CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

You’re fondling our kernel wrong, grumbles Microsoft

https://www.theregister.co.uk/2018/01/09/meltdown_patch_anti_malware_conflict/

Avoid Non-Microsoft Antivirus Software

https://news.ycombinator.com/item?id=13489100

Documented / Undocumented API – Why Should I care?

https://blogs.technet.microsoft.com/stefan_gossner/2005/07/27/documented-undocumented-api-why-should-i-care-part-1/

https://blogs.technet.microsoft.com/stefan_gossner/2005/07/27/documented-undocumented-api-why-should-i-care-part-2/

https://blogs.technet.microsoft.com/stefan_gossner/2005/07/27/documented-undocumented-api-why-should-i-care-part-3/

The list over the years goes on and on, and includes how some third party antivirus programs were spying on users, and how some browser APIs were making users less secure, not more secure.

So that’s the long form of why Microsoft has issues with third party software which uses undocumented APIs, and just what is meant by that term. There’s a long history of Microsoft Updates breaking programs which rely on undocumented APIs. The rest of the discussion rapidly gets in over my depth.

But it is a  long standing issue with third party antivirus, and has led to many Windows Updates issues. And other Windows issues.

And then there was this gem:

Creators Update breaks Windows Defender, users report

https://windowsreport.com/windows-defender-issues-creators-update/

So yeah, Windows Updates (Feature Updates) can break Microsoft’s own Windows Defender antivirus.

-- rc primak

5 users thanked author for this post.

Lars220, abbodi86, Geo, warrenrumak, Microfix

Reply | Quote

Thanks @rc-primak, I didn’t make the 2017 regkey connection.
This would explain why not one W8/10 using Defender has been affected
by these patches. It’s been third party AV’s who obviously have not complied with MS. Theoretically, W7 and MSE should be ok after patching although there has been no reports.

Keeping IT Lean, Clean and Mean!

1 user thanked author for this post.

rc primak

Reply | Quote

But Microsoft could test with the major AVs and save their customers a lot of headaches by warning the AVs ahead of time so it doesn’t BSOD everybody (IF they cared about their paying business customers – we already know they don’t care about the consumer fodder)

5 users thanked author for this post.

deuce120, AlexEiffel, Myst, OscarCP, woody

Reply | Quote

Unfortunately, there are so many possible security configurations using third party products that I fear this may be impractical. Who knows which settings or combination of products will trip a trigger inside of Windows? We’re talking about the kernel here, so effects may be very difficult to trace, and then recommend remedies. All before a patch can go live.

-- rc primak

Reply | Quote

Microsoft works with dozens of AV vendors.  A partial list is here. If all of the AV vendors are advised of needed changes, but a few of them don’t all fix their products in time… then what?

Microsoft scrambles at the last minute to remove security fixes from Windows?
Microsoft delays Patch Tuesday?

And what if the AV vendor’s fix is faulty?  Then what?

We also generally have to accept that AV vendors are -never- going to go out of their way to say they made a mistake.  Their business reputation depends on appearing to be competent.

4 users thanked author for this post.

abbodi86, Microfix, OscarCP, rc primak

Reply | Quote

Not to mention that some CVEs must be fixed before deadline (i.e. before disclosure or if there are active exploits)

1 user thanked author for this post.

rc primak

Reply | Quote

I just navigated here from Windows Secrets but for the life of me cannot find what used to be a “spreadsheets” forum … where is it now on this site?

1 user thanked author for this post.

woody

Reply | Quote

Welcome t AskWoody!

The “map” of the Forums is in the panel(woodgrain) on the right of the page at the bottom under “Forums.” See the spreadsheed Forum near the bottom of the screenshot. The topics are listed if you click on the link, or you can create your own topic at the bottom of the list.

1 user thanked author for this post.

woody

Reply | Quote

There’s also a hotlinked cross-reference on the Welcome! page.

In this case, look down the left side and when you hit Spreadsheets, click the link on the right side.

We haven’t yet started importing the Windows Secrets Topics (Questions) or Replies (Posts), but give us a few hours. In the interim, post away! Many of the VIPs you know from Windows Secrets are here to help.

Reply | Quote

So how does this AV problem get fixed? If it turned out that one’s AV is playing up as reported some already are, what can a user do to ford this nasty mess and reach the other shore, there to keep going with his/her work, or to continue enjoying the favorite online fun activities in relative safety? Find another AV? How to tell an OK one from a bad one? Any ideas?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Unfortunately, you just can’t tell a “good” AV from a “bad” one just by looking at it, or by considering its reputation.  You might as well be trying to tell if a house has a slight crack in the foundation by looking at it using Google Maps.

The quality of software is only as good as the people who are working on it at the time.  AV companies, like all software firms, see people come and go over time.  All it takes is one less experienced developer to overlook something subtle but critical, and *boom*, “Avira Antivirus update cripples millions of Windows PCs” (dated 2012).

So….. do as we’ve always done:  test before deploy.

1 user thanked author for this post.

rc primak

Reply | Quote

Thanks, Warrenrumak for that unsparing comment. But I’m afraid that, things as they are in my case, humble single-user on foot that I am, for me it has to be “deploy and test”. And if it’s no good, and if the machine still is in one piece and only slightly smoking, then uninstall and hope for better luck next time.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

For myself, who only has a single laptop that still runs Windows, by following details on ask woody I choose to observe while others do the testing, then deploy on the all clear signal. No stress, no smoldering chassis, no craters, no garments torn asunder. An inspired existence. Thanks Woody et al.

Reply | Quote

Hmmm… That is also usually my approach to installing under dubious circumstances. But in this case there are so many AV products, each a potentially primed software hand grenade… the chances that someone else will get blown up when reaching for my particular brand of AV (and also that I’ll hear about it) are not really great.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

My calendar suggests there may be three more weeks of observation time available in my “testing” phase, where others are doing the testing. Should I still be trembling at that time, I will know that saving a new image of my current system, and disconnecting the drive that holds that image, before updating will allow me a straight forward path to recovery. There is a zen like calm in making preparations. Granted this is easier to achieve on stand alone systems like yours and mine.

Reply | Quote

It gets a lot simpler (though not failsafe) when we’re only dealing with potential issues with one antivirus program. That would be Windows Defender.

I do use scanners and even Cloud AV programs to supplement Windows Defender. This has provided plenty of protections for when I absolutely must use Windows online. But to be honest, I use Linux most of the time by far, especially for sensitive financial and health care online activities.

For Linux I do scan with ClamAV. And the anti-Rootkit programs Chkrootkit and RKHunter. Command Line programs are not fun to run and collect logs, but they do allow a thorough investigation of anything suspicious which may be found. Realistically, Linux-specific infections are rare, but there’s always something to look at with Virus Total after even Linux scans.

Windows scans with Windows AV scanners don’t provide nearly so much fun for me. But then, I do clean up after my web browsers, I have disabled Edge’s new run in the background and self-restart properties in the Group Policies, and I clean the system with CCleaner and Glary Utilities, following through with monthly runs of Disk Cleanup or Storage Sense. So there’s little left over to fuss with for the AV scanners. Just new updates and new user data mostly. Maybe the occasional stray adware PUP.

So there is a place in my world for third party on-demand products and heuristics scanners. Just not their active shields. Those are what worm their way inside the 64-bit Windows kernel and can wreak havoc with updates and upgrades.

-- rc primak

Reply | Quote

If Microsoft had been doing any kind of testing, they would have been aware of the BSOD (in fact, they probably were).
These are major AVs we’re talking about, on millions of PCs.
They could have blocked the AVs and prevented the problems.
In fact, back in the first quarter of 2018, they blocked ALL AVs unless the AVs put a value in the Registry.

It may be the AVs are RESPONSIBLE for VIOLATING the security RULES.

But it is Microsoft that is RESPONSIBLE for ALLOWING the CHAOS that affected millions of their customers.

3 users thanked author for this post.

AlexEiffel, Myst, OscarCP

Reply | Quote

I get that it’s fun to use bold and caps and cast blame and all that….

But what’s Microsoft supposed to do if, say, only 95% of AV vendors update their software in a timely fashion?

Is the security of the entire Windows ecosystem supposed to be put on hold because the dev lead for some AV product is on their honeymoon?  And the PFY that tries to fix it in their stead cacks it all up?

Nobody has a good answer to this.

It’s a tough problem.  Pretending it isn’t serves no useful purpose.

1 user thanked author for this post.

OscarCP

Reply | Quote

PFY? BOFH? The Boss? Uncle Brian? Kudos to you, Sir!

But, caps or not, I think PK is right: MS should have done something earlier and been a little more mindful of us poor Windows users, but waited instead until the last possible moment to unleash their reformist zeal.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

What is the actual outcome of absolving Microsoft of the blame, then.

People install the updates.
They get a BSOD.
What do they do to recover from the problem, to be able to continue the operations necessary to business and personal needs.
They don’t change AV products.
They uninstall the update that was supposed to protect them from a vulnerability, so they can get back to business.
They continue using the AV product that is violating the security rules (making them even more vulnerable) until the AV can be revised.

And what’s been accomplished?
Nothing.
They have neither the update nor a secure AV product.
But they have a monumental amount of disruption.

It seems Microsoft’s intention is to make it impossible to use any other security product but their own.
Sorta reminds me of the Internet Explorer/Media Center thing.

3 users thanked author for this post.

OscarCP, AlexEiffel, columbia2011

Reply | Quote

More likely, it is Microsoft’s intention to get the third party security vendors to obtain legitimate signed access inside the 64-bit Windows kernel, and to pay up for the privilege.

As long as the piggy-bank gets filled, MS don’t care how they do it.

Just don’t try to avoid paying and getting approval and then complain about MS Updates breaking your “backdoors”.

-- rc primak

Reply | Quote

Yeah, there’s something just not right in all this.

I mean, in a case like this, was it a change in supported and documented behavior (a documented API or some such) or something that was supposed to be purely internal structures?

Now it’s perfectly natural that an antimalware solution that scans on file access and such, will cause a performance penalty. That’s just basic math. How much of a performance penalty, that’s the good question.

Then there’s the decision on what to do if the scan starts to take time. It’ll devolve into the “halting problem” eventually, but meanwhile – when do you abort the scanning process, do you fall back to allow or deny, and what’s this going to cause down the line then?

Given how this same general problem also exists on Linux where, by definition, there’s no such thing as an undocumented internal kernel interface… and yes, some of the security products do hook into things quite deeply…

The actual question still is, why wasn’t this tested, found and documented before public release?
… yeah, right, not that the answer to that is all that surprising…

Reply | Quote

There are documented ways to gain direct access inside the Windows 64-bit kernel. But you do need to ask permission from Microsoft, and pay for and maintain a Signed Certificate.

-- rc primak

Reply | Quote

PKCano wrote:

Who tests this stuff, anyway??

Thought I saw a bunch of laughing hyenas walking into Microsoft with signs around their necks that said “MS Beta Tester”. And then they laughed

MacOS, iOS, iPadOS, and SOS at times.

2 users thanked author for this post.

abbodi86, woody

Reply | Quote

Seems that the update is also causing issues with McAfee.  Installed this months update on several machines and it seems to block virus database updates.  Uninstalled Aprils update and am able to receive McAfee database updates again.

Reply | Quote

Any word on Kaspersky from “beta tester” victims?

Reply | Quote

anonymous wrote:

Any word on Kaspersky from “beta tester” victims?

 
Comments at BleepingComputer – somebody reported Kaspersky was also affected on their system. https://www.bleepingcomputer.com/news/microsoft/microsofts-april-2019-updates-are-causing-windows-to-freeze/

Comment is as follows –
20 hours ago
 
“I have a notebook with Windows 10 Home v1809 installed. After installing April 2019 Update, it restarted and crashed right into the repair screen, no longer booting the operating system. I use Kaspersky Internet Security and Malwarebytes Premium, so apparently the list of incompatibilities is higher.”

MacOS, iOS, iPadOS, and SOS at times.

3 users thanked author for this post.

Microfix, woody, PKCano

Reply | Quote

anonymous wrote:

Any word on Kaspersky from “beta tester” victims?

Two laptops at home, both running 1809 and the Kaspersky Free version. No problems with any current updates – fully patched.

No issues at the office where we use Symantec Endpoint and Dell Threat Defense (re-branded Cylance).

1 user thanked author for this post.

Myst

Reply | Quote

jabeattyauditor wrote:

anonymous wrote:

Any word on Kaspersky from “beta tester” victims?

Two laptops at home, both running 1809 and the Kaspersky Free version. No problems with any current updates – fully patched. No issues at the office where we use Symantec Endpoint and Dell Threat Defense (re-branded Cylance).

The comment on BleepingComputer might have referred to their problem being with Malwarebytes because they mentioned that AV also. Or could be the Kaspersky Free version you use isn’t a problem with this Win update. My advice to anyone and as Woody now states, Defcon1, don’t update

MacOS, iOS, iPadOS, and SOS at times.

1 user thanked author for this post.

Lars220

Reply | Quote

Do you have a link to a description?

Reply | Quote

which mcafee? what version?

Reply | Quote

OK: I have a PC running Windows 7 Pro, x64 SP1, and am in no hurry to install this month’s Security Only update. Three weeks from now, or even longer, we’ll see. Maybe someone will try to use, before then, Webroot SecurityOnly, the brand of my AV, gets burned doing that, cries out in agony and so lets everyone know, before then.

In case I missed it: is there anything that makes this particular Security Only update a “must install as soon as possible” one?

Win 7 (Group B) + M&L

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I use MSE and Adwcleaner.  No problems with them.

1 user thanked author for this post.

OscarCP

Reply | Quote

Adwcleaner is not active antivirus. It’s a specialized on-demand scanner. It isn’t involved in these issues.

-- rc primak

Reply | Quote

Good thing this issue isn’t prevalent in all AV vendors. I’m not experiencing any issues with ESET AV.

Reply | Quote

Windows 10 Version 1809 Build 17763.437, F-Secure SAFE version 17.5

All good here, no speed issues after latest updates.

When was the last time Woody told readers to take a full system backup before updating on Patch Tuesday?  Just asking.

Reply | Quote

“When was the last time Woody told readers to take a full system backup before updating on Patch Tuesday? Just asking.”

Your question might have been facetious or rhetorical, but it has been Step One in every guide to updating that Woody sends to Computerworld in my limited memory. Recently, for the sake on an example, https://www.computerworld.com/article/3386396/it-s-time-to-install-the-march-windows-and-office-patches.html

Also, remember that for the current topic of discussion, the updating guide has not been written yet. Big Red MSDEFCON-1 and all that.

1 user thanked author for this post.

woody

Reply | Quote

It is easy and convenient to bash Microsoft and blame them for the problem. BUT, we do not know and probably never will know the true reason.

Is it as RC Primak said above that the primary faiult lies with the AV vendors for using undocumented APIs? Is it Microsoft’s fault for introducing a new restriction in a valid API that was not documented and disseminated to the AV vendors? If the AV vendors are using undocumented APIs that is their fault. Any programmer worth their salt knows that an undocumented method can be changed or disabled at any time without notice.

PK Cano posits that Microsoft should have caught this in testing and notified the vendors. Maybe they did. They may have notified the vendors and the vendors ignored it. Microsoft may not have given the vendors enough time to rectify the situation. The AV vendors are never going to admit fault for that would potentially damage their reuptation(s). It is always easier to blame Microsoft.

Maybe Microsoft did not catch it. We do not know if this is a general condition for all Avira (and other 3rd party AV) users or if it affects a certain configuration(s) only. There is no way Microsoft can test all the hardware and software configurations. I’m sure they run an automated test suite over hundreds and probably thousands of machines. But that is a mere drop in the bucket of the configrations that can exist.

--Joe

6 users thanked author for this post.

abbodi86, Myst, woody, rc primak, Lars220, jwitalka

Reply | Quote

So now that we know all this, what do we do? What should Microsoft do?

-- rc primak

Reply | Quote

This is actually a very simple issue.

Microsoft issued a bad patch. As the issuer of said patch they need to step up and take responsibility for it and get it fixed.

If an AV vendor had issued a bad patch, then that vendor would need to step up and take responsibility for it and get it fixed.

If I was an executive at MS I would want to prevent this sort of thing from happening again. In order to do that I would need to know if it was my guy(s) or the other vendor’s guy(s) who made the mistake(s) (realizing that it could well have been a combination of my and their guy(s) who are at fault). But as a customer, I don’t really care about who’s to blame. What I see is that I’m using an MS operating system and applying an MS patch that bricks my computer. Microsoft, you need to get it fixed! Now!

1 user thanked author for this post.

OscarCP

Reply | Quote

1809 CU now lists ArcaBit (but not Avira) AV as a known issue:

Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to freeze or hang upon restart after installing this update.

We are presently investigating this issue with ArcaBit and will provide an update when available.

April 9, 2019—KB4493509 (OS Build 17763.437)

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

2 users thanked author for this post.

rc primak, woody

Reply | Quote

How about that….

Arkabit is a Polish antivirus program. And this particular report doesn’t sound like the slow-as-sludge reports I’ve seen. I bet we have another shoe yet to drop.

Reply | Quote

Windows 7 updates now have known issues listed for Avira, Avast, AVG, ArcaBit, Sophos:

(with blocks or guidance links)

April 9, 2019—KB4493448 (Security-only update)

April 9, 2019—KB4493472 (Monthly Rollup)

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

2 users thanked author for this post.

rc primak, fernlady

Reply | Quote

Please forgive my ignorance but this is a bit mind-boggling for civilians.  Does this problem currently affect all versions of Avast (e.g. free) with all versions of Windows 10?

Reply | Quote

According to the MS pages as of 4/13 am (server time):
Avira and Sophos are blocked on Win7/8.1, Avast has issued an Emergency Update, and MS is investigating ArcaBib.
ArcaBit has a known issue for Win10 1809
I don’t see anything on the Win10 1803 page.

2 users thanked author for this post.

rc primak, CyGuy

Reply | Quote

Myst wrote:

jabeattyauditor wrote:

anonymous wrote:

Any word on Kaspersky from “beta tester” victims?

Two laptops at home, both running 1809 and the Kaspersky Free version. No problems with any current updates – fully patched. No issues at the office where we use Symantec Endpoint and Dell Threat Defense (re-branded Cylance).

The comment on BleepingComputer might have referred to their problem being with Malwarebytes because they mentioned that AV also. Or could be the Kaspersky Free version you use isn’t a problem with this Win update. My advice to anyone and as Woody now states, Defcon1, don’t update

I’ve installed the KB4493509 update on my win10 v1809 machine that has just windows defender & Malwarebytes free edition and I am not experiencing any problems with that update. maybe it happens with just Malwarebytes Premium and not the free version.

Reply | Quote

Conjecture: While we debate the blame for allowing or misusing API’s, I notice that there does not seem to be a consistent pattern in the wilderness*. I propose that in addition to the known actors, Microsoft’s OS and many vendor’s security products, there are the unknown actors and their malware. Is it possible that the common element is an agent that afflicts systems only when infected? Doesn’t even have to be blackhat, could be a normally benign agent that is not accounted for in “testing”.

* I do note there have been large networks that show 100%, or nearly so, rates. Those are also likely to have consistent profiles and cross contamination anyway.

Reply | Quote

This is possible, but in my less than expert opinion, doubtful at present.

Anyway, such a roundabout explanation seems to me to be premature and unnecessary. It violates Occam’s Razor (the simplest explanation is often the correct one).

-- rc primak

Reply | Quote

https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472

It seems Avast and ArcaBit had fixed their products

5 users thanked author for this post.

CyGuy, Myst, rc primak, woody, PKCano

Reply | Quote