Malwarebytes stumbles with false positive on KB 3197868, the Win7 November Monthly Rollup

Thanks to SC for the heads up.

Looks like those of you running Malwarebytes on a Win7 system using Group A updating are in for a rocky ride. Symptoms of the kernel32.dll false positive include locked up systems, and machines that take five minutes or more to shut down.

On Thursday, Malwarebytes narrowed down the problem and posted this solution:

What can I do if I have been affected by the Kernel32.dll false positive?

This detection has been fixed as of database version v2016.11.16.11.

This false positive was caused by Microsoft not digitally signing over 500 files included in “November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB3197868)”. Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future.

Malwarebytes’ solutions are to uninstall KB 3197868 if you haven’t rebooted after installing it, use System Restore, or manually replace some system files (which is a bear!).

UPDATE: I see some debate online about who’s at fault for the false positive – some blame Malwarebytes, others blame Microsoft. Given the details posted in the comments by abbodi, I think it’s fair to say that neither side committed any grave error. I’m surprised at the way Malwarebytes Anti-Malware reacted to a false positive, but as for the detection there’s plenty of reason to blame (or exonerate!) either side.

There’s a good note on the situation from Imacri on the Norton Community forum:

Win 7 SP1 users could potentially be affected if they ran a MBAM scan in the 4-day period between 08-Nov-2016 (the release date for the November 2016 Patch Tuesday updates) and 11-Nov-2016 when MBAM released database version v2016.11.16.11 to fix the problem.  I don’t see a large number of recent reports in their False Positive board at https://forums.malwarebytes.org/forum/42-file-detections/ (link is external) so it doesn’t appear to be a widespread problem.

Also, as abbodi notes in the comments, it’s likely that this problem also occurs with the Nov Win7 Security-only patch, KB 3197867 – that’s the “Group B” downloaded patch. I have no idea if it happens with the analogous patches for Win 8.1 – KB 3197874 (Nov Win 8.1 “Group A” Monthly Rollup) and KB 3917873 (Nov Win 8.1 “Group B” Security-only update) but wouldn’t be too surprised.

Your advice for the AskWoody Lounge, please

My web folks are limping along with a bbPress appendage to the AskWoody site. I have a million questions and would like to enlist your help, if you have time.

General layout looks like this:

AskWoody blog posts continue just the way they are.

Instead of having each blog post link to a comments section for that blogs post (we’re up to almost 500 comments on some blog posts!), I want to link directly into the Lounge.

The Lounge consists of Fora (OK, Forums for many of you). Each Forum can have many Topics. Each Topic gets lots of posts or comments (the terms seem to be used interchangeably).

You’ll be able to sign up for the Lounge, set a password, then type your username and password when you compose a comment. The way I envision things now, comments from registered users will be posted immediately. Anonymous comments are most welcome, but they’re subject to vetting, probably by me.

Registered users (including me) have roles. Right now, it looks like we’ll have Admins, Moderators (who can approve and delete comments, and block ne’erdowells), and Participants (who can create Topics and submit comments unmoderated).

Did you know that we’ve had 1.5 million spam posts on AskWoody so far? Fortunately, software handles almost all of them, but I still seem to deal with far too much.

Lounge rules will be as you have come to expect: Behave with dignity, no profanity, no personal attacks, and you’ll be fine.

So far so good?

Now, the next HUUUUUUGE job is to come up with a list of initial Fora (and sub-Fora and sub-sub-you get the idea). Anybody have an idea of a starting point?

Let me know what you think. This is going to be a long and painful process, but in the end I think it’ll work pretty well.

Microsoft releases documentation on Surface Book firmware/driver update

Day late, dollar short, the Surface Book firmware/driver update released on November 17 has finally been documented. Short version:

• New Precise Touch driver 1.2.0.70 “reduces false touch events when the device is closed.”
• New NVIDIA GeForce driver 21.21.13.6961 “improves system stability.”
• Surface UEFI driver 90.1380.768.0 “improves system stability.”

Which might lead you to believe that the Surface Book has stability problems – a point that shouldn’t be too surprising to anyone who’s been following the Surface Book saga. I count 19 firmware/driver patches since the Surface Book was released a little over a year ago.

MS-DEFCON 4: Time to get November Windows and Office patches applied

It’s up. I figure it’s time to get the November patches pushed onto your machine. I’ve seen very few problems with this month’s patches – a welcome change from the past year or so.

InfoWorld Woody on Windows.

If you have Win7 or 8.1, follow How to cautiously update Windows 7 and 8.1 machines .

For those in Group B, the update you want from the Microsoft Catalog is here:

Win7 64-bit: http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows6.1-kb3197867-x64_6f8f45a5706eeee8ac05aa16fa91c984a9edb929.msu

Win7 32-bit: http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows6.1-kb3197867-x86_2313232edda5cca08115455d91120ab3790896ba.msu [NOTE: My earlier link was incorrect!]

Win 8.1 64-bit: http://download.windowsupdate.com/d/msdownload/update/software/secu/2016/11/windows8.1-kb3197873-x64_cd0325f40c0d25960e462946f6b736aa7c0ed674.msu [NOTE AGAIN: My earlier link was wrong. Thanks, everybody.]

Win 8.1 32-bit: http://download.windowsupdate.com/c/msdownload/update/software/secu/2016/11/windows8.1-kb3197873-x86_b906109f30b735290a431fdc8397249cfcc3e84b.msu

If you have Win10, follow my new Win10Tip Apply updates carefully

As usual, if you have any problems, tell me all about it!

Deal on Amazon Prime – ended

I’ve been an Amazon Prime member for years and recommend it to all of my friends.

Amazon had a one-day-only offer on Nov. 18, but it’s over now. (I’m preserving this post because of the comments.) The offer took $20 off the usual $99 one-year fee. Highly recommended

(That’s an affiliate link. If you click that link to go to the Amazon site, and you have cookies enabled – even temporarily – a small percentage of what you spend goes to help keep the lights on around here. The cookie’s supposed to last for 24 hours. There’s no additional charge to you.)

Woody’s Win10Tip: Apply updates carefully

Here’s an easy, step-by-step approach to applying blocked Win10 updates.

InfoWorld Woody’s Win10Tip

Latest Win10 beta, build 14971, a real snore

Okay, I’m jaded, but I just updated my trusty Win10 beta machine, and I find almost nothing to raise my head off the desk.

You can use Edge to read EPUB books. That’s fine, but you can install all sorts of apps and browser extensions that’ll do the same thing.

Paint 3D Preview is nice and all, but I have trouble painting in 2D.

PowerShell – the big change here is that PowerShell is now the default where the DOS-style command line used to show up. The right-click X menu now has PowerShell, although you can change it back to CMD (Start > Settings > Personalization > Task Bar, slide “Replace command prompt with Windows PowerShell in the  menu when I right-click the Start button or press Windows key+X” to off).

You’ll read a lot about the new Get Office shell. Reminds me a lot of the Google Apps list in the upper left corner of Chrome.

I’m convinced things will get better, but for now you can just go back to sleep.

Anomaly in blocking Win10 update

False alarm. I had already hidden the update.

My mistake.

I did discover something interesting, though. Wushowhide doesn’t work if the Windows Update service is turned off. No error message. It just doesn’t pick up anything.

Code.org and Minecraft team up for an “Hour of Code” tutorial Dec 5-11

For those of you who are interested in teaching the next generation how to work with computers, this is a big deal.

I’ve been teaching four local kids how to code — more accurately, how to think in computer-like ways — for several months. I’ve been using a site called code.org which lets kids manipulate sprites with a simple drag n drop interface. If you’re teaching kids how to really work with computers, it’s an amazing resource. And it’s free.

Code.org runs these specials from time to time called “Hour of Code,” which gets kids to focus on some fun application of real programming. On Tuesday, Microsoft announced that it will be teaming up with code.org to put on an “Hour of Code” that teaches kids how to modify Minecraft:

Created by “Minecraft” game designers at Mojang and Microsoft, in partnership with Code.org, the fun and easy-to-learn one-hour experience builds on the success of last year’s record-breaking “Minecraft” tutorial, which reached more than 30 million students worldwide. With the goal of inspiring millions more to try coding for the first time — and to keep going on their journey of learning computer science — as of today’s launch, the tutorial is available in 10 languages, including Spanish. It is scheduled to be available in 50 languages by Dec. 5…

The tutorial also underscores Microsoft’s commitment to ensuring all young people have the opportunity to learn computer science, an economic and social imperative in this era of digital transformation, which is expected to generate 1.4 million computing jobs in the U.S. alone by 2020 according to the Bureau of Labor Statistics. In the U.S., 40 percent of schools do not teach computer science, and Microsoft aims to reach students most likely to be among those without access, particularly girls and minorities.

It’s an amazing hook-up. If you have kids around the house, look into it.

InfoWorld.com no longer taking comments

Posting comments on InfoWorld.com has always been difficult. Now, it’s no longer possible.

Instead of commenting after each blog, you’re redirected to

LinkedIn, where you can use the LinkedIn system to post comments.

Facebook where you can, like, like.

Twitter for following and tweeting.

Of course, I’ll continue to have posts here for each of my InfoWorld blogs. Dive in! I learn a lot from your comments, and hope the feeling’s mutual.

If you want to buy a new Win7 system, look at this

I generally avoid “sales” like the plague, but I just couldn’t pass this by.

Dell OptiPlex 3040 Micro (that’s the little one – 7 in x 7 in x 1.4 in, only room for one 2.5-inch hard drive). $399 with i3-6100T, 4 GB, 500 GB hard drive (which takes up the only slot), 4 x USB 3, 2 x USB 2, RJ-45, HDMI 1.4, No Wi-Fi.

Windows 7 Pro with Win10 Pro license.

That’s a bare-bones, but fully capable non-WiFi, Win7 Pro system. For $399.

UPDATE: Reader poohsticks has a link for a Dell Inspiron 3000 laptop, Win7 Pro, for less than $300. Check it out if you want a Win7 laptop.

Details on this and other great hardware deals await in the comments…. And if you find a deal that’s utterly fantastic, post away!

How to install Windows 7 from scratch

Many of you have asked how to re-install Windows 7 from scratch. You’d think it would be easy, but it isn’t.

Let’s start with the premise that you have a fresh copy of Windows 7 in your hands. We’re still wrestling out the details of how to get that copy. You also need installation media for any other programs – Office being a likely example.

Star contributor Canadian Tech has a set method for starting over with Windows 7. He starts with the assumption that you’re going to install a new hard drive while you’re in the process. That’s a very good idea. If you intend to use Win7 for a while, a solid state drive will make Win7 work better than it ever has. Considering that SSD prices are down to the sub-$100 range (the 500 GB Samsung SSD – affiliate link – costs $135 from Amazon, for heaven’s sake, and prices will go lower next Friday) , you should seriously consider feeding an SSD to your Win7 machine.

Here’s Canadian Tech’s procedure. He anticipates that it’ll take you 12 hours to complete:

Step 1. Go to your computer’s OEM support site (Dell, HP, Acer, whatever) and find and download the drivers for your computer and store them on a USB stick.

Step 2. You may be able to take your data off first. Remove the failing hard drive and put it into a USB external drive housing. Connect to a working PC, copy the data off. You may need a friend to do this part for you, but the rest is not really very technical or difficult for most people.

Step 3. Install the new hard drive. Do not do any formatting or partitioning.

Step 4a. If you made a set of disks for recovery or an image copy at the time your computer was new. This is the time you need them. Start your computer on the first of the disks as instructed and in an hour or so, your computer will look exactly as it did then. Skip to Step 5.

Step 4b. If you do not have that set of disks, you will need a legal reusable Microsoft Product Key. You will need a Windows 7 install disk. The Win7 disk must match the edition of your product key, and its bitness (32 or 64). If you do not have the original Windows 7 install disk, borrow one from a friend. Hopefully, the disk you use will be labeled SP1 (Service Pack 1), because that will save you an additional 4 hours or so.

Step 4c. Place the Windows 7 install disk in the disk reader and start your computer.
Once the install process is started, choose CUSTOM. Ignore the check box about drivers, unless you can not proceed further. When the installer asks about Windows update, choose Ask me later.

Step 5. Once Windows 7 SP1 is installed, install the following:

Step 5a. KB3020369. If you installed the 32-bit version of Win7, download it here.  If you have 64-bit Win7, download it here. Double-click on the downloaded MSU file and let ‘er rip.

Step 5b. Same story with KB3172605. Download 32-bit here. Download 64-bit here. Run the MSU file.

Step 6. Open Windows Update, change Windows Update setting to Never check for updates (that is, turn off Automatic Updates). Do not install anything else at this point – NOTHING. Start the update process by clicking on Check for updates. You’re likely to see 200 or more updates. It will take some time.

Step 7. Once you have a list of updates, you will likely want to prevent certain specific updates from being installed to reduce snooping. Click once on each Update that is NOT labeled SECURITY and check the date of issue on the right. If that date is after January 1, 2015 (date subject to debate depending on your paranoia), right-click on the patch and hide.

Step 8. Click install updates and wait for it to finish. Restart when asked to do so.
After re-start is complete and you see a desktop, start Task manager – Right-click on task bar. Look at the % at the bottom. Do NOT attempt to use the computer for any purpose until you see that % fall to and stay at 10% or less. Windows Update is still working and has a lot of work to do.

Step 9. Keep running Windows Update again and again till it offers no new patches.

Step 10. Start Internet Explorer, click the gear (upper right) in IE11 and select Compatibility settings and enter Microsoft.com in the list

Step 11. Start Windows Update again and check the box to include updates for other Microsoft software. Run Windows Update again and again until you are satisfied you have all the updates you want.

Step 12. After the install is complete, check Device Manager. Type device in the text box above the start globe when you click it and choose Device manager from the list to find out if Win7 was able to supply the drivers you need. You should get drivers only from the maker of your computer or Intel, as mentioned in Step 1. Do NOT use any of those driver download sites. They are all bogus, have bad drivers, and install malware.

Step 13. Install your Microsoft Office software and then run Windows Update again and again till no more are proposed.

Step 14. If you have a hard drive (not an SSD), defragment your drive. Type defragment in the text box above the start globe when you click it once. Choose the Defragmentation link. Wait till it completes all passes. (SSDs don’t need defragging.)

Step 15. Next you need to decide whether you’re going to apply only Win7 security patches, or if you’re comfortable with letting Microsoft install all of its patches. There are strong arguments in favor of both approaches. Start with my patchocalypse article in InfoWorld and if you have any lingering doubts, sift through the debate here on AskWoody. It’s not a simple choice.

Step 16. Make sure you have Automatic Update set to “Never,” and watch here to see when it’s safe to install patches.

Many thanks to Canadian Tech for letting me publish these steps.

May the debate begin…. 🙂