News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • For the second month in a row, McAfee and Sophos are having problems with the Win7/Server 2008 R2 Monthly Rollup and Security-only patches

    Posted on May 19th, 2019 at 07:38 woody Comment on the AskWoody Lounge

    After the debacle last month, you’d think that McAfee and Sophos would’ve figured out a way to work with Microsoft’s monthly patches.

    Not so.

    Microsoft says that its May 14 Monthly Rollup, KB 4499164 and Security-only patch KB 4499175, are triggering problems anew:

    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.

    We are presently investigating this issue with McAfee.

    Guidance for McAfee customers can be found in the following McAfee support articles:

    To be clear, this is in addition to the problems we all felt last month. The official Release Information status page says that this particular problem originated on April 9 and has been mitigated. McAfee disagrees: “May 16, 2019 Updated that this issue applies to Windows April 2019 update KBs or later Windows monthly updates.” You can choose which one you believe.

    Microsoft hasn’t yet admitted to the problems with Sophos, but I assure you they will. Here’s what Sophos says:

    We have had an increase in customers reporting that following on from the Microsoft Windows 14th May patches they are experiencing a hang on boot where the machines appear to get stuck on “Configuring 30%”

    Initial findings suggest that this relates to the below Microsoft Patches:

    May 14, 2019—KB4499164 (Monthly Rollup)
    May 14, 2019—KB4499165 (Security-only update)

    We have currently only identified the issue on Windows 7 and Windows Server 2008 R2

    Applies to the following Sophos product(s) and version(s)
    Sophos Endpoint Security and Control
    Sophos Central Endpoint Standard/Advanced

    Why does this feel like deja vu all over again?

    Thx Kevin Beaumont @GossiTheDog.

  • Yet another conflict acknowledged with this month’s Win7 and 8.1 Monthly Rollups, this time with McAfee Endpoint Security

    Posted on April 19th, 2019 at 06:29 woody Comment on the AskWoody Lounge

    And the hits keep on rolling…

    Last night, Microsoft added a new “Known issues with this update” entry to both KB 4493472, this month’s Win7 and Server 2008 R2 Monthly Rollup, and to KB 4493446, this month’s Win8.1 and Server 2012 R2 Monthly Rollup.

    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.

    We are presently investigating this issue with McAfee.

    Guidance for McAfee customers can be found in the following McAfee support articles:

    McAfee Security (ENS) Threat Prevention 10.x

    McAfee Host Intrusion Prevention (Host IPS) 8.0

    Both of those links are to essentially identical pages, which state:

    Changes in the Windows April 2019 update for Client Server Runtime Subsystem (CSRSS) introduced a potential deadlock with ENS.

    Workaround: Disable any Access Protection rule that protects a service.

    The announcement’s strange, not so much for what it contains (we’ve had similar reports for Sophos, Avast and Avira), but for what it doesn’t contain.

    First, the corresponding Security-only patches don’t have the same admonition. With Sophos, Avast and Avira we also got warnings for this month’s Win7 and 8.1 Security-only patches.

    Second, there’s no announcement for Server 2018.

    Third… why did it take so long? The bad patch is ten days old.

    The first two points may just be sloppy documentation. Heaven knows we’ve seen a lot of that lately. But the third one has me scratching my well-scratched pate.

    I’ll have more on this in Monday morning’s AskWoody Plus Newsletter.