Network Security, Patch/Configuration Management, Vulnerability Management

Machines running popular AV software go unresponsive after Microsoft Windows update

April’s Microsoft Windows update has apparently been causing headaches for users who had previously installed anti-virus software from vendors such as Avast, Avira, ArcaBit, McAfee and Sophos.

Users with these AV products who installed the April 9 Windows update may find that their machines become slow or unresponsive following restart, according to the “Known Issues” section of Microsoft’s Monthly Rollup update web page.

So far at least three of the affected security vendors, Avast, Arcabit and Avira, have released software updates [1, 2] to mitigate the issue, while McAfee is testing a proof-of-concept fix that is available to customers. Microsoft is assisting Sophos by temporarily blocking devices with its AV products from receiving the April update, until a more permanent solution becomes available.

Avast published a support page specifying that machines running Avast for Business, Avast CloudCare and AVG Business Edition AV software may freeze at the login or Welcome screen upon installation of the latest Windows update. Additionally, users also may have to wait a long time to log in, or may not be able to at all.

"We have determined that these issues are related to Microsoft updates for Windows 7... and Windows 8.1... and the variant updates dependent on device operating system," the support page states. The AV company has responded by issuing an emergency micro-updates for Avast versions 18.7, 18.8, 19.3 and 19.4.

An Avira support page says four of its products for Windows 7 and 10 were affected by the issue: Avira Free Security Suite, Avira Prime, Avira Free Antivirus and Avira Antivirus Pro. The company automatically distributed an update that negates the problem.

McAfee and Sophos, meanwhile, have issued support articles offering guidance to users while the matter is further analyzed and a solution is developed.

McAfee notes that the issue affects devices on which McAfee Endpoint Security ENS Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 can also be affected is installed.

"McAfee is investigating this issue and will resolve it in a future update," states McAfee. "A proof-of-concept (POC) build to test a fix is currently available," the company adds, instructing customers to request it by escalating a service request to Technical Support.

Sophos' support article clarifies that all Sophos endpoints or server products running Windows 7, 8.1, 2008, 2008 R2, 2012 and 2012 R2 are susceptible to the problem, with the lone exception of Sophos Central Intercept X. As a temporary solution, Sophos has introduced a series of exclusions that generally prevent the issue from occurring as long as the device wasn't rebooted following installation of the Windows update. These exclusions are added automatically in Sophos Central and Enterprise Console customers and must be added manually in UTM-managed and standalone endpoints.

For those already impacted by the problem, Sophos' support page also offers steps to recover the machine.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.