This article is more than 1 year old
Sophos antivirus tools. Working Windows box. Latest Patch Tuesday fixes. Pick two: 'Puters knackered by bad combo
Two weeks and no sign of a proper solution, Avast and McAfee affected, too
Updated Unlucky Sophos antivirus users face a dilemma: either uninstall the software, or install April's Windows security fixes. That's because having both in place at the same time will bork their machines.
On April 9, Microsoft rolled out its usual Patch Tuesday vulnerability patches for the month. Unfortunately, Sophos customers who tried to install them on systems running Windows 7, Windows 8.1, Windows Server 2008, Server 2008 R2, Server 2012, or Server 2012 R2, with an affected antivirus present, found that when they rebooted after updating, the computers would hang and do their best impressions of unwieldy paperweights.
The issue remains, to this day, unfixed. Specifically, "Sophos Windows endpoint or server product except Sophos Central Intercept X" is affected, according to the AV vendor.
"Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available," Sophos said in an advisory last week.
"If you have not yet performed the update we recommend not doing so. If you have performed the update but not yet rebooted we recommend removing the update prior to rebooting."
That means we're now nearly two weeks after the breakdowns were first encountered. A Sophos spokesperson told The Register that the problem is still persisting. We've asked Microsoft for an explanation, and it says it is looking into it.
Sophos has created some workarounds that deal with the headache temporarily. Its Enterprise Console customers should have an update by now that blocks the update from borking systems, and there's a similar fix for UTM Managed and Standalone Endpoints but these have to be updated manually.
If this article comes too late, and your PC is fscked, then there is also a recovery plan that Sophos has suggested. You'll need to boot in safe mode, disable the Sophos code, uninstall the Windows patches, and then reboot and activate the security code again.
But that still leaves the problem of remaining unpatched. While the perils of Exploit Wednesday are somewhat overstated these days, hackers have grown adept at reverse engineering Windows patches and leaving machines unpatched is a very bad idea. ®
Updated to add
It appears McAfee and Avast anti-malware packages are also affected by the latest Windows updates. A change Microsoft made to its operating system's Client Server Runtime Subsystem (CSRSS) causes deadlocks during start up, we're told.
McAfee said users may experience "slow boot times and performance after installing Microsoft Windows April 2019 updates on a system with Endpoint Security." Meanwhile, Avast noted:
Avast has received reports of an issue affecting our customers running Avast for Business, Avast CloudCare, and AVG Business Edition on Windows machines, particularly those with Windows 7 operating systems. We have developed micro-updates that should resolve the issue and restore functionality to our users.
Biting the hand that feeds IT
