[German]The manufacturers of antivirus products, AVAST and Avira have officially confirmed that their products will cause issues with Windows after installing April 2019 Windows updates.
It is only an addendum to my articles yesterday (see April 2019 updates freezes Windows 7, 8.1, 10 & Server and the link list at end of article). Now an official confirmation by the software manufacturers is available.
Looking back: Heavy issues with Windows updates
The Windows updates released on April 9, 2019 caused install issues problems on some machines. Already on Wednesday, April 10, 2019, there were first reports that updates freezes the systems during installation.
First hints referred to update KB4493472 and clients with Windows 7 as well as Windows Server 2008 R2. Later it became clear, that Windows Server 2008, Windows 8.1, Windows Server 2012/R2 as well as Windows 10 and its server counterparts were also affected.
Not all users have been affected. While some users reported hassle-free update installations, others reported the system hanging. I ‘ve blogged about this in the article April 2019 updates freezes Windows 7, 8.1, 10 & Server. The only remedy was to boot the machine in safe mode, uninstall the causing update and block it for installation.
Antivirus solutions from Sophos, AVAST and Avira cause antivirus problem
It soon became clear that the cause was related to installed security solutions from third-party manufacturers. Sophos Endpoint Protection and solutions from AVAST and Avira – mostly for corporate environments – were named.
Sophos and Microsoft respond
On 11 April 2019, Sophos confirmed its support with the article Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update.
SAV service hangs after installing KB4493472
Last night one of my Windows 2008R2 servers hung after installing Microsoft patch KB4493472. After initial examination I discovered that SAV service was logging lots of error messages in event log. Event IDs : 7022 (service hang), 80, 81, 83, 85, 82, 566, 608, 592.
The server became unresponsive, no rdp, no file share access, Ctrl Alt Delete not working.
I rebooted the server in to safe mode and disabled the Sophos services. After this, I was able to reboot normally. Then I uninstalled Sophos, rebooted and tried to install again but this time the installation didn’t complete and the server hang again. I rebooted again in safe mode, disabled services, rebooted and uninstalled sophos again. After checking the Windows logs I realised that the server had installed update KB4493472 last night. I uninstalled the patch, rebooted and installed sophos again. This time there was no problem.
Currently we are trying to unauthorise KB4493472 on our update system.
Is there any known issues with KB4493472 on Windows Server 2008R2?
The Sophos kb article contains detailed descriptions of how to proceed if a machine is affected. Microsoft has resynchronized the relevant updates for WSUS and blocked them for clients with Sophos, see also the German comment here and here. The KB article on the affected updates now contains the following information:
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.
Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available. For more information see the Sophos support article.
Response from Avast
Windows machines (particularly those running Windows 7) are becoming locked or frozen on startup after Microsoft updates KB4462223, KB4493472, KB4493448, KB4464520, KB4462230 and KB4493435.
Avast customers are reporting their Windows machines with Avast for Business and Avast CloudCare products are becoming stuck or frozen on the login/Welcome screen. Some of these machines are completely unable to log in, and some log in after a very extended period of time. We have determined that these issues are most likely related to Microsoft updates KB4462223, KB4493472, KB4493448, KB4464520, KB4462230 and KB4493435.
The support article describes the steps to get a affected machine up and running again.
Statement from Avira
Why does my system run very slow?
We could reproduce the described behavior.
This is occurring because of a current Windows Update.
Our development is working on a solution.
Uninstall Windows 10 Update KB4493509
Uninstall Windows 7 Updates KB4493472 and KB4493448
This probably also explains why some Windows 10 users get a slower system and observe further malfunctions (see Windows 10 V1809: Slow down with Update KB4493509?).
Microsoft Office Updates (Patchday April 2, 2019)
Microsoft Security Update Summary (April 9, 2019)
Patchday: Updates for Windows 7/8.1/Server (April 9, 2019)
Patchday Windows 10-Updates (April 9, 2019)