Windows 11 preview update KB5014019 breaks Trend Micro Ransomware Protection

Windows[German]Preview update KB5014019, which Microsoft released for Windows 11 on May 24, 2022, is causing trouble for Trend Micro antivirus solutions. It clashes with Trend Micro's Ransomware Protection, the vendor acknowledged in an advisory.


As of May 24, 2022, preview update KB5014019 for Windows 11 has been released – I had reported in the blog post Windows 11: Preview Update KB5014019 (May 24, 2022). The update is supposed to fix a whole bunch of bugs on this Windows version.

In the meantime, however, Trend Micro has released ADVISORY: Trend Micro Endpoint Issue with Microsoft KB5014019 Windows 11/Server 2022 Preview Patch (May 24, 2022), which addresses issues with the products:

  • Apex One 2019,
  • Worry-Free Business Security Advanced 10.0,
  • Apex One as a Service 2019,
  • Deep Security 20.0,
  • Deep Security 12.0,
  • Worry-Free Business Security Services 6.7

admits. The advisory states:

Trend Micro is aware of a compatibility issue between the User Mode Hooking (UMH) component of several Trend Micro endpoint solutions and the latest Microsoft Windows 11 and Windows Server 2022 optional preview patches (KB5014019) released on May 24, 2022.

The vendor thus states that there are compatibility issues with User Mode Hooking (UMH) and preview update KB5014019 on Windows 11. In the advisory, Windows Server 2022 is also mentioned – but the update is missing there – that would be the cumulative preview update KB5014021.

The UMH component is used by several Trend Micro endpoint and server protection products. The component is responsible for some advanced features such as ransomware protection. 

Customers who install the optional Microsoft Windows 11 Update KB5014019) and the Preview Update for Windows Server 2022 find that the Trend Micro UMH driver stops working after a reboot. Trend Micro is currently investigating this issue further to resolve it before the optional Windows patch becomes mandatory as a security update in June 2022.


Users who have already applied the optional Windows patch can either temporarily uninstall the patch or contact Trend Micro Support for further assistance with a UMH debug module. Uninstallation is possible through the Control Panel. Or, open an administrative command prompt and type the following command:

wusa /uninstall /kb:5014019

The above command will uninstall the update for Windows 11. If Windows 10 or Windows Server 2022 are affected, use the relevant KB number (5014022 for Windows 10 and 5014021 for Windows Server 2022). (via)

Similar articles:
Patchday: Windows 10-Updates (May 10, 2022)
Patchday: Windows 11/Server 2022-Updates (May 10, 2022)
Windows 7/Server 2008R2; Windows 8.1/Server 2012R2: Updates (May 10, 2022)
Exchange Server Security Updates (May 10, 2022)

Windows 11: Update KB5013943 results in application error 0xc0000135
MS-Patchday wrap-up: Issues with April 2022 updates
Windows Server 2022: RDS bug (RDCB role broken) caused by KB5011497, not fixed in May 2022
Windows Update KB5012599: Microsoft plans fix for install error 0x8024200B and 0x800F0831
Windows 11: Update KB5013943 results in application error 0xc0000135
Windows, Office: May 2022 Patchday issues and mysteries

Windows 11: Preview Update KB5014019 (May 24, 2022)
Windows 10 / Windows Server 1809 Preview Update (May 24, 2022)
Windows Server 2022 Preview Update (May 24, 2022)

Cookies helps to fund this blog: Cookie settings

This entry was posted in issue, Update, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *