It seems as though a lot of antivirus packages have been causing a lot of headaches for Microsoft Windows users and Microsoft support lately, in that with the Spectre and Meltdown being pushed out, some of those antivirus packages put the OS into a BSOD reboot state. Kevin Beaumont explained the issue.

There is a problem where some anti-virus vendors are using techniques to bypass Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations — memory locations which are now changing with the Meltdown fixes. To be honest, some of the techniques are similar to ones used by rootkits — Kernel Patch Protection was introduced by Microsoft a decade ago to combat rootkits, in fact. Because some anti-virus vendors are using very questionable techniques they end up cause systems to ‘blue screen of death’ — aka get into reboot loops.

You can read exactly what Microsoft has to say about this over on it support pages.

Microsoft has identified a compatibility issue with a small number of antivirus software products.

The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.

If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor.



If you have run into this issue and can get back into the OS, a little RegEdit wizardry can help you out so that you can move forward and get those security updates. For those of you that have never edited the Windows registry, I highly suggest you back everything up before you go poking around in there. [H] readers are probably just fine though, you know the program…literally. Thanks cageymaru.

Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key:

Key=”HKEY_LOCAL_MACHINE” Subkey=”SOFTWAREMicrosoftWindowsCurrentVersionQualityCompat” Value=”cadca5fe-87d3-4b96-b7fb-a231484277cc” Type=”REG_DWORD” – Data=”0x00000000″

Discussion

Source: [H]ardOCP – Your Antivirus May Cut Off Microsoft Security Patches