Windows 7 patch warning: Antivirus clash causing PCs to freeze

Updates for Windows 7 cause startup problems for a second month in a row.
Written by Liam Tung, Contributing Writer

In a repeat of April's Windows 7 update clashes with multiple antivirus products, the May 2019 Windows 7 updates are causing new problems for users of McAfee and Sophos security products. 

UK-headquartered security firm Sophos has posted an alert about problems occurring after installing the May 14 monthly rollup, KB4499164, and the security-only update, KB4499175.

After installing the May 2019 updates, some Sophos customers "are experiencing a hang on boot where the machines appear to get stuck on 'Configuring 30%'," Sophos says in a support note

SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)    

The issues are affecting customers running Windows 7 and Windows Server 2008 R2 with Sophos Endpoint Security and Control or Sophos Central Endpoint Standard/Advanced installed. 

Sophos says it is working with Microsoft to resolve the issue, however Microsoft has not listed the problem as a known issue on its knowledge base pages for the two updates.

The Windows maker, however, has confirmed that the monthly rollup is causing startup issues with several McAfee security products. The updates "may cause the system to have slow startup or become unresponsive at restart after installing this update," said Microsoft

The glitch affects Windows 7 and Windows Server 2008 R2 with McAfee Endpoint Security (ENS) Threat Prevention 10.x, McAfee Host Intrusion Prevention (Host IPS) 8.0, and McAfee VirusScan Enterprise (VSE) 8.8.

As with the April updates, McAfee says the problem stems from changes in Windows monthly updates for Client Server Runtime Subsystem (CSRSS) that introduces "a potential deadlock" with ENS. 

Microsoft on Saturday also resolved an issue where Internet Explorer and the Microsoft Edge couldn't access some UK government websites, after Microsoft rolled out support in its browsers for HTTP Strict Transport Security (HSTS) for all gov.uk sites. 

As per a user report on Askwoody.com, while key UK government sites for paying vehicle taxes and applying for passports and drivers licenses have been HTTPS for years, HTTPS secure connections haven't been enabled for many local government websites. 

"Then you get a level down to local government, where there's 400+ local councils. They have placename.gov.uk domains, which this just broke as we got no warning that HSTS was being enforced. I'm an infrastructure tech for for a local council with 250,000 residents. A bunch of internal systems (that don't require HTTPS) stopped working after I got the patches to test on Wednesday morning," wrote a user with the handle "magic".

"For us it prevents access to the publicly accessible democracy data and the planning system among others. Both of these are maintained by external systems providers so it's not a five minute job to add a certificate. The main website is fine for us, other councils don't even have HTTPS enabled on those. I got a tweet before from someone advising that reading.gov.uk and doncaster.gov.uk are inaccessible."

Editorial standards