Jump to content

Is ESET blocking KB4058258 (Windows 10 16299.214)?


howardagoldberg

Recommended Posts

On two Windows 10 x64 machines, running what I thought was the latest update for Windows (16299.192), it appears the last two cumulative Windows 10 updates - the latest being KB4058258 (https://support.microsoft.com/en-us/help/4058258/windows-10-update-kb4058258) have not been picked up by Windows Update. (I have tried running WU manually).

There is a thread on reddit which hints that ESET may be playing a role here: https://www.reddit.com/r/Windows10/comments/7ubybm/january_31_2018kb4058258_os_build_16299214/. There is also some hint that the hosts file could be involved, and I am thinking there may be some interplay between the hosts file and ESET?

Both systems are Dell machines with Intel processors running the latest version of ESET. I have verified that both systems have the needed registry key set to deal with the new Spectre/Meltdown threats (the key was set by ESET).

It is also possible that since both machines are x64 and not AMD, that for whatever reason Microsoft is not pushing the last two cumulative updates to all machines, but nothing in Microsoft's release notes indicates that to be the case.

Before I perform any manual  update (never needed to do that before), remove the hosts file, remove ESET, etc., I wanted to hear from ESET.

Please advise. Thank you!

Link to comment
Share on other sites

  • Administrators

The fact that the mentioned updates were not installed automatically shouldn't have anything to do with ESET. Theoretically the web scanner could interfere with downloading Windows updates, e.g. if Microsoft changed the certificate but if there was not even an attempt to download the updates I would completely rule out ESET.

Link to comment
Share on other sites

@Marcos, I recently applied the "fix" from the thread "FIXED: Certificate Pop-Ups - An application on this computer is trying to communicate over a channel encrypted with an untrusted certificate." I know it  is unlikely, but could that have had any effect?

Edited by howardagoldberg
Link to comment
Share on other sites

  • Administrators

Which thread do you mean? I've found only one similar topic in our forums but there was no fix mentioned since the issue discussed there was not a problem of ESET.

Link to comment
Share on other sites

Yeah same here the .214 update KB4058258 is not being offered to me automatically through Windows Updates but I can install it manually. I think Microsoft has been strange lately with Windows updates as they've been releasing then pulling them again so it might be the fact that Microsoft is still investigating whether that update is 100% safe for everyone with no adverse effects.

 

To download and install it manually: http://download.windowsupdate.com/d/msdownload/update/software/updt/2018/01/windows10.0-kb4058258-x64_69f87cf7f2ea83509d5e61ba2d525a103a6d64f9.msu

 

That's the link for the 64-Bit version (non Server edition), for all the links to all versions: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4058258

Edited by Phoenix
Link to comment
Share on other sites

On 2/8/2018 at 12:26 PM, Marcos said:

Which thread do you mean? I've found only one similar topic in our forums but there was no fix mentioned since the issue discussed there was not a problem of ESET.

@Marcos This thread: https://forum.eset.com/topic/14563-fixed-certificate-pop-ups-an-application-on-this-computer-is-trying-to-communicate-over-a-channel-encrypted-with-an-untrusted-certificate/.

I actually reported the above "issue" over a year ago, and was told it was not ESET's issue. After reading this and other posts, I realized that ESET was doing its job, but the frequent pop-ups were intrusive, given that there is a way to block them and actually increase security (no accidental accepting of bad certificates). It seems unlikely that this would have any effect on WU, especially since I had no problem receiving the Office 2016 MSI install updates on Tuesday, but it never hurts to ask :-).

Edited by howardagoldberg
Link to comment
Share on other sites

On 2/8/2018 at 12:40 PM, Phoenix said:

Yeah same here the .214 update KB4058258 is not being offered to me automatically through Windows Updates but I can install it manually. I think Microsoft has been strange lately with Windows updates as they've been releasing then pulling them again so it might be the fact that Microsoft is still investigating whether that update is 100% safe for everyone with no adverse effects.

 

To download and install it manually: hxxp://download.windowsupdate.com/d/msdownload/update/software/updt/2018/01/windows10.0-kb4058258-x64_69f87cf7f2ea83509d5e61ba2d525a103a6d64f9.msu

 

That's the link for the 64-Bit version (non Server edition), for all the links to all versions: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4058258

@Phoenix That is my gut feeling also, and thank you for confirming it is not just an issue on my network! At this point, I will likely not do anything until this coming patch Tuesday. If I do not receive the cumulative update on 2/13, then I will dig deeper. That said, on the reddit thread there was a report that removing ESET solved the problem, but it could also be that they were using an older version of ESET that did not update the registry, and be removing ESET, Defender kicked in with the registry key and the update came down. I wish Microsoft would provide more detailed documentation ....

Edited by howardagoldberg
Link to comment
Share on other sites

KB40558258 primarily addresses the following two main issues:

  • Provides additional protections for 32-bit (x86) versions of Windows 10, version 1709.
  • Resolves the issue reported by some customers on a small subset of older AMD processors where the processor entered an unbootable state after installing January 3, 2018—KB4056892 (OS Build 16299.192).

https://support.microsoft.com/en-us/help/4058258/windows-10-update-kb4058258

I have an AMD Phenom II x6 CPU and I also was never offered the update. I however did apply the previous Meltdown/Spectre OS patches and have had zero issues with them.

Based on this user's experience after installing KB4058258, I would not install it: https://www.reddit.com/r/Amd/comments/7ulc6a/microsofts_spectre_fix_for_amd_cpus_is_now_on/ .

 

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members

Wait till patch Tuesday, this update has been causing more trouble than it actually resolves. Some people who have applied the patch manually have done so , then regretted it.
It came out on the 31st January and pretty much "unavailable" since then via WU so something is wrong. Seems to go 3 ways if you try manually

1, Download manually and it installs ok
2, Download manually and it refuses to complete install
3, Download manually and it installs ok but breaks something in the process

Not worth the trouble :unsure:

 

Link to comment
Share on other sites

On 2/8/2018 at 1:57 PM, cyberhash said:

Wait till patch Tuesday, this update has been causing more trouble than it actually resolves. Some people who have applied the patch manually have done so , then regretted it.
It came out on the 31st January and pretty much "unavailable" since then via WU so something is wrong. Seems to go 3 ways if you try manually

1, Download manually and it installs ok
2, Download manually and it refuses to complete install
3, Download manually and it installs ok but breaks something in the process

Not worth the trouble :unsure:

 

 

On 2/8/2018 at 1:53 PM, itman said:

KB40558258 primarily addresses the following two main issues:

  • Provides additional protections for 32-bit (x86) versions of Windows 10, version 1709.
  • Resolves the issue reported by some customers on a small subset of older AMD processors where the processor entered an unbootable state after installing January 3, 2018—KB4056892 (OS Build 16299.192).

https://support.microsoft.com/en-us/help/4058258/windows-10-update-kb4058258

I have an AMD Phenom II x6 CPU and I also was never offered the update. I however did apply the previous Meltdown/Spectre OS patches and have had zero issues with them.

Based on this user's experience after installing KB4058258, I would not install it: https://www.reddit.com/r/Amd/comments/7ulc6a/microsofts_spectre_fix_for_amd_cpus_is_now_on/ .

 

@cyberhash ... have seen those mixed results also, which is why I asked the question before just forging ahead, and

@itman ... also suspect that given I am running x64 Intel on both machines, that I am not *Supposed* to get the patch. 

So, my inclination is to wait until Tuesday ... but was just trying to confirm the issue was not at my end. Since both systems are running ESET, that was a common denominator and thus led to my posting :-). Again, would be nice if Microsoft actually provided some guidance/details on their support page for 1709 updates!

Edited by howardagoldberg
Link to comment
Share on other sites

Hey. So, my Windows installation was stuck at 16299.19 (notice no 2 at the end), which is almost half a year old! Noticed this issue when Windows started warning me that I should install my updates, although I thought I had been doing so for the past months. I manually installed 16299.192 and forgot about it, but now I noticed that I wasn't bumped to .214 either, although my desktop was. Also, I now noticed that uninstalling Eset makes other updates available as well, such as Adobe Flash.

Office updates seem to have been installed properly though.

EDIT: I'm on Eset Endpoint Antivirus 6.4.2014.0 and Windows Enterpise x64.

Edited by Jani
Link to comment
Share on other sites

On 2/9/2018 at 2:20 AM, Jani said:

Hey. So, my Windows installation was stuck at 16299.19 (notice no 2 at the end), which is almost half a year old! Noticed this issue when Windows started warning me that I should install my updates, although I thought I had been doing so for the past months. I manually installed 16299.192 and forgot about it, but now I noticed that I wasn't bumped to .214 either, although my desktop was. Also, I now noticed that uninstalling Eset makes other updates available as well, such as Adobe Flash.

Office updates seem to have been installed properly though.

EDIT: I'm on Eset Endpoint Antivirus 6.4.2014.0 and Windows Enterpise x64.

@Marcos ... while still anecdotal, I believe Jani's post and the reddit post do point for the need to ESET to explore if there is an issue. I have not uninstalled ESET to test this myself, but may do so on Sunday. It would be wonderful if ESET could actually look into this *before* patch Tuesday. One of the moderators on the "patch management" list also suggested that ESET might be interfering somehow, so I do not think this is inconceivable. Please advise. Thank you.

Edited by howardagoldberg
Link to comment
Share on other sites

On 2/8/2018 at 7:11 PM, Phoenix said:

@Phoenix That does not address the current issue with 1709, but interesting none-the-less.

Edited by howardagoldberg
Link to comment
Share on other sites

  • Most Valued Members

@howardagoldberg while someone may have experienced an issue with WU while they had an Eset product installed, it really does not narrow down if that was exactly the root cause of the problem.

From memory i think i was 2 days from the release of the fall CU update , to actually receiving it on 2 machines. Maybe the person that made the reddit post experienced something similar, waited a day or two and never received the update so uninstalled the Eset product they had installed and by sheer coincidence the update became available to them in their region at that particular time (or shortly after). MS don't have any guidance on the delivery of updates that is useful to anyone. For instance i don't allow the P2P sharing method of the updates, and i don't know if that somehow puts me to the back of the queue with receiving them. Obviously people allowing updates to be shared across the web would be more beneficial to MS and they might get priority over people who don't share like myself.

Maybe a few people have found that removing a security product (Not only Eset) has worked for them, but i think these would tend to be a very isolated cases and is still not definite proof that the security app itself was at fault. Were these very rare cases just people that set up a few bad rules in their firewall and never knew how to undo them, or were they using 3rd party tools for traffic shaping or network priority etc (to name a few). Without looking at the problem "when it's a problem", and having all the necessary info to hand is going to be futile.

Plus , I think that if there was a major problem with Eset products blocking the delivery of windows updates then these forums would reflect that with a large volume of posts regarding the issue. Maybe for some people like Jani an uninstall/install did work and the reason behind it will never be known as it's too late to tell.........

Just throwing a few ideas out there as there are probably many reasons for the problem
:)
 

Link to comment
Share on other sites

I had the same issue. So this morning I decided to uninstalled eset smart security and used windows defender and windows firewall the updates came up right away. Been waiting since jan 31 KB4058258 (0S Build 16299.14) and for the new flash update.  I did not change any settings in Eset Security.  I have installed eset again and will see about Patch Tuesday if I get the updates.

 

Link to comment
Share on other sites

Here's a link to one of the most reliable web sites in regards to Win Update issues: https://www.askwoody.com/forums/search/kb4058258/

What I gleaned from the postings are the following:

1. If you previously installed KB4056892, you will not be offered KB4058258. If you persist in your desire to install KB4058258, you need to first uninstall KB4056892. All this makes sense since KB4058258 is directed to AMD CPU based PCs that had major issues after installing KB4056892. Those folks were specifically instructed to uninstall KB4056892 by Microsoft.

2. If you install KB4058258, there is a likelihood you will encounter the same continuous boot loop issues that manifested after KB4056892.

My advice is if you previously installed KB4056892 and your PC is running fine, forget about KB4058258. If your PC has an Intel CPU, forget about KB4058258. If your PC is using a x64 version of Windows, forget about KB4058258.

Finally, I have received later Win Updates after previously installing KB4056892; a MS Office update. So this KB4058258 Win Update issue has nothing to do with Eset.

Edited by itman
Link to comment
Share on other sites

On 2/10/2018 at 12:56 AM, cyberhash said:

@howardagoldberg while someone may have experienced an issue with WU while they had an Eset product installed, it really does not narrow down if that was exactly the root cause of the problem.

From memory i think i was 2 days from the release of the fall CU update , to actually receiving it on 2 machines. Maybe the person that made the reddit post experienced something similar, waited a day or two and never received the update so uninstalled the Eset product they had installed and by sheer coincidence the update became available to them in their region at that particular time (or shortly after). MS don't have any guidance on the delivery of updates that is useful to anyone. For instance i don't allow the P2P sharing method of the updates, and i don't know if that somehow puts me to the back of the queue with receiving them. Obviously people allowing updates to be shared across the web would be more beneficial to MS and they might get priority over people who don't share like myself.

Maybe a few people have found that removing a security product (Not only Eset) has worked for them, but i think these would tend to be a very isolated cases and is still not definite proof that the security app itself was at fault. Were these very rare cases just people that set up a few bad rules in their firewall and never knew how to undo them, or were they using 3rd party tools for traffic shaping or network priority etc (to name a few). Without looking at the problem "when it's a problem", and having all the necessary info to hand is going to be futile.

Plus , I think that if there was a major problem with Eset products blocking the delivery of windows updates then these forums would reflect that with a large volume of posts regarding the issue. Maybe for some people like Jani an uninstall/install did work and the reason behind it will never be known as it's too late to tell.........

Just throwing a few ideas out there as there are probably many reasons for the problem
:)
 

@cyberhash ... I agree with you. From my perspective, ESET is not the most likely culprit. The most likely "culprit" is that WU is actually behaving exactly as it is supposed to and since I have the earlier January Spectre/Meltdown patch installed, I am not supposed to get it. However, given that:

1) I have not received last Tuesday's Flash update for Edge,

2) My other Win10 system with ESET also has not received the new cumulative update or the Flash update,

3) There does not seem to be clear rhyme of reason as to why certain people get the new update(s), and others did not - except perhaps for ESET being installed - ...

It is worth asking the question and having ESET look into this to confirm. Of course, as I have said before -- it would be even better if Microsoft were to put something out there making clear that the new update is not going to everyone. But since they have not done so,

4) Perhaps that actually does indicate it is meant for everyone and ESET really does need to look into this!

As I said, at this point given the confusion, I am going to wait until 1:00 p.m. Eastern on Tuesday and see if the non-office Windows updates come through as expected. If yes, great. If not, then ESET does becomes the main culprit.

Edited by howardagoldberg
Link to comment
Share on other sites

20 hours ago, itman said:

Here's a link to one of the most reliable web sites in regards to Win Update issues: https://www.askwoody.com/forums/search/kb4058258/

What I gleaned from the postings are the following:

1. If you previously installed KB4056892, you will not be offered KB4058258. If you persist in your desire to install KB4058258, you need to first uninstall KB4056892. All this makes sense since KB4058258 is directed to AMD CPU based PCs that had major issues after installing KB4056892. Those folks were specifically instructed to uninstall KB4056892 by Microsoft.

2. If you install KB4058258, there is a likelihood you will encounter the same continuous boot loop issues that manifested after KB4056892.

My advice is if you previously installed KB4056892 and your PC is running fine, forget about KB4058258. If your PC has an Intel CPU, forget about KB4058258. If your PC is using a x64 version of Windows, forget about KB4058258.

Finally, I have received later Win Updates after previously installing KB4056892; a MS Office update. So this KB4058258 Win Update issue has nothing to do with Eset.

@itman ... There is nothing in the Ask Woody forum discussion you linked to that indicates Microsoft is not issuing .214 if you are on x64 Intel with .192 installed. How are you coming to that conclusion? I agree that the .214 update seems to be highly problematic, and perhaps it is a blessing I have not received it yet. However, it still seems that a conflict between WU on Win10 and ESET is a possibility that needs to be explored and officially confirmed or "denied" by ESET.

I also received the non-security Office updates this past Tuesday. What I have not received is the .201 or .214 updates, the Flash update for Edge (not that I use Edge), or the servicing stack update. That actually all points to something being amiss with Windows updates, even though Office updates are offered through the same interface (I believe the Office and Windows updates originate from two different services - which are integrated on the Win10 WU client, so that's not obvious to the user). While still anecdotal, ESET does seem to be a common link in who is getting Windows updates and who is not, and I still maintain it would be worth ESET's time to explore this  further *before* patch Tuesday!

Edited by howardagoldberg
Link to comment
Share on other sites

22 hours ago, Purpleroses said:

I had the same issue. So this morning I decided to uninstalled eset smart security and used windows defender and windows firewall the updates came up right away. Been waiting since jan 31 KB4058258 (0S Build 16299.14) and for the new flash update.  I did not change any settings in Eset Security.  I have installed eset again and will see about Patch Tuesday if I get the updates.

 

@Marcos Look through this thread ... I don't think we can ignore the possibility that ESET is playing a role here.

Link to comment
Share on other sites

On 2/9/2018 at 2:20 AM, Jani said:

Hey. So, my Windows installation was stuck at 16299.19 (notice no 2 at the end), which is almost half a year old! Noticed this issue when Windows started warning me that I should install my updates, although I thought I had been doing so for the past months. I manually installed 16299.192 and forgot about it, but now I noticed that I wasn't bumped to .214 either, although my desktop was. Also, I now noticed that uninstalling Eset makes other updates available as well, such as Adobe Flash.

Office updates seem to have been installed properly though.

EDIT: I'm on Eset Endpoint Antivirus 6.4.2014.0 and Windows Enterpise x64.

@Jani Thank you. @Marcos ... this is becoming more than anecdotal.

Link to comment
Share on other sites

14 hours ago, howardagoldberg said:

While still anecdotal, ESET does seem to be a common link in who is getting Windows updates and who is not, and I still maintain it would be worth ESET's time to explore this  further *before* patch Tuesday!

We'll just have to wait another two days and then if folks don't receive their patch Tuesdays Win Updates and we'll know for sure there is an issue.

I went to the Windows Update Catalog web site and checked what is included in KB4058258:

Quote

2017-10 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4043961)
2017-11 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4048955)
2017-11 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4051963)
2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517)
2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4056892)
2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4073290)

So this update is actually a replacement for cumulative updates going back till 10/2017. This clearly indicates it is a "corrective" update targeted at certain installations MS has deemed problematic.

As far as the Adobe Flash critical security update, KB4056887, mentioned previously, I received it on 1/9/2018; the same day I received the MS Office updates.

FYI - if anyone hasn't figured this out yet, the current Win Update situation is a mess on the Microsoft-side due to numerous installation "hick ups" from the Meltdown/Spectre situation. So if one is looking "to point the finger" at someone in regards to Windows Update status, aim it at Microsoft.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...