Jump to content
An upgrade will take place on September 23, 2020 at 16:00 CEST (14:00 GMT). The Forum will not be accessible for a short period of time. ×

Archived

This topic is now archived and is closed to further replies.

voyageur2180

windows 10 spring update

Recommended Posts

9 minutes ago, WhiskeyRiver said:

I was just playing with that new group policy. Enabling Computer Configuration -> Administrative Templates -> System -> Credentials Delegation allows you to select migitgated, vulnerable or just disable the policy. This is a RDP session to a server that allows the user to look up all property records at every county court house in Oklahoma. I think I'm going to call them and see what they say because manipulating the three options doesn't help.

Problem was on the server end. They had to change their group policy to force updated clients. They're running Win2008 R2 if that helps anyone.

Share this post


Link to post
Share on other sites

BAM! Caught one in the wild. Exact scenario we've been talking about. All three updates. Producing the Virus Scanner Initialization Failed message right now. Loading the NET developer tools on it so I'll have a memory dump later today.

Share this post


Link to post
Share on other sites
1 hour ago, WhiskeyRiver said:

BAM! Caught one in the wild. 

Gotta Catch 'Em All :)

Share this post


Link to post
Share on other sites

Good Gawd. I can't get a memory dump from this computer by remote. The computer is so slow... And I'm trying to do it by remote.  It's in too trafficy an area and someone keeps coming by, trying to use it and resetting it. Apparently the dump is taking hours.  I can't induce a crash dump because I'm not there. Frustrating.

 

Share this post


Link to post
Share on other sites

We've already got enough memory dumps so no further dumps are needed. As a workaround, you can try disabling Protected service in the HIPS setup and rebooting the machine. The only 100% solution known to date is upgrading Windows 10 RS4 x86 to x64 version.

Share this post


Link to post
Share on other sites
8 minutes ago, Marcos said:

We've already got enough memory dumps so no further dumps are needed. As a workaround, you can try disabling Protected service in the HIPS setup and rebooting the machine. The only 100% solution known to date is upgrading Windows 10 RS4 x86 to x64 version.

Okie-Doke. Glad you have what you need. 

I'm looking at a shelf with 10 Dell i560 desktops, all dual core Intels, all with 4Gb RAM, all were running 32-bit Windows, all of which got retired by either v1709 or now v1803 for various reasons, starting with the Scepter and Meltdown patches. It's a damn shame. All were replaced with new machines, I7 processors and 16GB RAM running 64-Bit Windows. Somebody's making good money from these Microsoft errors.  I'm not a conspiracy nut but in this case...

Oh, one of my other groups are reporting that 64-Bit Windows machines with AVG and Avast updating to v1803 are blue-screening on the reboot.

These are trying times.

Share this post


Link to post
Share on other sites

That last one... Avast breaks the rollback too apparently. Re-Install is the only answer for them.

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

As a workaround, you can try disabling Protected service in the HIPS setup

I am still "mulling" over this one. Does this just disable PPL protection of ekrn.exe and/or additional Eset self-protection mechanisms?

Also, I assume Eset is still using is elam driver to load ekrn.exe early in the boot process?

Share this post


Link to post
Share on other sites
1 minute ago, itman said:

I am still "mulling" over this one. Does this just disable PPL protection of ekrn.exe and/or additional Eset self-protection mechanisms?

Also, I assume Eset is still using is elam driver to load ekrn.exe early in the boot process?

Doesn't work for all of them. The one I was trying to dump the memory on had the protective service disabled.

Share this post


Link to post
Share on other sites

Here's some details on the Avast fiasco: https://news.softpedia.com/news/avast-antivirus-blamed-for-breaking-down-windows-10-april-2018-update-521227.shtml

This did "get me thinking." Has anyone tried rolling back to ver. 1709; I assume that is only possible if you took an image backup of it prior to upgrading to ver 1803?

Next, Uninstall NOD32.

Then, perform the ver. 1803 upgrade.

Finally, reinstall NOD32.

Wonder if this would stop the X(86) issues? We need to find someone who installed NOD32 for the first time on ver. 1803 x(86).

Share this post


Link to post
Share on other sites

I did that already. All three of the laptops I reference early in this thread were brand new hard drives with v1803 installed from scratch. As soon you install Nod32 and reboot the antivirus starts failing.

That Avast problem... It even breaks restore points so you're caught in a loop if you try to go back. I always straighten existing machines out... Clean them up... Make sure there's no viruses or rootkits... Clear all restore points and make a new one... Then do the upgrade.  I haven't had that particular problem where I couldn't return. But I only use eset products and malwarebytes so I'm atypical.

Share this post


Link to post
Share on other sites

I just found this "tidbit" in regards to the next Win 10 release:

Quote

Windows 10 Insider Preview Build 17672

Release date: May 16, 2018

This build has only very minor changes and fixes. In it, the Windows Security Center (WSC) service now requires that third-party antivirus programs run as protected processes, or else they won’t show up in the Windows Security interface, and Windows Defender Antivirus will run side by side with them. You can, however, disable the behavior by creating the following registry key and rebooting:

HKLM\SOFTWARE\Microsoft\Security Center\Feature DisableAvCheck (DWORD) = 1

Note that the key won’t work when the next version of Windows 10 is closer to being released.

https://www.computerworld.com/article/3118132/microsoft-windows/windows-10-redstone-a-guide-to-the-builds.html

Share this post


Link to post
Share on other sites
17 hours ago, itman said:

If it does anything besides pitch an annoying security center box in R4 i can't confirm it. I still had to disable security center or it can be clicked right back on. I had to:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService - set start to 4

and

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - delete the string value labeled SecurityHealth

So far I haven't tinkered this particular machine too much. The famous antivirus initialization error was evident when I found it this morning. I didn't know I had this many 32-bit installs still out there.

Share this post


Link to post
Share on other sites
13 minutes ago, WhiskeyRiver said:

If it does anything besides pitch an annoying security center box in R4 i can't confirm it.

Did you check via Process Explorer, etc. if WD engine was running; i.e. C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe?

Share this post


Link to post
Share on other sites

Not running. That part worked. I guess. WD is generally not running when the Nod32 errors occur. Hadn't thought about that before.

 

Share this post


Link to post
Share on other sites

Well... Not surprising now that I think about it. On most of these machines I've already tinkered with them ahead of time. I know I'm going to install Nod32 so I zing in a few registry changes:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-

I'm still working on my first cup of coffee. Surely the cobwebs will vacate shortly. In the meantime I'm distracted by the little guy in my head asking stupid questions like "is Batman a transvestite?"

 

Share this post


Link to post
Share on other sites

@WhiskeyRiver, FYI

Microsoft Releases KB4100403 to Fix Windows 10 Intel & Toshiba SSD Issues

Quote

Earlier today, Microsoft released cumulative update KB4100403 that fixes several bugs, including the issues some users reported with Intel and Toshiba solid-state drives (SSDs).

Users reported these issues after updating to the latest version of Windows 10, the April 2018 Update —also known as version 1803.

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-kb4100403-to-fix-windows-10-intel-and-toshiba-ssd-issues/

Share this post


Link to post
Share on other sites
17 hours ago, itman said:

Nobody's happier to see it than me. Well, maybe my neighbor who manages an IS department that has a couple of dozen Surface Pros deployed. I wonder if they've slipstreamed the fixes into their downloadable ISO?

Share this post


Link to post
Share on other sites
32 minutes ago, WhiskeyRiver said:

I wonder if they've slipstreamed the fixes into their downloadable ISO?

You can download it from the Win Update Catalog web site and roll it out to clients that way.

Appears Avast has fixed their issues in regards to ver. 1803: https://www.ghacks.net/2018/05/25/avast-update-fixes-windows-10-version-1803-upgrade-issue/

Share this post


Link to post
Share on other sites
1 hour ago, itman said:

You can download it from the Win Update Catalog web site and roll it out to clients that way.

Appears Avast has fixed their issues in regards to ver. 1803: https://www.ghacks.net/2018/05/25/avast-update-fixes-windows-10-version-1803-upgrade-issue/

Haven't had a chance to look. Busy day. If the SSD fixes aren't slipstreamed then I still can't deploy a new installation using an Intel drive. I will check to see what they've got up. Thanks.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...