Hello,
I would like to ask you quite curious question related to W7 patches that has been released since January 2018.
In our environment I have discovered multiple workstations that did not get OS patches installed - first of missing updates is KB4056897 (January 2018 Security Only update).
It is well known that AV compatibility registry key is required before these patches can be applied by WU. But all the affected clients have had this reg key already (QualityCompat / cadca5fe-87d3-4b96-b7fb-a231484277cc).
After long investigation the findings are following:
- Clients have McAfee for several years already
- Before McAfee has been installed - there has been Symantec Endpoint Protection installed.
- It seems there remained some leftovers after SEP has been replaced by McAfee
- solution was to run CleanWipe from Symantec to remove any leftovers. After that action clients can find and apply KB4056897 (January 2018 Security Only update) and others that follow.
So the conclusion is that WU is actually checking more things than just AV compatibility registry key (QualityCompat / cadca5fe-87d3-4b96-b7fb-a231484277cc) before the KB4056897 is verified as applicable.
And the question is - do you know what exactly could be blocking KB4056897 to get applicable until CleanWipe from SEP is run? I would assume it could be some more registry keys related to Symantec. And it would be very helpful to know which key(s) it is exactly. Having this information we could apply the fix more easily. Running SEP cleanwipe on tens of computers seems quite aggressive solution which I would like to avoid to.
Thank you in advance for any advice
I would like to ask you quite curious question related to W7 patches that has been released since January 2018.
In our environment I have discovered multiple workstations that did not get OS patches installed - first of missing updates is KB4056897 (January 2018 Security Only update).
It is well known that AV compatibility registry key is required before these patches can be applied by WU. But all the affected clients have had this reg key already (QualityCompat / cadca5fe-87d3-4b96-b7fb-a231484277cc).
After long investigation the findings are following:
- Clients have McAfee for several years already
- Before McAfee has been installed - there has been Symantec Endpoint Protection installed.
- It seems there remained some leftovers after SEP has been replaced by McAfee
- solution was to run CleanWipe from Symantec to remove any leftovers. After that action clients can find and apply KB4056897 (January 2018 Security Only update) and others that follow.
So the conclusion is that WU is actually checking more things than just AV compatibility registry key (QualityCompat / cadca5fe-87d3-4b96-b7fb-a231484277cc) before the KB4056897 is verified as applicable.
And the question is - do you know what exactly could be blocking KB4056897 to get applicable until CleanWipe from SEP is run? I would assume it could be some more registry keys related to Symantec. And it would be very helpful to know which key(s) it is exactly. Having this information we could apply the fix more easily. Running SEP cleanwipe on tens of computers seems quite aggressive solution which I would like to avoid to.
Thank you in advance for any advice
My Computer
At a glance
Windows 7 Enterprise x64
- Computer type
- PC/Desktop
- OS
- Windows 7 Enterprise x64
