14 DAY TRIAL // Bugs caused by Windows updates aren’t really something new, and there are plenty of users out there who aren’t necessarily excited with Patch Tuesday rollouts.
However, Microsoft seems to have reduced the likelihood of issues in the most recent updates for the supported Windows versions (Windows 7, Windows 8.1, and Windows 10), and the July 2019 Patch Tuesday fixes caused only minor glitches that have already been acknowledged by the software giant.
But on the other hand, third-party updates could also cause problems on Windows devices, and when security software is involved, things are far worse.
This is exactly what happened on July 10, a day after Microsoft shipped its July 2019 Patch Tuesday fixes, when McAfee released an update that eventually locked users out of their Windows devices.
The botched update, which was aimed at McAfee Endpoint Security (ENS) 10.2 or earlier, was supposed to update the Exploit Prevention module to version 9418 on devices running this software. Worth knowing is that ENS 10.2 is no longer supported since December 15, 2018, but it continues to be used on a large number of enterprise devices.
After installing the said update, users could no longer log in to their devices, and many believed that the culprit was a botched Windows update.
However, McAfee quickly acknowledged the problem, and explained in an advisory that users must manually correct the issue by removing a specific file from their devices.
The bigger problem is that the issue itself blocks users from logging in to their computers, so deleting the file isn’t as easy as it seems at first glance.
The only way to go is to boot to Safe Mode. Instructions on how to do this vary from one device to another, and you’re recommended to check your manufacturer’s website for more information on this.
If disk encryption software is also running on your device, additional steps might be required, and again, you need to follow the steps provided by the developer to successfully boot to Safe Mode.
Once you manage to log in to Safe Mode, what you need to do is delete the following file – note that the item you must remove depends on your system’s architecture, as follows:
64-bit - C:\Program Files\McAfee\Endpoint Security\Threat Prevention\IPS\HipHandlers64.dat
32-bit - C:\Program Files (x86)\McAfee\Endpoint Security\Threat Prevention\IPS\HipHandlers.dat
This isn’t a problem, however, as McAfee has already released a newer version of the Exploit Prevention module which you can update from within the app. The correct version is 9419, and it should then bring all the latest improvements without locking users out of their devices.
A reboot of the device isn’t required, albeit you can try one to make sure everything is working correctly.
There are two points that need to be highlighted about this issue.
First of all, it’s not related to Windows updates, so regardless of the Windows version that you run and the installed patches, the problem is only caused by the latest McAfee update. You shouldn’t remove any Windows updates to correct the bug.
Second of all, ENS 10.2 is no longer supported, and you should update to security software that hasn’t yet reached the end of life. McAfee too has a replacement for ENS 10.2, and although it’s a costly move, it could help prevent similar issues from happening again in the future.