Author Topic: Information regarding recent MS updates for Meltdown and Spectre vulnerabilites  (Read 12834 times)

Offline Cavalary

  • Comodo Member
  • **
  • Posts: 35
    • Cav's Place
MS pushed the Meltdown patch ahead of time, and there's this notification:

Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV have updated the ALLOW REGKEY.

Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”

So how does CFW fare regarding that? May it be one of those that block it? (I'm still on 8.4, if it counts.)

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Does CFW interfere with the Meltdown patch?
« Reply #1 on: January 03, 2018, 09:23:15 PM »
Hi,
We are working with Microsoft on this requirement and next week CIS release is expected to solve it.
I will inform.

Thanks
-umesh

MS pushed the Meltdown patch ahead of time, and there's this notification:

Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV have updated the ALLOW REGKEY.

Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”

So how does CFW fare regarding that? May it be one of those that block it? (I'm still on 8.4, if it counts.)
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline Cavalary

  • Comodo Member
  • **
  • Posts: 35
    • Cav's Place
Re: Does CFW interfere with the Meltdown patch?
« Reply #2 on: January 03, 2018, 09:27:22 PM »
So no chance to stay on 8.4 from now on, I'll be required to update Comodo to apply the patch?
Oh hell...

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Does CFW interfere with the Meltdown patch?
« Reply #3 on: January 03, 2018, 09:29:32 PM »
Any specific reason you want to stay at 8.4?
So no chance to stay on 8.4 from now on, I'll be required to update Comodo to apply the patch?
Oh hell...
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline Cavalary

  • Comodo Member
  • **
  • Posts: 35
    • Cav's Place
Re: Does CFW interfere with the Meltdown patch?
« Reply #4 on: January 03, 2018, 09:32:30 PM »
It works, no issues with anything, looking through update threads for v10 I keep seeing issues. Also 32-bit Win 7, doesn't seem like you test much on it lately. And definitely not keen on the forced auto updates introduced recently (10.0.2.6396 I see). Plus, until recently there was no way to directly install just the FW, was it? And I'm still not seeing FW-only offline installer.

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Does CFW interfere with the Meltdown patch?
« Reply #5 on: January 03, 2018, 09:36:23 PM »
Hi,
Quote from: Cavalary
Also 32-bit Win 7, doesn't seem like you test much on it lately.
Any issues you can point?

Quote from: Cavalary
And definitely not keen on the forced auto updates introduced recently (10.0.2.6396 I see).
You can always de-select related check box.

Quote from: Cavalary
Plus, until recently there was no way to directly install just the FW, was it? And I'm still not seeing FW-only offline installer.
You can use offline premium installer and de-select AV component from it and it installs just FW.

Thanks
-umesh
It works, no issues with anything, looking through update threads for v10 I keep seeing issues. Also 32-bit Win 7, doesn't seem like you test much on it lately. And definitely not keen on the forced auto updates introduced recently (10.0.2.6396 I see). Plus, until recently there was no way to directly install just the FW, was it? And I'm still not seeing FW-only offline installer.
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline Cavalary

  • Comodo Member
  • **
  • Posts: 35
    • Cav's Place
Re: Does CFW interfere with the Meltdown patch?
« Reply #6 on: January 03, 2018, 09:43:12 PM »
Nothing I can point to since I never tried v10. Just extremely wary of taking the risk when I see other reports and what I have works so well as it is.
So... hoping against hope it may work with 8.4 somehow, or just get a small patch to just fix the issue itself and not change anything else, I don't know. This is all just a shocker...

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Does CFW interfere with the Meltdown patch?
« Reply #7 on: January 04, 2018, 09:38:24 AM »
Hi Cavalary,
We suggest you to try latest v6474:
https://forums.comodo.com/beta-corner-cis/comodo-internet-security-v10106474-rc-t121304.0.html

If you encounter any issue, we will be happy to look into.

Thanks
-umesh
Nothing I can point to since I never tried v10. Just extremely wary of taking the risk when I see other reports and what I have works so well as it is.
So... hoping against hope it may work with 8.4 somehow, or just get a small patch to just fix the issue itself and not change anything else, I don't know. This is all just a shocker...
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline rmcohen

  • Comodo Member
  • **
  • Posts: 42
My Windows 10 machine has not been updated, so I found this article:

https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software
Overview
Microsoft has identified a compatibility issue with a small number of anti-virus software products.

The compatibility issue is caused when anti-virus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.

If you have not been offered the security update, you may be running incompatible anti-virus software and you should follow up with your software vendor.

Microsoft has been working closely with anti-virus software partners to ensure all customers receive the January Windows security updates as soon as possible.

« Last Edit: January 04, 2018, 10:47:53 AM by rmcohen »

Offline rmcohen

  • Comodo Member
  • **
  • Posts: 42
Re: Is Comodo AV Compatible with MS update for Specter and Meltdown?
« Reply #9 on: January 04, 2018, 10:45:11 AM »
https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY.

Contact your Anti-Virus AV to confirm that their software is compatible and have set the following  REGKEY on the machine
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”

Offline Ploget

  • Comodo's Hero
  • *****
  • Posts: 892
  • 'Your best teacher, is your last mistake'
    • Security & Privacy
Ploget
 
Win10x64 Pro 1903 (18362.295) x 2
Win7x64 Pro x 1 - Home Premium x 1
CIS v.12.0.0.6882 & CCAV v.2.0.470195.867
COS for Mozilla
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
'If you think you are too small to make a difference; try sleeping with a Mosquito'

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25476
Re: Is Comodo AV Compatible with MS Windows update for Specter and Meltdown?
« Reply #11 on: January 04, 2018, 01:03:02 PM »
Comodo tested and the latest stable release, 6420, is compatible with the Meltdown and Specter update from Microsoft. To be able to get the update with 6420 a registry key needs to be created.

The release notes of the CIS 10.1.0.6474 RC instruct how to create that registry key:

Fixes:
1. XP BSOD as reported here
2. We have tested v6420 against Meltdown patch released by Microsoft on 3rd Jan,2018 and there are no compatibility issues with either last production v6420 or this build. However as required by Microsoft that AV vendor should create registry key as defined in KB4056892, this version also creates required registry key.

While we provide updates next week. any user, who is currently using v6420 on Windows 10, can safely update to KB4056892 after creating key manually or can execute enclosed Enable_Jan2018_KB4056892_Patch.reg.txt file after removing ".txt" from end, that creates the required key.

Please share your valuable feedback.

Thanks
-umesh
I have attached the text file with the registry to this post for convenience.

Download the txt file, remove the .txt extension and execute the .reg file. Confirm when Windows asks for confirmation. Your system is now ready to receive the Meltdown and Specter update KB4056892.

Offline lyonel

  • Comodo's Hero
  • *****
  • Posts: 235
Re: Does CFW interfere with the Meltdown patch?
« Reply #12 on: January 04, 2018, 01:12:18 PM »
Cavalary,

 install Veeam agent for windows. Fully free

do a backup, install CIS10, if problems, restore your backup with the boot cd created before.
French Translator of / Traducteur pour le Français de: CIS, CMS, CCAV, COHE, CB, ITSM

Offline rmcohen

  • Comodo Member
  • **
  • Posts: 42
Re: Is Comodo AV Compatible with MS Windows update for Specter and Meltdown?
« Reply #13 on: January 04, 2018, 01:36:29 PM »
Thanks!

BTW, I realize it is easy to create a registry key for this. I just wanted to ensure it was safe to do so.

Offline rmcohen

  • Comodo Member
  • **
  • Posts: 42
Re: Is Comodo AV Compatible with MS Windows update for Specter and Meltdown?
« Reply #14 on: January 04, 2018, 01:39:42 PM »
I think not, but do you know if a reboot is required? I just tried rerunning Windows Update and it still doesn't have anything for me.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek