About Antivirus products and the Meltdown and Spectre security vulnerabilities

Version 10

    Verified Product Versions

    Endpoint Manager 2016.x

    Microsoft has released a patch to help work around the security issue with their processors involved with the "Meltdown" vulnerability.

     

    Some antivirus programs are incompatible with the new Microsoft patch (KB4058702).  See Support for the Intel 'Meltdown' security vulnerability KB4058702

     

    In order for this patch to be enabled to install you need to make sure that your Antivirus product has been updated to be compatible with the Microsoft patch, otherwise, Bluescreen errors could occur.

     

    The problem occurs because the Meltdown involves moving the kernel into its own private virtual memory address space.  Certain Antivirus products drill down into the kernel in order to track system changes to detect the presence of malware. This can cause a conflict which can result in a bluescreen kernel fault.

     

    Microsoft has requested that Antivirus vendors to test their compatibility with the security update and to set a specific registry key to confirm they are compatible.

     

    As this article states: Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key:

     

    Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”

    Data="0x00000000"

    Manually setting this registry key may cause bluescreens due to conflicts between your Antivirus software and the Microsoft Patch.

     

    The following article lists information about Antivirus vendors and their compatibility: https://support.microsoft.com/en-us/help/18900/consumer-antivirus-software-providers-for-windows

     

    Ivanti Antivirus and compatibility with the Microsoft "Meltdown" patch

     

    Ivanti Antivirus based on the Kaspersky Engine: Compatible (with proper database update)

     

    • On December 18, 2017 Kaspersky Lab released the fix which is distributed through the database update. Solutions with this update installed will not have compatibility issues with the Microsoft update.
      So if your Ivanti Antivirus software is up to date with the latest definitions you will be able to install the Microsoft patch.

      To quote from Kaspersky: "Good news: Both business and consumer solutions from Kaspersky Lab are fully compatible with this update. Microsoft delivers the update only if the system is flagged as ready, and from our side, the readiness flag has been included in the updates that were delivered on December 28, 2017. If your antivirus databases are up to date, then your computer is ready to receive the Windows update that fixes Meltdown. If you haven’t received it yet, you soon will, and we strongly recommend you install it as soon as possible."

      The following is Kaspersky's blog post with details full details: Two severe vulnerabilities found in Intel's hardware – Kaspersky Lab official blog

    So to be clear, if your Antivirus pattern files are December 28, 2017 or later, you are safe for the Microsoft patch install.

     

    Ivanti Antivirus based on the BitDefender Engine: Compatible