Tuesday, May 30, 2017

Trend Micro Worry Free client systems are unresponsive after Windows 10 defender update on 5/2017 - KB890830

Since this is a Windows Defender update it cannot be easily rolled back. User experience slowness that makes the PC appear to be not working as even the simplest tasks take significant amounts of time to complete. It is like your PC is working but at 1% of its speed.

The problem is that Windows Defender update severely conflicts with Trend Micro Worry Free Agents using a local management server. The Worry Free Saas product appears unaffected by the issue. Trend Micro support is aware of the problem and working on a fix to Microsoft’s update. In the meantime the temporary fix is to disable Windows Defender active scanning following the steps below.

Note: You can uninstall Trend Worry Free Agent however then you are leaving your systems vulnerable. Using the server console to remove the Trend agent will not work effectively and you will have to manually remove the agent on each system which could take 30 minutes or more per system due to the performance issues.

Caution: it’s the registry you break it you bought it…  

On the impacted Windows 10 workstations open regedit:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

New, click DWORD (32-bit) value and then name it as DisableAntiSpyware.

Set Value at 1 and restart the system

That will disable Windows defender and should keep it from restarting itself and stop the conflict with Trend Agent.

Reboot the system and test

Note: this can be done as well via GPO to stop further deployment issues. however it will take a significant amount of time on systems already effected.

Trend Micro Agents should work fine in normal mode with real time scanning enabled once this fix is deployed. If you have not already I would recommend installing Trend Worry Free 9 Service Pack 3 as well.