Loading...

Knowledge Center


How to deploy the required registry key via automated executable
Technical Articles ID:   KB90180
Last Modified:  8/21/2018
Rated:


Environment

Multiple McAfee products

For information about McAfee product compatibility for Meltdown and Spectre, see KB90167.

Summary

This article is intended to be used as a guide for deploying a custom EEDK for Microsoft patch readiness.

NOTE: For information about McAfee product compatibility for Meltdown and Spectre, see KB90167.

Content
This EEDK packaged script contains an applet which is used to deploy a registry key to systems as required by Microsoft to indicate compatibility with certain versions of their “Spectre” and “Meltdown” mitigations patch. This is an ePO-deployable package (KB90167000.zip) provided in the Attachments section of this article. No machine restart is required. The applet does no operating system checks by itself, but if deployed via ePO, is only deployable to Windows versions 6.0-10.0 (see "System Requirements" below). It is signed by McAfee and the .exe also contains McAfee version information.

Considerations and System Requirements
The following must be considered before running the EEDK package client task.
  • The applet must be run as an Administrator (or deployed via ePO). It will not function properly if renamed.
  • The ePO-deployable applet is an archive and can be extracted to reveal the standalone executable. For standalone or third-party use: The applet does not outwardly indicate a failure when not run as Administrator; it just fails silently.
  • There is no logging or temporary files associated with this utility, it executes its job and then exits.
  • To verify that the package has run successfully, examine the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat. The key must contain a REG_DWORD value cadca5fe-87d3-4b96-b7fb-a231484277cc with data 0x00000000.
  • The registry settings are overwritten each time the applet is executed.
  • We recommend that the customer thoroughly tests the applet in the intended environment before mass deployment.
  • System requirements:
    • Windows 6.0-10.0. [http://msdn.microsoft.com/en-us/library/windows/desktop/ms724832(v=vs.85).aspx]
    • x86 and x64.
    • Administrative permissions are required to run.
    • If run manually with UAC enabled, elevation is also required: http://msdn.microsoft.com/en-us/library/windows/desktop/aa511445.aspx.
    • If deploying to systems with McAfee AppControl deployed, take one of the following approaches for successful deployment.
      • Create an ePO Policy rule and apply to any endpoint. [Recommended]
      • Configure AppControl to be in update mode before running this applet in standalone, or before deploying via ePO. The user must disable update mode afterward.
      • Authorize this applet with a remote task command (“sadmin attr -add Setup_KB90167.exe”).
Recommended Steps
  1. Check the package in to the Master Repository. It must appear as follows:

    NOTE: If you have distributed repositories, run the repository replication task (incremental is sufficient).
     
  2. Create a task in the task catalog for eventual deployment. Click on the Task Catalog applet under the main menu, Policy. Select McAfee Agent, choose Product Deployment as the type, and click New Task. Confirm the type in the drop-down list and click OK as shown:

     
  3. In the New Task dialog box, create a task similar to the one below:

     
  4. Click OK to save the new task. Use the new task in any of the ePO supported deployment methods. For example, shown below is an assigned Client Task. From a selected machine or machines, use the Action menu, Agent, and Modify Tasks on a Single System. On the new screen you can select the Actions menu and New Client Task Assignment. Choose Run Immediately or schedule it for a time that works for your environment.
 

Attachment

KB_901671000.zip
118K • < 1 minute @ broadband


Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.