Loading...

Knowledge Center


Slow boot times and performance after installing Microsoft Windows April 2019 updates or later Microsoft monthly updates on a system with Host Intrusion Prevention
Technical Articles ID:   KB91466
Last Modified:  6/14/2019
Rated:


Environment

McAfee Host Intrusion Prevention (Host IPS) 8.0
Microsoft Windows April 2019 update KBs

For affected Microsoft Windows versions, see KB91476.

Summary

Recent updates to this article 
Date Update
June 14, 2019 Updated the Cause and Solutions sections.
June 13, 2019 Updated "Option 1" under Solution.
May 20, 2019 Updated title to include Microsoft April update and later because of Microsoft May update release - https://support.microsoft.com/en-us/help/4499164/windows-7-update-kb4499164.
April 26, 2019 Added a link to the Microsoft article with details about the fix for CSRSS included in the Windows April 2019 updates.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Problem

The following issues might occur after you install Windows April 2019 update KBs on systems with Host IPS:
  • Slow boot times
  • Slow performance

Cause

Changes in the Windows April 2019 update or later Microsoft monthly updates for Client Server Runtime Subsystem (CSRSS) introduced a potential deadlock with Host IPS.
 
Researching the effects of applying the Windows April 2019 updates in your environment
McAfee has confirmed performance issues in some scenarios after the Windows April 2019 updates are applied where user-defined signatures that protect services are present.

To identify user-defined signatures in Host IPS in ePO
NOTE: If more than one policy is used, you must repeat these steps for each policy.
  1. Log on to the ePO console. 
  2. Open the menu and choose Policy Comparison under the Policy section. 
  3. In the Policy Comparison page, Compare Policies section:
    1. Select Host Intrusion Prevention 8.0: IPS from the Product drop-down list.
    2. Select IPS Rules (Windows, Linux Solaris) from the Category drop-down list. 
    3. In the Policy 1 drop-down list next to the Compare policies parameter, select McAfee Default Policy
    4. In the Policy 2 drop-down list next to the Compare policies parameter, select the policy used in your environment. 
    5. Select Policy Differences from the Show drop-down list. 
  4. Check if the ePO administrator has user-defined (custom) signatures. In the user-defined signatures, check if Subrule 1 Parameter 1 Type is set to Services, and Subrule 1 Parameter 1 Inclusion Status is set to Include under Policy 2. This setting might contribute to the behavior described in this article.

Solution

If no user-defined signatures are present
Currently, there are no identified conflicts with the Windows April 2019 updates. 

If user-defined signatures are present
  • Option 1: This conflict is resolved in the Host IPS 8.0 Patch 13 release (General Availability).
    McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

    NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

     
  • Option 2: Disable the user-defined signatures identified by following the steps above (steps 1–4).  
    NOTE: McAfee default IPS rules have not exhibited symptoms associated with the Windows April 2019 updates. 
To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
  • If you are a registered user, type your User Id and Password, and then click Log In.
  • If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.