That Altf4. That is a start but not a statement of compatibility of McAfee products with Microsoft's patches. The closest they came to stating that was in this paragraph (bolding mine):
Microsoft has released an out-of-cycle patch because of this disclosure: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892. Due to the nature of any patch or update, we suggest first applying manual updates on noncritical systems, to ensure compatibility with software that involves the potential use of low-level operating system features. McAfee teams are working to ensure compatibility with released patches where applicable.
Still waiting for official confirmation of compatibility. At best, McAfee will be expected to release the means to add the registry key that the Microsoft update requires. They might do that through a DAT file. I have learned in the past from McAfee that they can actually include software changes in DAT files. So, it is conceivable from that information that they could add the registry key without requiring a hotfix or any product patch. That would be great as there would be no outage or mass upgrade project required for installed McAfee products.
I have been testing the patches manually on Server 2008 R2 (VSE 8.8 P9, Agent 126.96.36.199) and Server 2012 R2 (VSE 8.8 Repost P4 with SYSCORE HF, Agent 188.8.131.520) and so far no issues. No BSOD on reboot. I also ran an OnDemand scan on both systems and that ran without issue.
Note that when you install the Microsoft Update it does add the first of the 2 noted mitigation registry keys (https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-spec...😞
Switch | Registry Settings
To enable the mitigations
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
It does not add the second key. Both the Enable and Disable have the same key and value so my spidey sense says that key's value is set by default and the registry key does not need to be declared in the registry explicitly.
Official KB per our rep: https://kb.mcafee.com/agent/index?page=content&id=KB90167
Says they're still testing. Thanks to the above for their testing results. We're starting to manually roll out the patch and test ourselves to stay ahead.
I really hope they release the registry key soon so I can update Windows.
I just ran some commands from the bleeping computer article to check if I'm in trouble.
The first detections in virustotal
Hi. Maybe I´ve should have read your post before posting mine. If I get it right when reading the blog post we don´t have to do anything else but to download the microsoft update through windows update and that´s all we need to do with McAfee AV installed. Is this correct understood by me ?