cancel
Showing results for 
Search instead for 
Did you mean: 

Antivirus support for Thin Clients running Windows 10 Embedded OS in UWF mode

Hello Team,

We would like to know if McAfee VirusScan Enterprise supports Thin Clients running Windows 10 Embedded OS with Unified Write Filter(UWF) enabled.

Windows 10 embedded OS has some inherent challenges as mentioned below

UWF (unified write filter) in Win 10 IoT is a hard block from Microsoft and there is no work around that Microsoft allows for it. In detail as per our analysis:

  1. 1.       The UWF RAM overlay works at the NTFS-block level
  2. 2.       The overlay will never release a block once allocated in the overlay, even if the write is mirrored onto the disk via exclusion or commit
  3. 3.       When the fixed-size overlay fills up, writes fail

So, we feel that definition update will crash when writes fails, which means that if the definitions reside on a drive that is protected by UWF it *will* crash the system, even if we fix the other issues around exclusions and registry keys.

STAR does not, at present, provide a way for us to change which drive is used for definitions  to the drive in which CommonAppData,  and natïve attempts fail on MSI restrictions imposed by Ding2MSI

Due to the above restriction posed by Microsoft,  please suggest if McAfee has enabled support for Win 10 embedded OS.

Regards,

Karthik

5 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: Antivirus support for Thin Clients running Windows 10 Embedded OS in UWF mode

Only one post is necessary, see: 

Re: Antivirus support for Thin Clients running Windows 10 Embedded OS in UWF mode

Is there a fix for this.  Didn't see one posted 

Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: Antivirus support for Thin Clients running Windows 10 Embedded OS in UWF mode

Marking as Assumed Answered and closing. Duplicate Post.

Cliff
McAfee Volunteer
Highlighted

Re: Antivirus support for Thin Clients running Windows 10 Embedded OS in UWF mode

Didn't see a fix posted.  Is there a fix for this?

McAfee Employee dmcgeary
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Antivirus support for Thin Clients running Windows 10 Embedded OS in UWF mode

See KB82761 for current updates

https://kc.mcafee.com/corporate/index?page=content&id=KB82761

Expand Section:
Supported Microsoft Windows client operating systems

4  Enhanced Write Filtering (EWF) or File Based Write Filtering (FBWF) technology is not supported.

Update: 05/03/2019

I was recently asked about Windows 10 IoT and reminded how this is an ever-living topic. Here I will try and provide some disambiguation around embedded systems and how to approach protecting the endpoint. The purpose is to highlight why the topic is nuanced, and it is indeed muddy water.

"Embedded" is often thought of as being a separate OS rather than the Microsoft terms of distribution and licensing. That is for good reason, this licensing option is used by Solution Providers and Original Equipment Manufacturers (OEMs) for the distribution of tailored solutions such as (POS) Point of Sale systems. This flavor of OS distribution is also called FES - Windows for Embedded Systems

On its face any Embedded version could be no different than the normal Operating System… so Windows 8 “embedded” could be the equivalent of Windows 8.
But that is rarely the case, and the vendor will have created a Frankenstein. The system will be stripped-down to the bare minimum features and drivers needed. It been made to be a flying tin can.

How do I know how to protect my Embedded \ Windows 10 IoT device?
The best approach is to look at the prerequisites of security solution and confirm these are met on device running Windows Embedded (Windows 10 IoT).  
(the topic initiator on this community post was doing just that*)

To see prerequisites, consult the McAfee Knowledge Base for the specific product.

For ENS:
KB82761 - Supported platforms, environments, and operating systems for Endpoint Security

Along with other embedded versions KB82761 provides a support metrics for Windows 10 IoT Enterprise
The KB at the time of this community posting states Windows 10 IoT Enterprise is Supported with two notes:

  • Enhanced Write Filtering (EWF), Unified Write Filter (UWF), and File-Based Write Filtering (FBWF) technology is not supported
  • Supports the following Windows 10 branches:
    • Semi-Annual Channel (SAC - The previous names for this branch were Current Branch (CB) and Current Branch for Business (CBB).)

    • Long-Term Servicing Channel (LTSC - The previous name for this branch was Long-Term Servicing Branch (LTSB).)

 

 

With this support statement, the best way to know is by testing on the device in question and asking the vendor about what they have tested.

In this original Poster stated that “UWF (unified write filter) in Win 10 IoT is a hard block from Microsoft and there is no work around that Microsoft allows for it.” *

 This does not seem to be the case.  UWF is an optional component and is not enabled by default in Windows 10.

UWF is not present on Windows 10 IoT by default and has to be installed by the solution provider using Microsoft guidance provided here .


"Unified Write Filter (UWF) is an optional Windows 10 feature that helps to protect your drives by intercepting and redirecting any writes to the drive (app installations, settings changes, saved data) to a virtual overlay. The virtual overlay is a temporary location that is usually cleared during a reboot or when a guest user logs off."

With that said. IoT devices have a specific use and will often have UWF enabled to revert the system after use.

Excellent Resource: Windows Embedded Version Overview.pdf (from Microsoft)
(this link might break – search for “Windows Embedded Version Overview”

*The post mentions “STAR does not, at present, provide a way…” –  this may be a possible reference to star POS systems.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator