We would like to know if McAfee VirusScan Enterprise supports Thin Clients running Windows 10 Embedded OS with Unified Write Filter(UWF) enabled.
Windows 10 embedded OS has some inherent challenges as mentioned below
UWF (unified write filter) in Win 10 IoT is a hard block from Microsoft and there is no work around that Microsoft allows for it. In detail as per our analysis:
So, we feel that definition update will crash when writes fails, which means that if the definitions reside on a drive that is protected by UWF it *will* crash the system, even if we fix the other issues around exclusions and registry keys.
STAR does not, at present, provide a way for us to change which drive is used for definitions to the drive in which CommonAppData, and natïve attempts fail on MSI restrictions imposed by Ding2MSI
Due to the above restriction posed by Microsoft, please suggest if McAfee has enabled support for Win 10 embedded OS.
See KB82761 for current updates
Supported Microsoft Windows client operating systems
4 Enhanced Write Filtering (EWF) or File Based Write Filtering (FBWF) technology is not supported.
Vote for Support
I was recently asked about Windows 10 IoT and reminded how this is an ever-living topic. Here I will try and provide some disambiguation around embedded systems and how to approach protecting the endpoint. The purpose is to highlight why the topic is nuanced, and it is indeed muddy water.
"Embedded" is often thought of as being a separate OS rather than the Microsoft terms of distribution and licensing. That is for good reason, this licensing option is used by Solution Providers and Original Equipment Manufacturers (OEMs) for the distribution of tailored solutions such as (POS) Point of Sale systems. This flavor of OS distribution is also called FES - Windows for Embedded Systems
On its face any Embedded version could be no different than the normal Operating System… so Windows 8 “embedded” could be the equivalent of Windows 8.
But that is rarely the case, and the vendor will have created a Frankenstein. The system will be stripped-down to the bare minimum features and drivers needed. It been made to be a flying tin can.
How do I know how to protect my Embedded \ Windows 10 IoT device?
The best approach is to look at the prerequisites of security solution and confirm these are met on device running Windows Embedded (Windows 10 IoT).
(the topic initiator on this community post was doing just that*)
To see prerequisites, consult the McAfee Knowledge Base for the specific product.
KB82761 - Supported platforms, environments, and operating systems for Endpoint Security
Along with other embedded versions KB82761 provides a support metrics for Windows 10 IoT Enterprise
The KB at the time of this community posting states Windows 10 IoT Enterprise is Supported with two notes:
With this support statement, the best way to know is by testing on the device in question and asking the vendor about what they have tested.
In this original Poster stated that “UWF (unified write filter) in Win 10 IoT is a hard block from Microsoft and there is no work around that Microsoft allows for it.” *
This does not seem to be the case. UWF is an optional component and is not enabled by default in Windows 10.
UWF is not present on Windows 10 IoT by default and has to be installed by the solution provider using Microsoft guidance provided here .
"Unified Write Filter (UWF) is an optional Windows 10 feature that helps to protect your drives by intercepting and redirecting any writes to the drive (app installations, settings changes, saved data) to a virtual overlay. The virtual overlay is a temporary location that is usually cleared during a reboot or when a guest user logs off."
With that said. IoT devices have a specific use and will often have UWF enabled to revert the system after use.
Excellent Resource: Windows Embedded Version Overview.pdf (from Microsoft)
(this link might break – search for “Windows Embedded Version Overview”
*The post mentions “STAR does not, at present, provide a way…” – this may be a possible reference to star POS systems.