Antivirus support for Thin Clients running Windows 10 Embedded OS in UWF mode
We would like to know if McAfee VirusScan Enterprise supports Thin Clients running Windows 10 Embedded OS with Unified Write Filter(UWF) enabled.
Windows 10 embedded OS has some inherent challenges as mentioned below
UWF (unified write filter) in Win 10 IoT is a hard block from Microsoft and there is no work around that Microsoft allows for it. In detail as per our analysis:
1. The UWF RAM overlay works at the NTFS-block level
2. The overlay will never release a block once allocated in the overlay, even if the write is mirrored onto the disk via exclusion or commit
3. When the fixed-size overlay fills up, writes fail
So, we feel that definition update will crash when writes fails, which means that if the definitions reside on a drive that is protected by UWF it *will* crash the system, even if we fix the other issues around exclusions and registry keys.
STAR does not, at present, provide a way for us to change which drive is used for definitions to the drive in which CommonAppData, and natïve attempts fail on MSI restrictions imposed by Ding2MSI
Due to the above restriction posed by Microsoft, please suggest if McAfee has enabled support for Win 10 embedded OS.
I was recently asked about Windows 10 IoT and reminded how this is an ever-living topic. Below I will provide some disambiguation around embedded systems and how to approach protecting the endpoint. Here is a link to our Solution Brief
Windows "Embedded" is often thought of as being a separate OS but really is only a Microsoft terms of distribution and licensing option. Treating it as its own OS however is for good reason, this licensing option is used by Solution Providers and Original Equipment Manufacturers (OEMs) for the distribution of tailored solutions such as (POS) Point of Sale systems. This flavor of OS distribution is also calledFES -WindowsforEmbeddedSystems
On its face any Embedded version could be no different than the normal Operating System… so Windows 8 “embedded” could be the equivalent of Windows 8. But that is rarely the case, and the vendor will have created a Frankenstein. The Embedded OS will typically be stripped-down to the bare minimum features and drivers needed. (doing so helps lower system requirements and therefore cost)
How do I know how to protect my Embedded \ Windows 10 IoT device? The best approach is to look at the prerequisites of the security solution and confirm these prerequisites are met on device running Windows Embedded (Windows 10 IoT). (the topic initiator on this community post was doing just that*)
To see prerequisites, consult the McAfee Knowledge Base for the specific product.
For ENS: KB82761-Supported platforms, environments, and operating systems for Endpoint Security
Along with other embedded versionsKB82761provides a support metrics forWindows 10 IoT Enterprise The KB at the time of this community posting statesWindows 10 IoT Enterpriseis Supported with two notes:
Semi-Annual Channel (SAC - The previous names for this branch were Current Branch (CB) and Current Branch for Business (CBB).)
Long-Term Servicing Channel (LTSC - The previous name for this branch was Long-Term Servicing Branch (LTSB).)
With this support statement, the best way to know is by testing on the device in question and asking the vendor about what they have tested.
In this original Poster stated that “UWF (unified write filter) in Win 10 IoT is a hard block from Microsoft and there is no work around that Microsoft allows for it.”*
This does not seem to be the case. UWF is an optional component and is not enabled by default in Windows 10.
UWF is not present on Windows 10 IoT by default and has to be installed by the solution provider using Microsoft guidance providedhere.
"Unified Write Filter (UWF) is an optional Windows 10 feature that helps to protect your drives by intercepting and redirecting any writes to the drive (app installations, settings changes, saved data) to a virtual overlay. The virtual overlay is a temporary location that is usually cleared during a reboot or when a guest user logs off."
With that said. IoT devices have a specific use and will often have UWF enabled to revert the system after use.