I’ve had several clients contact me alarmed that their computers stopped responding. After digging into the causes, I realized that the latest Windows 10 update, which included a patch for Windows Defender, was causing Trend Micro Worry Free Client Systems to be unresponsive. It causes such drastic performance problems, the system appears completely unresponsive to the end users. It seems as though the machine is running at one percent capacity. Of course, this comes on the heels of the WannaCry fiasco, so more people have been extra diligent about applying their updates.
Since this is a Windows Defender update, it cannot be easily rolled back. So, if you can temporarily suspend updates and prevent this one from being applied, that is the easiest course of action until you can apply Trend Micro’s fix. We have one available to us that we worked directly with them to develop, but it is still in beta.
The latest Windows Defender update severely conflicts with Trend Micro Worry Free Agents that are using a local management server. Until you or we can apply Trend Micro’s beta patch, the recommended course of action is is to disable Windows Defender active scanning following the steps below.
If you have the Worry Free SaaS product, you should be unaffected by the issue. If you have this version of the product and are experiencing difficulty, let us know.
Note: You can uninstall Trend Worry Free Agent, however then you are leaving your systems vulnerable. On top of that, using the server console to remove the Trend agent will not work effectively so you will have to manually remove the agent on each system, which could take 30 minutes or more per system due to the performance issues. Ouch.
Disabling Windows Defender through the Windows Registry
Caution: Any missteps within Windows Registry can cause a world of hurt. I like to tell people, “you break it, you bought it!”
On the impacted Windows 10 workstations open regedit:
New, click DWORD (32-bit) value and then name it as “DisableAntiSpyware”.
Set Value at 1 and restart the system.
That will disable Windows Defender and should keep it from restarting itself and stop the conflict with Trend Agent.
Reboot the system and test.
Note: this can be done as well via GPO to stop further deployment issues. However, it will take a significant amount of time on systems already effected.
Trend Micro should work fine in normal mode with real-time scanning enabled once this fix is deployed. Like I said, we have access to a beta patch now that we can apply for you.