Original 1756 2796 meltdown

Meltdown Registry Key Patch Bypass

Meltdown AV registry key force patch

Description

DO NOT RUN THIS PROCEDURE UNTIL YOU CAN CONFIRM YOUR ANTI VIRUS IS COMPATIBLE AND THE BACKUPS ARE UP TO DATE!

This agent procedure will create the registry key "HKEY_LOCAL_MACHINE:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” on any Windows machine using a powershell script.
The registry key is not always required to get the Windows Update to protect against the Meltdown vulnerability.

It is advised to check the list of Antivirus at: Google Doc
You can find more information on this Microsoft article

Developer
  • Name: Douglas Sanchez
  • Company: Kaseya
  • Website: http://www.kaseya.com
  • Contact Developer
  • Summary
  • Meltdown Registry Key Patch Bypass
  • 214 Downloads
  • Released on January 4th, 2018
  • Reviews

    Meltdown Registry Key Patch Bypass has no reviews.

    Discussion
    Gravatar for Marc Friesen
    Marc Friesen 6 months ago

    Seems like webroot is compatible. Does anyone know if AVG is?

    Gravatar for Justin
    Justin 6 months ago

    I don't see them listed on this adhoc list I found on Reddit. https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0

    Gravatar for Justin
    Justin 6 months ago

    They are compatible and adding the registry key automatically since 1/3/2018 according to their forums. https://support.avg.com/answers?id=9060N000000TrmmQAC

    Gravatar for Justin
    Justin 6 months ago

    They are compatible and adding the registry key automatically since 1/3/2018 according to their forums. https://support.avg.com/answers?id=9060N000000TrmmQAC

    Gravatar for Eric Johnson
    Eric Johnson 6 months ago

    This is excellent for Windows 7. Can we get a compatible version for Windows 10?

    Gravatar for Eric Johnson
    Eric Johnson 6 months ago

    This is excellent for Windows 7. Can we get a compatible version for Windows 10?

    Gravatar for Servicedesk Aspect
    Servicedesk Aspect 6 months ago

    Following the link to find the compatible versions for Kaspersky, leads to a link giving info on the 10.3.0.6294 (SP2) version. Unfortunately Kaseya only supports 10.2.5.3201 as the latest version to be compatible with Kaseya. So, where does that leave us for these patches, can we set the registry key and hope for the best? Or, will this leave us in limbo....?

    Gravatar for Douglas Sanchez
    Douglas Sanchez 6 months ago

    A team member tested the versions of KAV and KAM we provide with the VSA and they both created the registry keys required to receive the update.

    Gravatar for Servicedesk Aspect
    Servicedesk Aspect 6 months ago

    Thanks Douglas, I expected as much, but it's better to know for sure..

    Gravatar for Douglas Sanchez
    Douglas Sanchez 6 months ago

    The updated version has been uploaded. Let me know if you guys need any tweak. It will now update the custom field correctly.

    Gravatar for Douglas Sanchez
    Douglas Sanchez 6 months ago

    Disregard the last comment, I meant to say the updated version is compatible with all version of Windows, make sure to refer to the Microsoft articles and compatible AVs before running the procedure.

    Gravatar for Adam Creech
    Adam Creech 6 months ago

    Appreciate all the work on this issue. The referenced AVG post in the 3rd party Google Sheet for AV compatibility seems to be relevant to home editions only. I have had a support ticket in with Kaseya support regarding the AVG edition deployed via KES without answer yet. Do we have confirmation that it sets the registry flag, or even if it's compatible? We seem to be 50/50 for the flag being set automatically on our AVG endpoints, regardless of definition update version.

    Gravatar for Douglas Sanchez
    Douglas Sanchez 6 months ago

    @Adam, I can't confirm as I don't have AVG in my test environment. I would suggest checking a machine with AVG, if the Reg Key is created, you should be able to assume it is compatible and it will install without issues. Otherwise feel free to contact me via email (douglas.sanchez@kaseya.com) with your ticket number, and I can reach out to the support team.

    Gravatar for Nicholas Tobin
    Nicholas Tobin 6 months ago

    @Dougles is there a way to implement a custom field to this to represent the reg edit is actually in place successfully?

    Gravatar for Nicholas Tobin
    Nicholas Tobin 6 months ago

    @Dougles is there a way to implement a custom field to this to represent the reg edit is actually in place successfully or failed?

    Gravatar for Douglas Sanchez
    Douglas Sanchez 6 months ago

    @Nicholas, great question. I will create a second procedure and upload it as soon as I get it working.

    Gravatar for Martin James
    Martin James 6 months ago

    So are you saying we need to wait until our AV Vendor is approved on the list, or that the version they release is approved before applying this registry key manually?
    We have Webroot, which according to the list is compatible, yet the version required is still being rolled out. So if I run this Kaseya script to manually to add the key is that OK (if we have an older agent version)? As if not, and I wait until the new Webroot agent is released, doesn't that auto create the key for me anyway?

    Gravatar for Douglas Sanchez
    Douglas Sanchez 6 months ago

    I would not recommend deploying the key if the webroot agent you currently have installed is not listed as compatible. You may want to consider creating a view that will filter the endpoints with the updated webroot agents, and only create the registry key on these machines.

    Gravatar for Duane Godwin
    Duane Godwin 6 months ago

    I agree. I won't be making any manual changes to my estate.

    Gravatar for Martin James
    Martin James 6 months ago

    Thanks Douglas. I guess where my confusion was coming from, was the list only lists Vendors, and not the specific build that is compatible. However, I received an email from Webroot last night saying they were deploying the new agent version that deployed the reg key, but also had this nugget of info in the link they provided (https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=2837&elqTrackId=A491833AE4697D62C7540E2D3B59287B&elq=5efc3e6a6908478fb6a031cd8744b1ee&elqaid=7552&elqat=1&elqCampaignId=6176)

    "Please note that we have tested our current production version of Webroot SecureAnywhere (9.0.18.x) and confirmed that we are compatible with the above referenced Microsoft security patch."

    Thankfully Webroot has built in filters that show agent version, so i'll work through deploying using this script.

    Thanks for your help.
    Marty

    Gravatar for Nicholas Tobin
    Nicholas Tobin 6 months ago

    @Douglas, Did you ever have a chance to update the script with a checksum to custom field to notify if the edit is in place or not?

    Gravatar for Douglas Sanchez
    Douglas Sanchez 6 months ago

    @Nicholas, not yet. I'll make sure to have it done tomorrow.

    Gravatar for Martin James
    Martin James 6 months ago

    Am I correct in my understanding that if using Kaseya's patch management, it doesn't matter if you have this reg key or not, that it will only deploy to our machines once Kaseya PM makes it available? Or will the Kaseya PM check for the reg entry before deploying also?

    Gravatar for Douglas Sanchez
    Douglas Sanchez 6 months ago

    I have not done the testing to confirm, but I am pretty sure this is correct. Patch Management won't check the reg key to install the patch. It will though during the scan, at least for one machine, because patch management uses the machine's available patches during the scan. If you are missing the key, the patch isn't technically available to that machine. I know the patch was approved on our end for PM, if it doesn't show up when you scan your endpoints, you may want to open a support ticket.