Forum Discussion

Andrew_Allston's avatar
Andrew_Allston
Iron Contributor
Jul 28, 2020

.Net Rollup July 2020 on Server 2019 Not detected by Defender ATP

Anyone else having issues with the latest (July 2020) .Net Security Updates not being detected by ATP? All of my server 2019 servers are now reporting they are missing .Net security patches all the way back to December 2018 after installing the latest July patch. They all report the patch installed successfully in the OS and in Azure Update Management Console, and attempted repairs say the OS is healthy. Just want to make sure its not just me before I go nuts.

 

Thanks!

  • jamrobot's avatar
    jamrobot
    Brass Contributor

    Andrew_Allston I see the same on W10 1903 / 1909 Machines post the July update. I have even removed .net / rebooted waited 24h and the machine is still showing that the Kb's are missing. When you re-activate .net it will do a full cumulative July update but no change in ATP - we will escalate this via a premier call today.

     

    The issue also elevated the individual exposure scores of affected machines to 70+.

     

    • Andrew_Allston's avatar
      Andrew_Allston
      Iron Contributor

      jamrobot I dug into this a bit more since my post. The actual problem that I see seems to be from the Preview Update Rollup for .NET. KB45567327, which includes KB4562902 (.Net 4.7.2) and KB4562903 (.Net 4.8). I have servers that run 4.7.2 and 4.8, both experience the issue when these are installed. I have confirmed that if I uninstall KB4562902 or KB4562903 and manually install the last GA update rollup KB4566516 (Which includes KB4565625 for 4.7.2 and KB4565632 for 4.8 the issue in ATP goes away. I have blocked the .Net July Preview rollup from installing, I really hope they fix this before it goes out as GA next month. This issue also seems to break Windows Security from launching its GUI, all defender policies seem to work in this state, but it is disconcerting.  I would be interested in seeing what they say in regards to your ticket about this issue.

      • Andrew_Allston's avatar
        Andrew_Allston
        Iron Contributor

        jamrobot  And I just noticed, like you said, its affecting my Windows 10 Clients now. Also, looking at my Update history it looks like this is the first month a Preview Patch was ever installed by WUFB. I received both the July 2020 Preview Updates for both Windows and .Net. I need to review my settings but I don't think there have been any changes that would impact this.