Forum Discussion
.Net Rollup July 2020 on Server 2019 Not detected by Defender ATP
Andrew_Allston I see the same on W10 1903 / 1909 Machines post the July update. I have even removed .net / rebooted waited 24h and the machine is still showing that the Kb's are missing. When you re-activate .net it will do a full cumulative July update but no change in ATP - we will escalate this via a premier call today.
The issue also elevated the individual exposure scores of affected machines to 70+.
- Andrew_AllstonJul 31, 2020Iron Contributor
jamrobot I dug into this a bit more since my post. The actual problem that I see seems to be from the Preview Update Rollup for .NET. KB45567327, which includes KB4562902 (.Net 4.7.2) and KB4562903 (.Net 4.8). I have servers that run 4.7.2 and 4.8, both experience the issue when these are installed. I have confirmed that if I uninstall KB4562902 or KB4562903 and manually install the last GA update rollup KB4566516 (Which includes KB4565625 for 4.7.2 and KB4565632 for 4.8 the issue in ATP goes away. I have blocked the .Net July Preview rollup from installing, I really hope they fix this before it goes out as GA next month. This issue also seems to break Windows Security from launching its GUI, all defender policies seem to work in this state, but it is disconcerting. I would be interested in seeing what they say in regards to your ticket about this issue.
- Andrew_AllstonJul 31, 2020Iron Contributor
jamrobot And I just noticed, like you said, its affecting my Windows 10 Clients now. Also, looking at my Update history it looks like this is the first month a Preview Patch was ever installed by WUFB. I received both the July 2020 Preview Updates for both Windows and .Net. I need to review my settings but I don't think there have been any changes that would impact this.
- Andrew_AllstonAug 03, 2020Iron Contributor
Looks like they fixed the detection issue, but still would love to know why Microsoft is pushing Preview patches like this now, with no notice.