We would like to inform you about the status and effect of recent chipset vulnerabilities (Meltdown and Spectre) found on Intel and AMD.
Comodo Security Agent: Microsoft already started distributing patches for Windows 10 devices and we believe other OS versions will follow soon. While Comodo Client Security is not going to be officially vetted by Windows as compatible until our major release planned to be on 27th of Jan, our tests shows no issues that might lead to crash or BSOD on patched devices. We recommend everyone to patch their devices at their convenience. You can use ITSM - Patch Management functionality to push these patches as well.
Comodo One cloud platform: Our initial evaluation of our cloud platform shows no direct issue or risk on our applications and we are working closely with Amazon to ensure security and availability.
Edit: We are also working on registry update through procedure over ITSM. We will update everyone with the results and directions early next week.
After successful completion of the script, we expect to see the following change in the registry if you want to check.
RegKey=“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat” Value Name =“cadca5fe-87d3-4b96-b7fb-a231484277cc” Type=“REG_DWORD” Data=“0x00000000”
After that you can either install the patches manually or using a patch procedure. Here is the wiki links to deploy patches manually or using procedure
Hello @nikki , this registry change is needed to notify the Windows that we are compatible with the patch. Comodo is compatible with the latest patch of Microsoft without any doubt. After changing registry, Microsoft enables endpoints to receive the patch.
C1 customers are able to run this script as a procedure through ITSM on all their enrolled devices. According to our planned release schedule, our new client will come on 27th and our customers won’t need to run this script after that date.
Please do not reference sites that aren’t recognized by Microsoft for their patches as if could result in MS team of lawyers paying you a visit if a MS client runs into any issues and tells MS their OS is broken because they used a site that you referenced publicly. Only reference Microsoft sites. What you did is like asking people to go to TooCows (sp?).
It’s time that C1 becomes more professional and polished.
I provided that page showing which KB number should be seen by which version of Windows 10. I already checked the navigations to Windows Update Catalog and they were working as expected. (and they are still)
We are committed to help our customers as responsively as we can and hope we can continue like this.
We have completed our tests with our environments. Please see attached our response to Meltdown and Spectre issues.
Our tests show that there is no incompatibility issue with patches and Comodo security products. We want to once again warn that there may still be problems with the endpoints due to the incompatibility of the patch and chipset.
We want to notify our customers about the recent news about Meltdown and Spectre Patch. Intel announced that they identified the root cause and now working on new patch. You may prefer to wait for this patch if you still don’t install it.
If you have found not issues then you need to roll out the reg key that MS clearly states that AV vendors need to add in order for machines to be properly patched. I know there is a lot of confusion over this reg key as to who is supposed to install. But trust me when say the AV vendors are supposed to install it once they have confirmed their product work with the MS spectre meltdown patches. At my other job who is a MS Platinum Partner we worked closely with McAfee who thought it was up to the end-user to install the reg key until MS told otherwise as a lot of their clients were complaining to MS.