Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Protection: Windows 10 Creators Update (Redstone 2) Support

Cb Protection: Windows 10 Creators Update (Redstone 2) Support

Updated: 2017-05-15

Cb Protection 8.0 Patch 4 was released today. This version supports Windows 10 Creators Update. For users on 8.0 you can download the patch utility from here. If you are on an earlier version of Cb Protection you can download the full installer from here.

During pre-release testing of Windows 10 Creators Update (Redstone 2) we found some product changes in the Operating System that impact Cb Protection. When Microsoft officially releases Redstone 2 we recommend that customers do not upgrade to it until we announce official support for it .

Details

During our testing of the preview edition of Redstone 2 we found some compatibility issues and are making appropriate changes to the Cb Protection agent. These issues are:

  • Tamper Protection Bypassed: Cb Protection tamper protection cannot prevent the service from being deleted
  • Data Structure Change: Redstone 2 has changed a data structure which could potentially cause a deadlock between the Cb Protection agent and other security products. Additionally, the agent may make an incorrect approval because it cannot detect the correct parent process
  • New APIs Exist: Redstone 2 has introduced several new APIs that can be used to delete or rename a file. These new APIs can prevent the agent from tracking renames and deletions and more importantly can enable a user to bypass a tamper rule or file integrity control rule

Versions Affected

All Cb Protection versions that support Windows 10 - 7.2.3+

Course of Action

We recommend that customers do not upgrade to Redstone 2 until we release an updated that officially supports it.

As soon as Redstone 2 is generally available we will re-test and make any further agent changes required and release an updated agent  Please continue to follow this post for additional updates.

Our SLA for support of updated OS can be found here.

Comments

tsmith  I believe Creators Update released today.  Do you have any further information on this?

ktneely​ we are validating our product changes with the GA version of the Creators Update. We are planning to have support in 8.0 Patch 4 which we are anticipating to have available in early May.

tsmith​ Is 7.2.3 on the agenda for support or only 8.0.0?

Is there a statement for Response support.

is it mandatory to upgrade version 8 in order to support Redstone 2?

We initially will have support in 8.0 Patch 4. We will then provide support in 7.2.3. However, a timeline for support in 7.2.3 has not yet been determined.

Your SLA statement does not specifically mention Windows 10 servicing updates. If its treated like a service pack, I'd expect 30-day turnarounds (which means a patch should be imminent). If you're treating it like a minor upgrade, you have 60 days.

Just curious, as our own internal testing of Current Branch can't begin until your product works with it.

We're in the same boat - our AV solution is now supporting Creators, we're just waiting on CB Protect & Response support to begin testing.

We will be supporting Creators Update with Cb Protection 8.0 Patch 4 which we plan to release this month. 7.2.3 Patch 6 will support Creators Update but we do not have a time frame for delivering that yet.

If you have to have Creators Update support soon, my recommendation would be to upgrade to 8.0 Patch 4.

Tim

How about the Response product release does or will  supports Redstone 2

Looks as it if was announced today for release (Protect)

We’re getting ready to upgrade to 8.0.0 Patch 4 and noticed the documentation appears to be missing some information. 

  1. The “Cb Protection Supported Operating Systems v8.0.0” document doesn’t indicate whether Creators Update is supported
  2. The “CbP Agent and CbR Sensor OS Release Support” document doesn’t indicate whether Creators Update is supported
  3. The User Guide doesn’t mention Creators Update anywhere in the document
  4. The cbprotection-release-notes document indicate that agents must be upgraded to Patch 4 prior to install of / upgrade to Creators Update
    1. Are there any other prerequisites?
  5. Are the requirements for Trusted Directory approval of WIM files, as required for Anniversary Update, also required for Creators Update?
    1. There is no mention of this requirement for Creators Update in the documentation
  6. Does (5) only apply for WSUS based deployments, or does it also apply to SCCM/Software Center deployments for Anniversary Update?
  7. If (5) does apply to Creators Update, does it only apply for WSUS based deployments, or does it also apply to SCCM/Software Center deployments for Anniversary Update?
  8. Are there any other caveats that aren’t mentioned in the documentation?

Hi,

Thank you for making us aware of our omissions. We are working on getting all of the documents updated appropriately.

Regarding your questions:

Are there any other prerequisites? Are the requirements for Trusted Directory approval of WIM files, as required for Anniversary Update, also required for Creators Update?

Yes, like with the Anniversary Update you will need to have a Trusted Directory for the approval of WIM files of the Creators Update.

Does TD only apply for WSUS based deployments or SCCM deployments?

Yes, Trusted Directory approval for WIM files is required for both WSUS based deployments and SCCM pushes. This statement is applicable to both Anniversary Update and Creators Update.

There are no other known caveats.

Tim, any word on 7.2.3 support? We're currently at 7.2.3.3204.

The packaging team has validated the release and is chomping at the bit to start upgrading.

Thanks in advance

Unfortunately, we do not yet have a time frame for our next patch for 7.2.3 which would support Creators Update. Would upgrading to 8.0 be a possibility?

It's a probability now, just slightly painful.

Looks like 7.2.3 Patch 6 is still not support Creator Update, is there any chance make 7.2.3 support Creator Update?

pvz

Bit9 Security Platform v7.2.3 - Release Notes claims support. chachu​ - are you seeing different results?

Screen Shot 2017-09-08 at 11.41.33.jpg

Patrick, basically I do not see Creator update listed as support OS in v.7.2.3 agent documentation but v8.0.0 indeed listed. Are you saying that 7.2.3 patch 6 is official support Creator Update?

Bit9 Security Platform v7.2.3 - Agent Supported Operating Systems

Cb Protection Agent Supported Operating Systems v8.0.0

pvz

I suspect this is just an omission in the documentation. 7.x is quite dated at this point, so it wouldn’t surprise me if the documentation is getting less care & feeding as compared to the 8.x stream.

I have updated the document with the current supported Windows 10 versions.

Article Information
Author:
Creation Date:
‎03-14-2017
Views:
12311