Updating operating systems of the Windows family, and more specifically for Windows 7 and Windows Server 2008 R2 or for Windows 8.1 and Windows Server 2012 R2 released on April 9 causes problems with antivirus software. Over the past few days, Microsoft has been adding more and more virus scanners to its "known issues" list. So far, the list includes antivirus software from Sophos, Avira, ArcaBit, Avast, and now McAfee.
It seems that computers with the latest Windows update and the antivirus software of the indicated vendors work fine until the moment when an attempt to log in is made, after which it stops responding. It is not entirely clear whether the system freezes at all or just runs very slowly. Some users report that they were still able to log into Windows with their user account, but this process took them ten or more hours.
However, booting into safe mode works as usual, and it is currently recommended to use it to disable antivirus applications and boot the system normally after that. Sophos also that adding your own antivirus directory (i.e. the directory where the antivirus is installed, for example, C:Program Files (x86)SophosSophos Anti-Virus) to the exclusion list on itself fixes the problem, which seems a little strange.
Microsoft has currently stopped distribution of the update to users of Sophos, Avira and ArcaBit, as for McAfee, the company is still studying the situation. ArcaBit and Avast have released updates to fix this bug. Avast leave the system at the login screen for about 15 minutes, and then restart the computer, the antivirus should automatically update in the background during this time.
Avast and expressed their opinion on the root cause of the problem, indicating that Microsoft has made changes to ("Client/Runtime Server Subsystem") is a key Windows component that coordinates and manages Win32 applications. Reportedly, this change literally brings the antivirus software into a deadlock. The antivirus tries to access some resource, but it is denied because it already has exclusive access to it.
Since the patches came from the antivirus vendors and not Microsoft, this may indicate that the change Microsoft made to CSRSS revealed hidden bugs in the antivirus software. On the other hand, it is quite possible that CSRSS is now doing something that, by its logic, it should not do.
Source: 3dnews.ru