Back to blog

MS Window's Defender Issue Affecting Idealpos

Window's April Fool's Day Prank That Wasn't

On Saturday it was the 1st of April, which is commonly known as the day to present jokes on the public, your family and friends. Unfortunately, Microsoft released an automatic update that caused hundreds or thousands of Idealpos sites to be rendered useless.

Symptoms:

  1. Idealpos will get stuck on Checking Registration on startup or simply will not startup.
  2. It will then display a 0- message
  3. Then a message that a SYSINFO.ocx file missing.

How to fix:

  1. Locate Windows Defender
  2. Select the Update tab and click Update
  3. Once definitions are updated select the History tab.
  4. Click View Details on the Quarantined Items selection.
  5. Select the Detected Item called Worm.Win32/Bluber.A and click Restore.
  6. Now go to Regedit and set the following keys value to zero. If you don't know how to do that, you can download this .zip file > unzip the folder and double click the DisableUAC.reg > confirm you want to import it into the registry > proceed to step 7.
    1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorTokenv
    2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
  7. Reboot and confirm Idealpos starts.
  8. If the POS System still does not start we have found that the sysinfo.ocx files does not get restored correctly, if this is the case you will need to copy it from another PC into the C:\Windows\system32 directory. 

Microsoft issued the release here. The important bit that affected us was:

NOTE: On March 31, 2017, an incorrect detection for our cloud-based protection for Worm:Win32/Bluber.A was identified and immediately fixed.
To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. The fix has been deployed in signature build 1.239.530.0 on March 31, 2017, 2:50 PM PDT.