How To: Use a Custom Action to add required registry key for deploying Windows Security OOB updates release January 3, 2018

Version 9
    We have released a Security Tool to add the registry key to your target systems.  A Custom Action is no longer needed.  For more information:
    Security Tool: Implement the QualityCompat registry key that enables Windows security updates released on January 3, 2018



    As of January 3rd 2018, Microsoft is now requiring a registry key to be added to machines for addressing compatibility issues with a small number of anti-virus software products.

    More information on this can be found here: Important information on detection logic for the Intel 'Meltdown' security vulnerability



    Adding this registry key on machines that have out-of-date AV could cause BSOD's. Please use this custom action at your own risk.

    See Microsoft link for further details:

    1.  Download and extract the attached zip below or here to get the batch file used for adding the registry key.


    2.  Create a new Patch Scan Template that scans for only Custom Actions. (this will allow you run this against machine with no missing patches)




    3.  Create a new Deployment Template.



    4.  Name the template. Ex: Intel Meltdown Registry Key



    4.  Click on Post-deploy Reboot. Change the reboot option to 'Never reboot after deployment'.



    5. Click on Custom Actions. Click 'New'. A prompt to save the template will be presented. Click 'Save'.



    6. The first action will push the batch file. Ensure that step 3 states 'Push File', and then select the batch file from the local machine. Click 'Save' when completed.



    7. Click 'New' once more. Change Step 3 to 'After All Patches' and use the following command in Step 4: Call %pathtofixes%addregkey.bat



    8. Click 'Save' twice to finish creating the Deployment Template.


    9. Use the new Scan Template to scan your target machines.



    10. Once the scan is completed, click 'View Results'



    11. The results will offer our nullpatch.exe for deployment. Proceed by right-clicking the patch and clicking 'Deploy all missing patches'.



    12. Select the new Deployment Template created earlier. Click 'Deploy' to start the deployment.



    13. Open regedit to validate the registry key was added.



    Additional Information


    How To: Perform a Custom Action Complete Tutorial with Custom Actions


    Affected Product(s)


    Shavlik Protect 9.2

    Ivanti Patch for Windows Servers 9.3