Windows 7 computers won’t receive security updates without antivirus scanner

Windows 7 computers without an antivirus scanner won’t receive the latest security updates automatically. These systems won’t receive the security updates of January and February which also means they are not protected against Spectre and Meltdown based attacks.

The issue exists because Microsoft requires antivirus vendors to set a specific registry key on Windows 7 systems. The registry key marks systems as being compatible with the Spectre and Meltdown patches. This is required because antivirus products sometimes perform specific actions that are incompatible with the patches, these actions could result in blue screen errors that prevent the system from booting. By setting a specific registry key, the antivirus products tell Windows Update that will work without issues after the Spectre and Meltdown patches have been installed.

If no antivirus product is installed on Windows 7, the registry key is not set and Windows Update will be stuck on the patch level of the end of 2017.

Windows 7 does have a built-in tool called Defender,  but this application has little to do with Windows Defender on Windows 8 and Windows 10 systems. Defender on Windows 7 only protects against ad and spyware and doesn’t set the registry key. Systems running Microsoft Security Essentials (MSE) do get the latest Windows 7 security updates as MSE sets the registry key, just like other antivirus products.

Users on Windows 7 who want to receive the latest security updates have two options, install an antivirus product or set the registry key themselves.

This can be done manually, by setting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat to “cadca5fe-87d3-4b96-b7fb-a231484277cc” as dword:00000000.

However, it can also be done automatically by downloading and executing the.reg file in  Update Windows 7 Again.