A report on Myce suggests that Windows 7 PCs without installed antivirus solutions can’t receive new updates via Windows Update anymore unless a change is made to the Windows Registry.
Microsoft identified a compatibility issue with “Windows security updates released in January  and a small number of antivirus products”.
Some antivirus products “make unsupported calls into Windows kernel memory” which can lead to blue screen errors on systems these products are installed on. The company states that devices that run incompatible software may not boot properly anymore.
Any antivirus solution for Windows needs to set a key in the Windows Registry to confirm to the operating system that it is compatible and does not use these banned methods anymore.
Windows PCs that don’t have the Registry key set won’t receive security updates anymore according to Microsoft.
Microsoft security products such as Windows Defender Antivirus, System Center Endpoint Protection and Microsoft Security Essentials are compatible with the new requirements and set the required Registry key if no third-party solution is installed.
Microsoft’s Windows 7 operating system is special as it only includes a security tool called Defender which is limited when compared to Windows Defender or Microsoft Security Essentials. Defender won’t set the Registry key which means that Windows 7 systems without installed antivirus solution won’t have the key in the Registry set.
This means ultimately that affected systems don’t receive security updates despite the fact that they are still supported by Microsoft. Support for Windows 7 ends on January 14, 2020.
Microsoft recommends that Microsoft Security Essentials or a compatible third-party antivirus application is installed on affected Windows 7 machines to resolve the issue.
In a default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1, customers will not have an antivirus application installed by default. In these situations, Microsoft recommends installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party anti-virus application. The anti-virus software must set a registry key as described below in order to receive the latest Windows security updates.
Windows 7 administrators can set the required Registry key manually on the other hand. This should not cause issues on the machine as no incompatible antivirus solution is installed (none is installed).
Tap on the Windows-key and type regedit.exe to launch the built-in Registry Editor.
Confirm the UAC prompt if it is displayed.
Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
Right-click on QualityCompat and select New > Dword (32-bit) Value.
Name it cadca5fe-87d3-4b96-b7fb-a231484277cc
Give it the value 0
You can download the following Registry file instead and run it on machines to add the Registry key directly. Download it with a click on the following link: SetAntivirusRegistryKeyWindows.zip
February 28, 2018