PC Build 15046: Install Fails Due to Anti-Virus Client

Hello Insiders!

Starting this separate thread for install failures with error code 80070228 as we have found that some anti-virus clients are throwing false positives on the install files for build 15046

We take extreme care when creating our install files and they are scanned independently to ensure they are ready to go.  We are actively investigating why these false positives are occurring and would love your help to gather information about which anti-virus client you are using and some details about it.

If your AV client is flagging the 15046 build install files as a virus/infected, please share the following information:

  • Which anti-virus client are you using?  Please share the full name as some have multiple variants.
  • What is version number of the client?
  • Which anti-virus signature version is your client using?
  • And if possible, please share a screen shot or list of each of the files the anti-virus client is flagging

Gathering this information will help us work with the appropriate partners to ensure this is resolved both for Insiders as well as for Retail users when the Creators Update is made available broadly.

Thank you as always!

- Jason

 

Discussion Info


Last updated May 11, 2019 Views 4,455 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Can't upgrade from 15042 to 15046 -- have tried 5 times now and considering each retry includes a 3 hour download (this step is OK) I have spent about 24 hours fruitlessly. 

I have only English language (but it is tagged with a yellow warning triangle). 

I have no 3rd party anti-virus or similar security programs.  

However, I do have the Nero program suite and it was set for automatic updates.  This program was stopped when running the NET STOP BITS but the update still failed.  So I changed the Nero properties to disable the auto update function, this didn't change the outcome of re-running the update process.  The program would hang on the last step, a sharply lit (is that really necessary) screen in blue, doesn't indicate progress, just the spinning wheel forever and ever.  After forcing shutdown, system rolls back to 15042.  Could Nero be as culpable as the security programs?

Solution to Windows 10 Insider Preview 15046 (rs2_release) - Error 0x80070002 problem

Problem is with two files that antimalware apps are flagging and quarantining.

These two files "msident.dll" and "joy.cpl" were flagged and quarantined by Norton Security as "Suspicious.Cloud.7.F" malware. I recovered and excluded them from being scanned, deleted the Download directory in /Windows/SoftwareDistribution and rebooted. The download went fine. Installation went through great with no problems. I am sure other Antimalware apps are doing the same. Add the two files to the exclusion list and enjoy the update.

I have Norton security Ver 22.9.0.71

Here is a tip when using beta testing software, do a dual boot system first boot is a "clean" install with nothing added, 2nd boot same version installed which you can add delete "stuff", this way when an issues shows (which it will) you can check the 1st boot and see if the clean install/upgrade runs without issues, if it does you will know that it is something you added/removed from the 2nd boot, saves a lot of hair pulling and time, I've been testing systems since the early 60's and found this method helps even with mechanical systems.  
I'm a unpaid independent Advisor/volunteer

Symantec Endpoint Protection Cloud. current signature.

Suspicious.Cloud:

  • installagent.exe - quarantined and removed
  • gamebarpresencewriter.exe

Suspicious.Cloud.7.F

  • p2p.dll
  • fxsext32.dll
  • searchfolder.dll
  • sti.dll
  • joy.cpl
  • msident.dll

I have screens of five of them if you'd like.

I don't have any AV installed on my device, also disabled Windows defender with no success :(

15046 has failed to install multiple times, with error code 0x80070002.

Norton Security (Current version, with latest protection updates) identifies various MS operating system files as High Security Risks, and thinks they contain Suspicious.Cloud.7.F.

Sample files:

searchfolder.dll

installagent.exe

sti.dll

gamebarpresencewriter.exe

fxsex32.dll

p2p.dll

Excuse me, doesn't a "clean install" wipe out all user-installed apps?  That means you would have to reinstall from the DVD's and apply potentially years worth of updates ... all that pain for testing out the latest Build which may be replaced next week anyhow.  No thanks, I don't believe I will.  At least not now, but maybe it is a good thing to do when the next official release rolls around -- and then make sure to quit the Insider Program!
Update:  15048 installed fine first time.

Incidentally, I am running Defender on 15042 and it doesn't work right.  Don't even know if it is functioning at all.  When I open the Defender Security Center, a screen blinks for a second or two, only have time catch that the device manager has detected an issue but there is no way of finding out what the problem is.

All builds released in 2017 starting with 15002 have been bug-ridden each new build seems to introduce more problems than it solves, but 15046 is without a doubt the worst in a bad lot -- and I haven't even installed it yet!

In the two years I have been an insider I have never (prior to 15002) experienced installation problems or issues of the magnitude seen starting in 2017.  The next official build can't come soon enough.

That is what the Insiders are for,

.

A little trick for clean installs.  If you have not cleaned out the Download Folder make a copy to a USB.  When the clean install is done copy the contents back to the Download Folder then reinstall from there rather than looking all over the Internet.

-----------
If this answers your question - Then mark it so. Then others may find it.
---------------
Around computers
since 1952
lacrumb

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.