All machines that have been upgraded to Windows 10 1903 (a.k.a. Windows 10 October 2019 Update) report the message "Restart your computer to finish installing an update". Even after multiple reboots, the message remains.
Before anything else, check the Tamper Protection setting on the problematic Windows 10 1903 machines. If it is enabled, then the issue could happen. For additional information, refer to the following article: Prevent changes to security settings with Tamper Protection.
By design, once Apex One is installed and registered in the Windows Security Center (WSC), WSC will disable Windows Defender to avoid possible conflicts.
In certain circumstances, this mechanism may not work as expected. When the Apex One agent detects this exception, it creates the following two (2) registry keys to disable Windows Defender:
In this case, the registry keys are created successfully, but Windows Defender does not stop.
However, if the Tamper Protection setting is on, you won't be able to turn off the Windows Defender Antivirus service by using the registry keys.
To resolve the issue:
- Create a GPO to update "TamperProtection"=dword:00000001 to "TamperProtection"=dword:00000000.
Setting the value to "0" will disable TamperProtection and allow the upgrade to succeed.Deploy this GPO to problematic machines only. Tamper Protecton cannot be disabled from Apex One directly, but only via UI/GPO.
- After the change, restart the endpoint.
The Apex One agent should cease prompting to restart.
If the issue persists, contact Trend Micro Technical Support.