Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"Restart your computer to finish installing an update" appears after upgrading machines with Apex One to Windows 10 1903

    • Updated:
    • 4 Mar 2021
    • Product/Version:
    • Apex One All
    • OfficeScan XG
    • Platform:
    • Windows 10

Disabling Windows Defender Tamper Protection is a temporary workaround. For the product solution, refer to the following for availability:

  • Apex One as a Service: Deployed as part of the March 2020 Update
  • Apex One: Hot Fix Build 2161 or higher
  • OfficeScan XG SP1: Hot Fix Build  5509 or higher
  • OfficeScan XG: Hot Fix Build 1994 or higher

Please contact Trend Micro Technical Support to get a copy of a hot fix.


All machines that have been upgraded to Windows 10 1903 (a.k.a. Windows 10 October 2019 Update) report the message "Restart your computer to finish installing an update". Even after multiple reboots, the message remains.

Before anything else, check the Tamper Protection setting on the problematic Windows 10 1903 machines. If it is enabled, then the issue could happen. For additional information, refer to the following article: Prevent changes to security settings with Tamper Protection.


By design, once Apex One is installed and registered in the Windows Security Center (WSC), WSC will disable Windows Defender to avoid possible conflicts. In certain circumstances, this mechanism may not work as expected.

When the Apex One agent detects this exception, it will try to disable Windows Defender by directly modifying registry keys and prompt system restart message.

However, if the Tamper Protection setting is on, you won't be able to turn off the Windows Defender Antivirus service by using the registry keys.

So the restart message shows up again after reboot.

To prevent the persistent reboot message, Trend Micro will perform following modifications:

  1. Remove the registry update and restart message flow.
  2. Add Windows Defender into exception list to minimize potential compatibility issues.

For both Apex One as a Service and Apex One On-premise

If for some reason Window Defender does not disable itself and is causing compatibility issues, please do the following:

  1. Collect WSC diagnostic logs, refer to the article: How to enable diagnostic logging for Windows Security Center.
  2. Reproduce the issue.
  3. Collect the trace file generated in "%SystemRoot%\System32\LogFiles\WMI\WscTrace.etl" (default location).
  4. Check the registry status:

    [SOFTWARE/TrendMicro/PC-cillinNTCorp/CurrentVersion/Volatile] > NeedRebootForWD = 1

  5. Submit a case to Trend Micro Technical Support.

For Apex One On-premise

Prior availability of On-premise fix, customer may also opt to disable Tamper Protection to disable Windows Defender to avoid compatibility issue and/or persistent reboot message.

Refer to the Microsoft knowledge base for detailed instructions:

Configure; Troubleshoot; Upgrade
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.