Awareness | Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.403.439.0) Causing Unexpected Q-SYS Designer Software Closure

Gain insight into how an unexpected Microsoft Defender Antivirus Update can prevent Q-SYS Designer from installing.

Updated at December 19th, 2023

Your engagement helps us create the content you need. Click here to review this article.



Information


Microsoft has recently pushed out an update for Microsoft Defender which includes a definition change that is preventing normal operation of both the installer tool for Q-SYS Designer Software (QDS) and existing installations of QDS. If you are experiencing this issue, you'll typically see an error message pop up during the installation process or when starting QDS, and the process will be forced to stop.

The error message that pops up during the installation process will look like the following: 

 Error
 
 Source file not found:
 C:\PROGRA~3\{66F49~1\OFFLINE\975A76A3\8D72DB5\NAudio.dll. Verify that the file exists and that you can access it.

Sometimes QDS will appear to simply close after the launch screen. Other times, you'll see an error message pop up just after the QDS launch screen appears. The error will look like the following: 

Lua Speaker Manager

The type initializer for 'QSC.QSys.Design.ComponentCache' threw an exception.

  at
QSC.QSys.Design.ComponentCache.add_ComponentAdded(ComponentAddedHandler value)
  at QSC.QSys.Design.Inventory.LuaSpeakerManager.Init()
  at QSC.QSys.Design.Inventory.LuaSpeakerManager..cctor()

The specific update causing the issue is “Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.403.439.0)” which you can check for in Windows Settings > Windows Update > Update History, in the ‘Definition Updates’ section. Unfortunately, this update can't be rolled back once installed.

The update has essentially changed the definition of ‘PUA:Win32/SpeedChecker’ such that the ‘NAudio.dll’ file used by QDS and its installer is flagged as a threat and quarantined. The quarantine of the ‘NAudio.dll’ file is what is causing the crashing behavior, and while the file is quarantined all versions of QDS and their respective installers will be affected.


Resolution

In order to resolve the issue, you need to end the quarantine for the file. To do so, follow these steps:

  1. Open the Windows Security application by navigating to Settings > Privacy & Security > Windows Security and click the 'Open Windows Security' button or by searching for ‘Windows Security’ in the Windows Search function and clicking on the Windows Security application.
  2. Navigate to the ‘Virus & threat protection’ page.
  3. Click on the ‘Protection history’ link, found under the ‘Current threats’ sub-header.
  4. In the list of notifications, identify all instances of ‘Potential unwanted app found’ notifications that have the ‘NAudio.dll’ listed under the ‘Affected items:’.
  5. For each instance of that notification, click the ‘Actions’ button and select ‘Restore’ to release the application from quarantine.

Be sure to restore the application in every instance of the quarantine, as even one active quarantine will cause the crashes to continue.

Once the application has been restored in each instance of the notification, all existing and new installations of QDS should behave normally without further action needed moving forward.

Note

We have seen this error occur with other antivirus applications in addition to the Windows Defender instance detailed above. When the error is caused by other applications, the error messages are still the same.

If you are experiencing this error and not using Windows Defender then naturally the steps above will not apply to your situation, but the issue is likely caused by a similar function and should be resolvable in a similar fashion.

 

Caution

Although it is possible to work around this issue by exempting the ‘PUA:Win32/SpeedChecker’ application from the Windows Defender virus scan process or by simply disabling the virus protection function altogether, this can leave your computer exposed to malicious software. As such, we do not recommend working around the issue using these methods.