[Slansitartop]

> Sounds like Microsoft can't tell the difference between "has AV installed that will break" and "has no AV installed", which makes sense. It's probably infeasible to reliably fingerprint all existing AV software.

For something like this, I think best-effort bad-AV detection would have been best. Seems pretty insane to disable security patching because they can't be 100% certain that you have a compatibly AV.

[anonymfus]

Incompatibility here means unbootable state.

[Slansitartop]

But it also means that people with perfectly acceptable configurations are left in an insecure state, without an unexpected magic incantation (a registry hack) that most probably will never know about.

Disabling security patches is not acceptable in current year without A LOT of nasty and annoying warnings.