Windows 11 KB5014019, Trend Micro’s anti-ransomware feature stops working

Windows update previews show compatibility issues with some Trend Micro security products, causing some features, including ransomware protection, to stop working.


The UMH component used in several Trend Micro endpoint and server protection products is responsible for some advanced features such as ransomware protection.

Trend Micro is aware of a potential issue where the Trend Micro UMH driver stops working after a reboot with the Microsoft Windows 11 or Windows 2022 optional preview patch (KB5014019).

This issue is a result of a new UMHH that is used in Apex One 2019, Worry-Free Business Security Advanced 10.0, Apex One as a Service 2019, Deep Security 20.0, Deep Security 12.0, and Worry-. Free Business Security Services 6.7, and several other Trend Micro endpoint solutions, and affects the User Mode Hooking (UMH) component used in multiple Trend Micro endpoint solutions.

Trend Micro is currently working on a fix for this issue.

How to Restore the Functionality of Trend Micro Endpoint Solutions

Fortunately, unlike the regular Patch Tuesday Windows updates, this preview update is optional and was issued to test bug fixes and performance improvements prior to general release.

Windows users will not be installed until they manually check the box from Settings > Windows Update and click the “Download Now” button, thus limiting the number of users that may be affected.

The affected Windows platforms include client and server editions, and the problem occurred on systems running Windows 11, Windows 10 version 1809, and Windows Server 2022.

Users who have installed the optional Windows patch can temporarily uninstall the patch or contact support to obtain the UMH debugging module to restore the security solution’s functionality.

Windows users can remove the preview update using the following command from the elevated command prompt.

Windows 10 1809: wusa /uninstall /kb:5014022 
Windows 11: wusa /uninstall /kb:5014019
Windows Server 2022: wusa /uninstall /kb:5014021