<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic CSA with windows update in Network Security</title>
    <link>https://community.cisco.com/t5/network-security/csa-with-windows-update/m-p/383541#M97112</link>
    <description>&lt;P&gt;Has anybody got a robust solution to fix windows update issues.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;When a user runs windows update they are prompted to allow the application.  Choosing YES seems to allow windows update to work.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;After updates are applied and the PC is rebooted, the user receives messages that IEXPLORE tried to run CMD.EXE and was denied.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Add remove programs in control panel and the registry confirm the updates are installed.  However, windows update says that the updates have not installed.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I think the CMD.EXE completes some sort of tidying up before it classes the install as finished.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Is this fixable with dynamic app class rules?  If so, what does anyone use?  I have read some users using IEXPLORE in a rule and some using SVHOST.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks,&lt;/P&gt;</description>
    <pubDate>Sun, 10 Mar 2019 09:16:15 GMT</pubDate>
    <dc:creator>firestartest</dc:creator>
    <dc:date>2019-03-10T09:16:15Z</dc:date>
    <item>
      <title>CSA with windows update</title>
      <link>https://community.cisco.com/t5/network-security/csa-with-windows-update/m-p/383541#M97112</link>
      <description>&lt;P&gt;Has anybody got a robust solution to fix windows update issues.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;When a user runs windows update they are prompted to allow the application.  Choosing YES seems to allow windows update to work.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;After updates are applied and the PC is rebooted, the user receives messages that IEXPLORE tried to run CMD.EXE and was denied.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Add remove programs in control panel and the registry confirm the updates are installed.  However, windows update says that the updates have not installed.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I think the CMD.EXE completes some sort of tidying up before it classes the install as finished.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Is this fixable with dynamic app class rules?  If so, what does anyone use?  I have read some users using IEXPLORE in a rule and some using SVHOST.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks,&lt;/P&gt;</description>
      <pubDate>Sun, 10 Mar 2019 09:16:15 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/csa-with-windows-update/m-p/383541#M97112</guid>
      <dc:creator>firestartest</dc:creator>
      <dc:date>2019-03-10T09:16:15Z</dc:date>
    </item>
    <item>
      <title>Re: CSA with windows update</title>
      <link>https://community.cisco.com/t5/network-security/csa-with-windows-update/m-p/383542#M97113</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Try this, I've had success with this on my system, but as with anything make sure you test it first on a test system somewhere:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Application control rule:     &lt;/P&gt;&lt;P&gt;Take the following action: Allow when current applications in wuauclt.exe application class (@system\wuauclt.exe) attempts to run windows-update-exes class (**\wutemp\**\*.exe and **\program files\windowsupdate\wuaudnld.tmp\cabs\**\*.exe).&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 08 Feb 2005 22:56:56 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/csa-with-windows-update/m-p/383542#M97113</guid>
      <dc:creator>gfullage</dc:creator>
      <dc:date>2005-02-08T22:56:56Z</dc:date>
    </item>
    <item>
      <title>Re: CSA with windows update</title>
      <link>https://community.cisco.com/t5/network-security/csa-with-windows-update/m-p/383543#M97114</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;What about when a user wants to manually run WindowsUpdate from a web browser?  I have tried adding IEXPLORE.EXE to the apps which seems to allow the update to install but I still get some issues.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;It seems that when you initially goto the windowsupdate site and click scan, iexplore wants to run cmd.exe.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Do you notice this happening on your setup?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 17 Feb 2005 13:14:52 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/csa-with-windows-update/m-p/383543#M97114</guid>
      <dc:creator>firestartest</dc:creator>
      <dc:date>2005-02-17T13:14:52Z</dc:date>
    </item>
  </channel>
</rss>

