Re: CSA with windows update

firestartest · ‎02-08-2005

Has anybody got a robust solution to fix windows update issues.

When a user runs windows update they are prompted to allow the application. Choosing YES seems to allow windows update to work.

After updates are applied and the PC is rebooted, the user receives messages that IEXPLORE tried to run CMD.EXE and was denied.

Add remove programs in control panel and the registry confirm the updates are installed. However, windows update says that the updates have not installed.

I think the CMD.EXE completes some sort of tidying up before it classes the install as finished.

Is this fixable with dynamic app class rules? If so, what does anyone use? I have read some users using IEXPLORE in a rule and some using SVHOST.

Thanks,

gfullage · ‎02-08-2005

Try this, I've had success with this on my system, but as with anything make sure you test it first on a test system somewhere:

Application control rule:

Take the following action: Allow when current applications in wuauclt.exe application class (@system\wuauclt.exe) attempts to run windows-update-exes class (**\wutemp\**\*.exe and **\program files\windowsupdate\wuaudnld.tmp\cabs\**\*.exe).

firestartest · ‎02-17-2005

What about when a user wants to manually run WindowsUpdate from a web browser? I have tried adding IEXPLORE.EXE to the apps which seems to allow the update to install but I still get some issues.

It seems that when you initially goto the windowsupdate site and click scan, iexplore wants to run cmd.exe.

Do you notice this happening on your setup?