Access official resources from Carbon Black experts
Cb Protection Agent 7.2.2 and 7.2.3
The Windows 10 and Windows 8.1 Operating Systems require a configuration to the Windows Update and BITS services to run agent successfully;however, older versions of Windows OS are affected because the services will remain stopped and unable to start after agent upgrade to version 7.2.2 or greater.
Windows Event logs show the Windows Update service started and then stopped.
(wuauserv and BITS config type will be set to 'share')
Cause
The agent upgrade changes the type of those two services (wuauserv, BITS) from 'own' to 'share' to fix a Windows 10 specific issue that requires them to run in a shared svchost instance.
There are a couple of options:
sc config wuauserv type= own net start wuauserv
These changes could be put in a script and pushed out to your affected endpoints, so it would no longer be necessary to reboot them if you choose not to. There is a current Engineering defect that is being worked on to correct this behavior, but there is no time frame for when this fix will be included in the Cb Protection product. Please let Support know if you have any questions or concerns.
Important Note
Cb Protection Tamper Protect does not monitor these services, so all that is required would be a script to revert the service changes running as a local administrator.
For new agent installs, this should not affect endpoints and reboot will only be required if OS requests it. A suggestion to handle future agent upgrades is to use one of the runonce registry keys to reconfigure the two services on the next reboot to have type=share using the sc command or by directly changing the registry.
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.