Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Agent upgrade requiring a reboot to restart Windows Update service

Agent upgrade requiring a reboot to restart Windows Update service

Version

Cb Protection Agent 7.2.2 and 7.2.3

Issue

The Windows 10 and Windows 8.1 Operating Systems require a configuration to the Windows Update and BITS services to run agent successfully;however, older versions of Windows OS are affected because the services will remain stopped and unable to start after agent upgrade to version 7.2.2 or greater.

Symptoms

Windows Event logs show the Windows Update service started and then stopped.

(wuauserv and BITS config type will be set to 'share')

  1. On upgrade, the services will be reconfigured to type=share for all OSes
  2. On major upgrade when the old agent is uninstalled & new agent installed, the services will be reconfigured to type=share for all OSes

Cause

The agent upgrade changes the type of those two services (wuauserv, BITS) from 'own' to 'share' to fix a Windows 10 specific issue that requires them to run in a shared svchost instance.

Solution

There are a couple of options:

  1. Reboot of the affected endpoint should allow the services to startup and the BITS and Windows Update services will function normally. (For Win10 and Win8.1 these services need to be set to type=share and if necessary the endpoint rebooted before Windows updates will work correctly)
  2. For older Operating Systems where the two services were changed on upgrade, they can switch back to type=own and Win updates should start working again without having to reboot.
    1. Example:
      sc config wuauserv type= own

      net start wuauserv

  3. However for older Operating Systems, any future agent upgrade will reconfigure the two services to 'type=share' potentially preventing Windows updates from working until either the endpoint is rebooted or the services are changed back to type=own (assuming that was the current setting before upgrade).

These changes could be put in a script and pushed out to your affected endpoints, so it would no longer be necessary to reboot them if you choose not to. There is a current Engineering defect that is being worked on to correct this behavior, but there is no time frame for when this fix will be included in the Cb Protection product. Please let Support know if you have any questions or concerns.

Important Note

Cb Protection Tamper Protect does not monitor these services, so all that is required would be a script to revert the service changes running as a local administrator.

For new agent installs, this should not affect endpoints and reboot will only be required if OS requests it. A suggestion to handle future agent upgrades is to use one of the runonce registry keys to reconfigure the two services on the next reboot to have type=share using the sc command or by directly changing the registry.

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-23-2016
Views:
1740