Version
7.2.1, 7.2.2
Issue
Some system files are not approved after Windows 10 update
Symptoms
Those files will be unexpectedly blocked when executed since they are in an unapproved state
Cause
Due to a change in Windows 10 that alters how system updates are applied, some files written during the update do not get approved.
Solution
Starting in version 7.2.3 this issue is fixed.
For previous versions:
'Windows 8, 10, and Server 2012 Updates' updater has been created and delivered via Carbon Black Threat Intel.
The updater handles the case where poqexec.exe is spawned by tiworker.exe.
In versions prior to Windows 10 we had seen poqexec.exe spawned by TrustedInstaller.exe.
To enable the Updater on your environment:
- Open the Carbon Black Protection console and navigate to Rules --> Software Rules --> Updaters
- Look for the 'Windows 8, 10, and Server 2012 Updates' on the list (you can filter the list by the Name column using the 'Show/Hide Filter')
- Check the box next to this updater an then select Action --> Enable Updater to enable the updater
Important Note(s)
Enabling the updater will approve those files whenever created by the following Windows updates. Files that already exist in the endpoints need to be manually approved (locally or globally).
Related Articles
Windows 10 updates request that the Carbon Black Enterprise Protection agent be uninstalled
Windows Automatic Updates hang
Windows App Store application updates are blocked
