Access official resources from Carbon Black experts
Version
7.2.1, 7.2.2
Issue
Some system files are not approved after Windows 10 update
Symptoms
Those files will be unexpectedly blocked when executed since they are in an unapproved state
Cause
Due to a change in Windows 10 that alters how system updates are applied, some files written during the update do not get approved.
Solution
Starting in version 7.2.3 this issue is fixed.
For previous versions:
'Windows 8, 10, and Server 2012 Updates' updater has been created and delivered via Carbon Black Threat Intel.
The updater handles the case where poqexec.exe is spawned by tiworker.exe.
In versions prior to Windows 10 we had seen poqexec.exe spawned by TrustedInstaller.exe.
To enable the Updater on your environment:
Important Note(s)
Enabling the updater will approve those files whenever created by the following Windows updates. Files that already exist in the endpoints need to be manually approved (locally or globally).
Related Articles
Windows 10 updates request that the Carbon Black Enterprise Protection agent be uninstalled
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.