Some system files are not approved after Windows 10 update

Some system files are not approved after Windows 10 update

Version
7.2.1, 7.2.2


Issue

Some system files are not approved after Windows 10 update

Symptoms
Those files will be unexpectedly blocked when executed since they are in an unapproved state

Cause
Due to a change in Windows 10 that alters how system updates are applied, some files written during the update do not get approved.

Solution

Starting in version 7.2.3 this issue is fixed.

For previous versions:

'Windows 8, 10, and Server 2012 Updates' updater has been created and delivered via Carbon Black Threat Intel.

The updater handles the case where poqexec.exe is spawned by tiworker.exe.

In versions prior to Windows 10 we had seen poqexec.exe spawned by TrustedInstaller.exe.

To enable the Updater on your environment:

  • Open the Carbon Black Protection console and navigate to Rules --> Software Rules --> Updaters
  • Look for the 'Windows 8, 10, and Server 2012 Updates' on the list (you can filter the list by the Name column using the 'Show/Hide Filter')
  • Check the box next to this updater an then select Action --> Enable Updater to enable the updater


Important Note(s)

Enabling the updater will approve those files whenever created by the following Windows updates. Files that already exist in the endpoints need to be manually approved (locally or globally).

Related Articles

Windows 10 updates request that the Carbon Black Enterprise Protection agent be uninstalled

Windows Automatic Updates hang

Windows App Store application updates are blocked

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-28-2016
Views:
1572
Contributors