Version
7.0.1
Issue
While the Microsoft Windows 8 store applies updates, application blocks occur on .tmp filenames starting with appx.
Symptoms
Events can show something similar, File 'c:\windows\temp\appx.aczj9eqn7bg8q21aakz9wybwp.tmp' was blocked because it was unapproved.
Cause
There are some situations where vendors may modify their updaters in such a way causing us to modify our updater(s) accordingly.
Solution
Implement the following agent configuration.
- On the Bit9 console within the browser address bar, add agent_config.php to the end of the Bit9 server address, https://<parity_server>/agent_config.php
- Select 'Add Agent Config' button
- Add the following for the properties listed:
Property Name: Ignore Temp App Store files
Host ID: 0
Value: kernelFileOpExclusions=*appx.*.tmp:3199
Platforms: Windows
Status: Enabled
4. Select the 'Save' button
Note: You can verify this was sent to the agent by matching up the CL Version between the server and the agent. This can be performed by going on the console and selecting: Assets > Computers. Add the 'CL Version' as a column and compare. Another approach could be to use Dascli command to review the list of properties. Using the command prompt navigate to the Parity Agent installation directory (i.e. c:\program files (x86)\Bit9\Parity Agent. From here you can run the following:
dascli password <cli password>
(The cli password is retrieved from the computers detail page on the console: Assets > Computers > Computer Name > Parity Agent tab)
dascli configprops | findstr /I appx
Internal Notes
https://community.bit9.com/docs/DOC-3739
