Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Windows 8 application store updates getting blocked

Windows 8 application store updates getting blocked





While the Microsoft Windows 8 store applies updates, application blocks occur on .tmp filenames starting with appx.




Events can show something similar, File 'c:\windows\temp\appx.aczj9eqn7bg8q21aakz9wybwp.tmp' was blocked because it was unapproved.



There are some situations where vendors may modify their updaters in such a way causing us to modify our updater(s) accordingly.



Implement the following agent configuration.

  1. On the Bit9 console within the browser address bar, add agent_config.php to the end of the Bit9 server address, https://<parity_server>/agent_config.php
  2. Select 'Add Agent Config' button
  3. Add the following for the properties listed:

      Property Name: Ignore Temp App Store files

       Host ID: 0
      Value: kernelFileOpExclusions=*appx.*.tmp:3199
      Platforms: Windows
      Status: Enabled

     4.    Select the 'Save' button


Note: You can verify this was sent to the agent by matching up the CL Version between the server and the agent.  This can be performed by going on the console and selecting: Assets > Computers.  Add the 'CL Version' as a column and compare.  Another approach could be to use Dascli command to review the list of properties.  Using the command prompt navigate to the Parity Agent installation directory (i.e. c:\program files (x86)\Bit9\Parity Agent.  From here you can run the following:

dascli password <cli password>

(The cli password is retrieved from the computers detail page on the console: Assets > Computers > Computer Name > Parity Agent tab)

dascli configprops | findstr /I appx


Internal Notes

Was this article helpful? Yes No
No ratings
Article Information
Creation Date: