IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Some system files are not approved after Windows 10 update

Some system files are not approved after Windows 10 update

7.2.1, 7.2.2


Some system files are not approved after Windows 10 update

Those files will be unexpectedly blocked when executed since they are in an unapproved state

Due to a change in Windows 10 that alters how system updates are applied, some files written during the update do not get approved.


Starting in version 7.2.3 this issue is fixed.

For previous versions:

'Windows 8, 10, and Server 2012 Updates' updater has been created and delivered via Carbon Black Threat Intel.

The updater handles the case where poqexec.exe is spawned by tiworker.exe.

In versions prior to Windows 10 we had seen poqexec.exe spawned by TrustedInstaller.exe.

To enable the Updater on your environment:

  • Open the Carbon Black Protection console and navigate to Rules --> Software Rules --> Updaters
  • Look for the 'Windows 8, 10, and Server 2012 Updates' on the list (you can filter the list by the Name column using the 'Show/Hide Filter')
  • Check the box next to this updater an then select Action --> Enable Updater to enable the updater

Important Note(s)

Enabling the updater will approve those files whenever created by the following Windows updates. Files that already exist in the endpoints need to be manually approved (locally or globally).

Related Articles

Windows 10 updates request that the Carbon Black Enterprise Protection agent be uninstalled

Windows Automatic Updates hang

Windows App Store application updates are blocked

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: