We currently have McAfee file integrity monitor running version 5.0.1-6302.
When we try to apply a Microsoft security patch to any of our servers it bombs out and we receive the following application event:
Event Type: Error
Event Source: McAfee Solidifier
Event Category: None
Event ID: 49
Time: 8:41:50 AM
McAfee Solidifier prevented an attempt to modify Registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager' with value 'PendingFileRenameOperations' by process C:\WINDOWS\SoftwareDistribution\Download\b8d4e7f43ec69f97b656479e81226f75\update\update.exe (Process Id: 5392, User: Domain\myaccountname).
I discovered a potential workaround
However after attempting this, we still are unable to apply the patch.
In fact, I'm noticing that we are unable to install any ms patches to the server. Surely someone has run into this problem.
Check if you have write protection for the Registry key.
sadmin wpr –l
You should change Solidcore to update mode and apply the patch.
Hi, Although adding both the attribute option and the updater option this is never recomended. Now any appliation named update.exe can run and install solidified software on your system.
'Pending file rename operation' reg key is used by windows to keep track of the files are to be modified but could not be as the files are in use by running processes. Windows read this registry and modifies the files on reboot.
The registry key comes under default protection by solidcore to prevent any malicious user to change the system files by creating entries in the registry..