cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_S Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 8

Solidcore and Windows Update Errors - wrong xml in KB91257

Jump to solution

Hey fellas,

 

just in case anyone is stumbling upon Windows-Update problems and is trying to fix them with the corresponding KB: https://kb.mcafee.com/corporate/index?page=content&id=KB91257

 

The attached policy xml files are not correct and do not contain the complete steps from the manual doings.

We already informed McAfee, but they don´t seem to care.

Please review the xml before applying it.

Best regards
Dan
1 Solution

Accepted Solutions
BEllis McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: Solidcore and Windows Update Errors - wrong xml in KB91257

Jump to solution

Daniel,

 

Thank you but you have read KB91257 wrong. We removed the following

  •     "sadmin skiplist remove -i \windows\winsxs\temp"
  •     "sadmin skiplist remove -i \windows\servicing\packages"
  •     "sadmin skiplist remove -i \windows\cbstemp"​


And we have added the following updaters

  •     "sadmin updaters add -t Win_Up_Start19 -p setuphost.exe windowsupdatebox.exe”
  •     "sadmin updaters add -t Win_Up_Start20  -p windeploy.exe setupplatform.exe”
  •     "sadmin updaters add -t CORTANA -p svchost.exe searchUI.exe"
  •     "sadmin updaters add -t ONEDRIVE -p svchost.exe onedrivestandaloneupdater.exe"
  •     "sadmin updaters add -d -t Win_Up_troubleshooter msdt.exe"


The xml you copied shows \windows\winsxs\temp for Skiplist -s that is correct. We need to be able to not track solidification in the windows\winsxs\temp but do not allow things to run. The -i allows things to run solidified or not.

Here is what these skiplist commands do.

-S flag bypass "solidification" on the added paths, There are no security hole created due to this as we do not allow execution of unsolidified files.

Plus we do not expect any execution to happen from these paths, this is our research done by the engineering team.

-i bypassing file operations, because of which changes done by hardlink of files was not getting tracked. The hardlinked files could be in any location and was missing from the list of whitelisted file (inventory). Hence we had to resoldify the files in "C:\Windows" and found that there were 100+unsoilidified files present.

 

let me know if any questions.

 

 



McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

7 Replies
BEllis McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: Solidcore and Windows Update Errors - wrong xml in KB91257

Jump to solution

Can you please explain why you believe they are wrong? I am the guy who created and worked with engineering on this KB. 

If you can tell me what you believe is wrong and why, we will review.. I have had no issues so far with these on windows updates. 

Maybe you are skipping a step or doing something wrong. 

 

After you apply the xmls, Are you upgrading your clients? Are you resolidifying?

McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Daniel_S Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 8

Re: Solidcore and Windows Update Errors - wrong xml in KB91257

Jump to solution

Hi, 

sure no problem.

The KB explains that:

Also, remove the exclusion rule ignoring the following path:

  • \windows\winsxs\temp

As this is a McAfee rule, and is implemented by the XML you are not able to delete it.

Having a look at the xml: Windows_Update_Rule_Group.xml

You´ll find the part still containing the temp-folder:

<Rule>
<Content name="type" value="skiplist"/>
<Content name="path" value="C:\Windows\WinSxS\Temp\**"/>
<Content name="skipChangeTracking" value="false"/>
<Content name="skipDenyWrite" value="false"/>
<Content name="skipSolidification" value="true"/>
<Content name="skipRegistry" value="false"/>
<Content name="skipFileOperation" value="false"/>
<Content name="skipVolume" value="false"/>
<Content name="skipFileOperation_f" value="false"/>
</Rule>
 
Only deleting this part from the xml and then do the import made it possible to follow the article.
Best regards
Dan
BEllis McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: Solidcore and Windows Update Errors - wrong xml in KB91257

Jump to solution

Daniel,

 

Thank you but you have read KB91257 wrong. We removed the following

  •     "sadmin skiplist remove -i \windows\winsxs\temp"
  •     "sadmin skiplist remove -i \windows\servicing\packages"
  •     "sadmin skiplist remove -i \windows\cbstemp"​


And we have added the following updaters

  •     "sadmin updaters add -t Win_Up_Start19 -p setuphost.exe windowsupdatebox.exe”
  •     "sadmin updaters add -t Win_Up_Start20  -p windeploy.exe setupplatform.exe”
  •     "sadmin updaters add -t CORTANA -p svchost.exe searchUI.exe"
  •     "sadmin updaters add -t ONEDRIVE -p svchost.exe onedrivestandaloneupdater.exe"
  •     "sadmin updaters add -d -t Win_Up_troubleshooter msdt.exe"


The xml you copied shows \windows\winsxs\temp for Skiplist -s that is correct. We need to be able to not track solidification in the windows\winsxs\temp but do not allow things to run. The -i allows things to run solidified or not.

Here is what these skiplist commands do.

-S flag bypass "solidification" on the added paths, There are no security hole created due to this as we do not allow execution of unsolidified files.

Plus we do not expect any execution to happen from these paths, this is our research done by the engineering team.

-i bypassing file operations, because of which changes done by hardlink of files was not getting tracked. The hardlinked files could be in any location and was missing from the list of whitelisted file (inventory). Hence we had to resoldify the files in "C:\Windows" and found that there were 100+unsoilidified files present.

 

let me know if any questions.

 

 



McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

Daniel_S Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 8

Re: Solidcore and Windows Update Errors - wrong xml in KB91257

Jump to solution

Hi Benjamin,

thanks for the clarification.

I didn´t get everything so far but will have a closer look later on.

Best regards
Dan
BEllis McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: Solidcore and Windows Update Errors - wrong xml in KB91257

Jump to solution

basically Skiplist -s \windows\winsxs\temp should still be in your rules. Skiplist -i \windows\winsxs\temp should not.

McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Solidcore and Windows Update Errors - wrong xml in KB91257

Jump to solution

How do I replicate the "Skiplist -s \windows\winsxs\temp" in the Rule Group console?

Daniel_S Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 8

Re: Solidcore and Windows Update Errors - wrong xml in KB91257

Jump to solution

Okay we doublechecked and you were right - we missread it.

Sorry for the trouble.

 

Best regards
Dan
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community