Windows 10 Standalone Update Installations failing when Using McAfee Application and Change Control:
Windows 10 cumulative updates consistently fail on laptops that have McAfee Drive Encryption 7.1.3, Application and Change Control 7.0.1, and VirusScan Enterprise.
Updates begin ok and reach the point requiring a restart. After approving restart, Windows displays 'Getting Windows ready, Don't turn off your computer'. This continues for an hour without displaying any percentage progress. Eventually, system reboots and displays 'problem with updates, undoing changes...'
1) Setup; records 'Package KB4041689 failed to be changed to the installed state. Status: 0x80070013'
2) System; records 'The Windows Modules Installer service terminated with the following error: The Media is write protected.'
3) System; records 'Installation Failure: Windows failed to install the following update with error 0x800F0841: Security Update for Windows (KB4041689)'
Upon removing McAfee Application and Change Control, the same Windows updates completes successfully.
Is anyone successfully running windows 10 updates using application control?
Any insight on this would be greatly appreciated.
we did much much investigation at a customer. Finally the result was that MAC is not able to detect any changes, because many changes are done during boot process where MAC is still not started.
Therefore you have to switch to Update Mode and you have to solidify the whole disk once again.
Thank you for confirming.
I HAVE been doing my attempted windows updates in UPDATE mode and nevertheless, I get 'the media is write protected' error which I think results in Win update failing. As mentioned, we use mcafee Endpoint Encryption as well. Did you mean Disabled mode?
update mode during upgrade is okay, so Application Control does not block anything. But, even update mode is enabled, there a files changes during boot where MAC is not running. So, these files are not on the whitelist.
Therefore, you have to start a solidify task again. Afterwards you can switch from Update mode to enabled mode.
Step-by-Step when upgrading from W10 1607 to 1703
- switch to MAC update mode.
- Upgrade the Windows version
- solidify the system again.
If you are just updating your endpoint using Windows Update you have to do a deeper look. There may help switching to observation mode to see if there are updater which are not configured but needed.
Thorsten, "..switching to observation mode to see additional updater needs.."
Interesting. Didn't think of that. Will check on this as well as upgrading to version 8. Perhaps things will work.
no, application control version 8 will not fix it, if there are any changes when MAC is not running, this changes will be missing in the local whitelist.
We tested over month at a customer, opened several Support cases. Doing a solidification again only solved the problem.
Thank you. I'm missing something. The problem is that Windows update is never getting complete even while in update mode. When should I be doing another solidification? Windows updater undoes the changes and reverts to original version. I am doing a basic Windows 10 Cumulative update on a single endpoint.
I should add that we notice something not right even prior to actual reboot. Typically, after approving the 'restart now', windows begins part of the update process prior to actual reboot and displays for example 30% progress, and then actually reboots, and then completes to 100%. With drive encryption and MACC in UPDATE mode, the initial percentage doesn't display at all. Eventually system says undoing changes and the update thus fails.