Showing results for 
Search instead for 
Did you mean: 
Level 7

Windows Updates with ePolicy


What is the best practice when having ePolicy Orchestrator installed, and a user who has the agent installed and want to keep their windows patches up to date?

We have a user who wants to keep up to date with the latest Windows patches. So patch tuesday has come and of course the policy on Orchestrator doesn't allow him to install any updates, just errors. If we disable active protection it will work, however we don't want him to turn it off himself.

What is the best practive when it comes to Windows updates. Do you just tell people they can't or can the policy be updated in a way that it can work?

Just wanted to see if anyone else has dealt with a similar issue.

Many Thanks.

Message was edited by: kevhal on 20/08/13 10:29:08 CDT
0 Kudos
1 Reply
McAfee Employee

Re: Windows Updates with ePolicy


          If you have VirusScan 8.8 you should consider the use of the 'Low Risk' exclusion pool. From Microsoft they state;

Turn off scanning of Windows Update or Automatic Update related files

Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder: %windir%\SoftwareDistribution\Datastore

  • Turn off scanning of the log files that are located in the following folder: %windir%\SoftwareDistribution\Datastore\LogsSpecifically, exclude the following files:
    • Edb*.jrs
    • Edb.chk
    • Tmp.edb
  • The wildcard character (*) indicates that there may be several files.

You can read more about these and other exclusions at: Virus scanning recommendations for Enterprise computers that are running currently supported version...


0 Kudos