I have my HiPS setup on my machines finally and now everyime there is a windows update 1 or 51 i get messages to allow or decline update.exe or regsvr32. Is there a setting in HiPS that im not seeing to allow windows updates to go unchecked?Message was edited by: tesdall on 12/10/09 12:51:53 PM CST
In general, Host IPS shouldn't block any Windows Updates except for Service Pack updates. It is really rare for us to see issues where Host IPS is actually the cause of it.
Is it a Windows Update error message or is this a Host IPS message? Give us a bit more detail.
IT was the host intrusion poping up every time a new windows update started to install. Host intrustion stopped update.exe from running what would you like to do allow or decline? It did it a few more times after that. However, i have not seen that message since i posted this.
Sounds like this was the firewall running in adaptive mode and was not related to IPS triggers.
Since you clicked "Allow" it would create a client firewall rule for update.exe TCP traffic.
Yep. Application Control could easily do that as each of the download from Windows update would be a different executable and they would not likely have been profiled previously.
That's one of the reasons I like Solidcore so much better. Its methodology of declaring updaters is much more elegant and cuts down the management burden of "whitelisting" by >99%.