cancel
Showing results for 
Search instead for 
Did you mean: 
tesdall
Level 9

HiPS and Windows Updates

I have my HiPS setup on my machines finally and now everyime there is a windows update 1 or 51 i get messages to allow or decline update.exe or regsvr32. Is there a setting in HiPS that im not seeing to allow windows updates to go unchecked?

Message was edited by: tesdall on 12/10/09 12:51:53 PM CST
0 Kudos
5 Replies
petersimmons
Level 12

Re: HiPS and Windows Updates

In general, Host IPS shouldn't block any Windows Updates except for Service Pack updates. It is really rare for us to see issues where Host IPS is actually the cause of it.

Is it a Windows Update error message or is this a Host IPS message? Give us a bit more detail.

0 Kudos
tesdall
Level 9

Re: HiPS and Windows Updates

IT was the host intrusion poping up every time a new windows update started to install. Host intrustion stopped update.exe from running what would you like to do allow or decline? It did it a few more times after that. However, i have not seen that message since i posted this.

0 Kudos
bgable
Level 11

Re: HiPS and Windows Updates

Sounds like this was the firewall running in adaptive mode and was not related to IPS triggers.

Since you clicked "Allow" it would create a client firewall rule for update.exe TCP traffic.

0 Kudos
tesdall
Level 9

Re: HiPS and Windows Updates

the firewall was never deployed. i believe it was the application blocking options (Windows)

0 Kudos
petersimmons
Level 12

Re: HiPS and Windows Updates

Yep. Application Control could easily do that as each of the download from Windows update would be a different executable and they would not likely have been profiled previously.

That's one of the reasons I like Solidcore so much better. Its methodology of declaring updaters is much more elegant and cuts down the management burden of "whitelisting" by >99%.

0 Kudos