See KB54778- Applying OS Patches when Host Intrusion Prevention agent is enabled in protect mode
For creating the IPS exceptions, use a wildcard where needed.
Wow, I guess I should have figured that out for myself. How could it have been that easy?
Thank you very much!
OK, I spoke too soon. Since making the modification, I now have IPS blocking these processes:
I can't very well create an exception for c:\* What would be the point of that? I guess I could do c:\*\update\update.exe
But how many of these exceptions am I going to have to create?
We're using WSUS, the point of which is to be able to have updates managed automatically. IPS just doesn't seem to like that idea.
1 of 1 people found this helpful
You'll have to create as many IPS exceptions as needed. Also, you can add multiple processes to one IPS exception. While in LOG mode, determine what all signatures are being violated, and create IPS exceptions (grouping exceptions where applicable) for all violations.
Thanks. Will give that a shot.
instead of c:\*\update\update.exe, you can try *\update\update.exe
file called update.exe inside a subfolder called update
Is there a way to control where WSUS deployed the update payload in a different location than the system root?