6 Replies Latest reply on Jan 17, 2011 6:42 AM by Namster

    HIPS blocking Windows Updates

    epo_user_00

      We have HIPS 7.0 with Patch 8, and when we set the IPS Options to Maximum Protection (block High, Medium, and Low), Windows Update trips an IPS signature and the updates fail.  The event description is:

       

      C:\WINDOWS\SoftwareDistribution\Download\58656e1248b8e15fcaf07c88694a8cda\update \update.exe running with the privileges of user Username on the system with Agent PC01 attempted to perform the following operation(s) on the registry key \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\KB2360131- IE8:

       

    • create
    •  

      The Event ID is 18000 and the Threat Name is 910.

       

      We're unable to create an exception, because the long folder name in the above path is randomly assigned each time Windows Update runs.

       

      This has to be a common problem, and I'm thinking there must be a solution for it.  Anyone know?