It is possible if the patch is trying to write over 'pendingfilerenameoperation' registry value.
Please switch to update mode using 'BU task' from ePO or running 'sadmin bu' command locally on the host and install the patch.
Thanks for responding Joshi. Yes, this server, and others are showing "Solidifier prevented an attempt to modify Registry key...PendingFileRenameOperations"
I can understand using an update mode for application or change control, but we are only using Integrity Monitor. We do not want to block any actions taken on the servers, just monitor all activity.
If Integrity Monitor still blocks hidden values, where can we view these values? As you can see from my previous post, nothing appears to be write protected.
Is disabling the deny-write feature a good alternative?
Or is it possible that this problem was corrected in a later patch?
Any help would be appreciated. Thanks
This is not an issue, this is done deliberately as anyone can write an entry (to delete any system file) to the registry and machine can be compromised.
Yes, disabling deny-write feature should help here but then write-protection will not work. If you know the process that is trying to modify the registry, please configure it as Updater.
I think we are having a misunderstanding here. We purchased Integrity Monitoring as a monitoring software. We did not install or configure Application Control or Change Control. We did not want to hamper the ability of the server or the applications on the server to function. This involves a vendor created application, and by contract we are not allowed to prevent any modification on the server, but by the same token, we need to monitor any changes for audit purposes. We were encouraged to purchase Integrity Monitoring for this purpose.
When you run sadmin wp or wpr, there are no rules showing that anything is write protected. But what you are saying, is that no matter what, Integrity Monitoring will still "prevent" some modifications to the O/S. Right now, Solidcore is being blamed for performance issues, and the occasional "Solidifier prevented an attempt..." only exacerbates the situation. This message only appears when Microsoft security updates are installed. Not all updates, and not all servers.
Are you sure that Integrity Monitor is supposed to prevent modification, just like Application Control and Change Control? If so, then we were misled when we purchased this software.
Integrity Monitor will prevent modification to Solidcore install directory and Registry. Please see Tamper-proofing for Solidifier Software and Configuration, section in Solidifier Product Guide for Integrity Monitor and Change Control.
It is suggested to configure updaters or change to update mode to apply changes to the system. Disable write-deny will open the system for process or users to overwrite Solidcore files.
There are other customers reported the same issue. I suggest you submit a PER (Product Enhancement Request) to change Solidcore designed or add features to allow modification to PendingFileRenameOperations registry key. You can follow the URL below to submit a PER.
I received a replay back from McAfee Support, and after they finally understood that we were only using Integrity Monitoring, and that we desited no Write Protect, they agreed that my suggestion of disabling the Write Protect feature was the correct response to this error.