5 Replies Latest reply on May 8, 2012 1:31 PM by ron.sokol

    WSUS patches cause servers to lose network connectivity


      We've been seeing this issue since HIPS 8 was deployed to servers and the issue continues with HIPS 8 patch 1.   Have to start the server with OOB management in safe mode, disable HIPS and then reboot to get network back.


      Have opened numerous cases, but there are no log entries generated with by HIPS even in debug mode.  I have found that disabling the Buffer Overflow engine for the patch window mitigates this issue somewhat.  However, some server still exhibit the problem even when BO is disabled.


      I have excluded the update.exe from scanned processes in VSE, and wuauclt.exe and update.exe in the excluded process HIPS policy...to no avail.  But these exclusions aren't really indicated by the lack of threat events anyway.


      Anyone else seeing issues with WSUS/other patch management for MS tools and HIPS 8/RP1?  I know of one person who is a senior security person who is disabling HIPS 8 buffer overflow for this type of issue as standard practice until it is resolved.  But I'm trying to narrow the issue further.


      One other detail is that the machines that fail even with BO disabled seem to be getting .net patches that are failing to install and become corrupted.  I have a procedure doc to correct this if anyone is interested.  But the patches keep coming for .net...any help appreciated.