Windows 10 upgrade getting blocked

book

Article ID: 209538

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Windows 10 version upgrade from 1709 to 1909 is getting blocked

Cause

The issue was found due to a custom Application Control policy in Endpoint Protection. Following 2 files were blocked by the Autorun.inf rule:

C:\$WINDOWS.~BT\Sources\SetupHost.exe
C:\$WINDOWS.~BT\autorun.inf

Error found in Windows Event viewer & SEP logs:

2/2/2021 2:47:53 PM System Error Microsoft-Windows-WindowsUpdateClient ****.com NT AUTHORITY\SYSTEM 20 
Installation failed: Windows failed to install the following updates due to error 0x8024200d. Feature update 1909 for Windows 10 (Business Edition) version, en-us x64.
2/3/2021 5:13:26 PM 502 Major and Above : (7) Block [AC10-2.1] Block access to autorun.inf - Caller MD5=d8bd51a3ca05dd63b08b09808d4f616d File Read 0x0 2/3/2021 5:12:24 PM 2/3/2021 5:12:24 PM All Applications | [AC10-2.1] Autorun.inf 13156 C:\$WINDOWS.~BT\Sources\SetupHost.exe 0x00000000 No Module Name C:\$WINDOWS.~BT\autorun.inf Default SYSTEM

Resolution

There is no issue with default Application control rules in place.

One of the following steps can be performed to resolve it:

  • Add an exception for the required processes in custom rule "Block access to Autorun.inf" Or disable the rule.
  • Add a Folder Exception for "C:\$WINDOWS.~BT" with 'Include subfolders' and 'All' type of scan option. Reference article: 156028.