Windows update or another installer is "blocked" by Application and Device Control
search cancel

Windows update or another installer is "blocked" by Application and Device Control

book

Article ID: 258573

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Windows update is no longer working on several machines.
A SEP Client update is blocked by Application Control.
Stop software installers [AC8], [AC8-3.1 - Block saving .exe, .dll and .msi files]

Environment

Release : 14.3 RU3 and later

Cause

Symantec Default Rule: Stop software installers [AC8], [AC8-3.1 - Block saving .exe, .dll and .msi files] is blocking Windows Update per below:

Process Log: 
12/26/2022 9:32:03 PM    502    Minor and Above : (10)    Block    [AC8-3.1] Block saving .exe, .dll and .msi files - Caller SHA256=3df0f238e7fee405a75defea05fcebb15219d24f778c4f6530ddd6e2ab383dfa    File Write    0x0    12/26/2022 9:30:59 PM    12/26/2022 9:30:59 PM    All Applications | [AC8-3.1] Block saving .exe, .dll and .msi files    5528    C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.108.exe

Resolution

1. Edit your Application and Device Control policy, next edit the Stop software installers [AC8] rule. 
2. Under Rules, click All Applications, and add an exclusion for C:\Windows\SoftwareDistribution\* to resolve.
3. For other installers, include the path to the installer and the filename, such as C:\temp\sepclientinstaller.exe
  

Powered by Wolken Software