CB Protection: Windows 10 full upgrades timing out in high enforcement
Article ID: 286111
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- Upgrades failing with no errors.
- No blocks or events.
- Windows Upgrade logs show timout errors.
Environment
- CB Protection Agent: 7.x and Higher
- Microsoft Windows 10
- Full OS upgrades such as the 1709 and 1803
Cause
While there are a few items that could result in an upgrade timeout, the most common cause is a delay in operations due to the analysis of each file being written.
Resolution
Warning: The following information will reduce visibility into files written by the Windows full upgrade process. In rare occurrances this could lead to files not being approved.
The following steps will disable tracking of Writes, Reads, and Renames by the setuphost.exe process for a specific policy. Please speak to your security team prior to applying this change.
The following steps will disable tracking of Writes, Reads, and Renames by the setuphost.exe process for a specific policy. Please speak to your security team prior to applying this change.
- Log into your Cb Protection Console.
- Change the URL to https://YOURSERVERNAME/agent_config.php
- Click the 'Add Config' button and enter the following details:
- Property Name: kernel Exclusion Windows 10 Upgrade
- Host ID: 0 (for all devices)
- Value: kernelProcessExclusions=*\$windows.~bt\sources\setuphost.exe:312
- Status: Enabled
- Policy: Select the specific policy for the Windows 10 devices.
- Once saved, wait for the devices to become up to date on their CL rules before attempting the upgrade again.
Feedback
Yes
No
Powered by
