Carbon Black Cloud: Windows Update 19H1 1903 failure
search cancel

Carbon Black Cloud: Windows Update 19H1 1903 failure

book

Article ID: 291725

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • Windows 10 update to 19H1 fails
  • Blocks or Terminates do not show in the Sensor Logs

Environment

  • Carbon Black Cloud Sensor: 3.4.0.1070 and Higher
  • Microsoft Windows: Windows 10.0.17763 (v1809) or lower, upgrading to 10.0.18362 (v1903)

Cause

The cause for this is still being investigated. 

Resolution

  1. In the CB Cloud console, check the Reputation of the Update at time of failure in the Console. It is possible the Policy may take action if there are rules to Deny / Terminate based on it's Reputation at time of execution. 
  2. Add the following bypass rule permissions: 
Processes:
**\windows\servicing\**
**\$windows.~bt\**
**\wmiprvse.exe

Operation Attempt: Performs Any Operation Action → Bypass

  1. Apply new rule to sensor policy and test Windows OS upgrade on an example endpoint before rollout. If problems persist, open a new Support Case.
Powered by Wolken Software