Windows Updates Not Installing

Discussion in 'NOD32 version 2 Forum' started by vixpham, Oct 18, 2006.

Thread Status:
Not open for further replies.
  1. vixpham

    vixpham Registered Member

    Joined:
    Oct 18, 2006
    Posts:
    3
    I know this has been posted several times within the last several months. The problem is why these windows updates are failing. I spoke to a ESET representative over the phone and he suggested that turning off AMON is the fix. Great it does work, however, you would have to turn AMON off everytime there is an Office update...every single month. I am the windows administrator in my corporation and I deploy microsoft updates via WSUS server. Now we have about 200 pcs in which NOD apparently blocks these updates from installing. It is a big pain to disable AMON and reenable AMON everytime there is an update through the admin console. Is this the only way to resolve the blocking issue, to turn of AMON? Hopefully someone will be able to give me a reasonable answer. Thanks.
     
  2. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    I had a similar problem and was asked by a Microsoft rep to turn off my anti virus (NOD) and my firewall (Comodo). The update worked.
    The problem was not so much the download as the update scan failed to complete and I got an error message. With both security apps off (and windows firewall on;) ) the update scan worked and I got my hotfixes. After that I turned both security apps back on then went back to Windows Update and did another update scan, this time it worked properly. Strange business. Although there were a few similar posts on Comodo's forums so I thought it was Comodo at the time.
     
  3. Ocwan

    Ocwan Registered Member

    Joined:
    Oct 11, 2006
    Posts:
    8
    Location:
    In a house, on some street
    Hello,
    I am aware of the issue; however, I do not understand why AMON would be the issue. WSUS "chunks" the packages out (Microsoft Updates) to balance bandwidth (Load Balance) and AMON of course will scan each and every file “after decompression”. The package is compressed and once on the client machine it will de-compress and this is where AMON would scan each and every file "coming out" of the compressed package.

    Help me understand what the issue is in more detail by helping me with these questions.

    Does AMON prevent the package from even coming into the client’s machine?

    During decompression, does AMON scan all of the files and since this can take some time does the package "fail" to be successfully deployed on the client machine because the time it takes?

    Does the WSUS package have a “successful timer” built into it where it would fail due to the time it took?

    Does the package at least reach the client machine? (In it's entirety?)

    If IMON is disabled on the client machine, will this solve the issue without disabling AMON?

    I have some great ideas; however, do not have WSUS and some machines to test...

    Thank you
     
  4. DERV

    DERV Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    35
    Location:
    England
    Not that I know much about anything, but doesn't M$ recommend that you disable AV and firewalls as a matter of course during updates for this very reason?
     
  5. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Vixpham, I think I know what you are talking about. AMON goes crazy scanning certain files from Office Update. This does not happen with most updates, but when it does happen, the CPU usage will go so high that the file appears locked to the installation program.

    I did find that creating an AMON exclusion for the C:\Windows\Installer folder, with no subfolders, was enough to get around the problem. Of course, that is a potential security risk. For more info, see the following thread, especially post #11:

    https://www.wilderssecurity.com/showthread.php?t=105625
     
  6. vixpham

    vixpham Registered Member

    Joined:
    Oct 18, 2006
    Posts:
    3
    I don't think the issue is the matter of getting the actual package from WSUS to the client. The issue is that these updates cannot install at all, whether it be from the web, standalone install fix, or wsus. Again, 85% of the machines in our company does allow these updates to install properly, its with these older machines (p3,1.3ghz dell gx150) that it fails, and we have to turn off Amon for it to install. IMON was disabled and updates will still fail.
     
  7. vixpham

    vixpham Registered Member

    Joined:
    Oct 18, 2006
    Posts:
    3
    Thanks alglove, I will give this a shot to see if it is this is the reason. I do know that the cpu process load will shoot up to 100% and will eventually fail. I am still a bit nervous of excluding scans from any windows folder. However, if it this can be done through NODs admin console, this is better to do this as opposed to disabling AMON altogether. I'll give it a try and will post the results.
     
  8. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Hey, Vixpham.

    I am pretty sure the exclusion can be made (and removed) through the Remote Administrator Console. I have not run into this issue for a while, so it probably happens only for certain updates. I would make the exclusion only on an as-needed basis, and remove it after the update has been completed.

    Let us know how it goes.
     
  9. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    If you've been running ccleaner lately, that could very well be the issue that updates won't be installed or the windows update site won't load at all. (been there myself actually :) )
     
    Last edited: Oct 24, 2006
  10. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    In the course of Al helping me months ago I discovered that Changing the Extensions Scan in AMON FROM "Scan All Files" to "DEFAULT" allowed Office Update to complete the Check Scan. If that works for you It remains for you & others to quantify the change in protection by doing that. Just a thought.
     
Thread Status:
Not open for further replies.