We are rolling out windows patches with K1000 and BIT9 is acting weird. Is anyone else running Bit9 and has ran into this issue.


1 Comment   [ + ] Show Comment


  • Jknox- Thanks!!! I think I had totally over looked C:\Windows\Temp and C:\Windows\system32l\cscript.exe and this was causing issues.

    I am not that familiar with Bit9 do you know how I can make this registry exception in bit9

    HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com\Discovery Agent\NativeScan
Please log in to comment


What does "weird" mean?  What's happening?

I've never used Bit9, but I'd guess offhand that you will need to whitelist the executables used in patching: https://support.software.dell.com/k1000-systems-management-appliance/kb/111785
Answered 05/08/2015 by: jknox
Red Belt

Please log in to comment
I've worked with Bit9 in several different environments.  It's an extremely powerful and effective security control, but can occasionally be very disruptive.  It gets in the way of things trying to make changes to systems all the time, but that's exactly what it's designed to do.  I've run into this sort of situation multiple times.

I'd strongly suggest reaching out to Bit9's support team.  Typically, they either have a solution for the problem already and they just have to shuffle you to one of the support people who's implemented the solution before, or it's a situation they've never seen before and they've got to work through it.  In the former case, you can expect a fairly fast response time.  In the latter case, give them a day or two and they'll come up with a solution and get it to you.  In the most extreme cases I've dealt with, it takes a week.  They generally respond to pressure and escalate to their engineering groups in a reasonable and effective manor.

This sounds like an easy fix.  Usually a custom rule needs to be put into place, or an "Updater" rule needs to be enabled.  The big cravat, is that a HUGE weakness of Bit9 is that when you implement custom rules you have the ability to shoot yourself in to foot and basically disable all the protection Bit9 provides, so you need to know what you're doing.

(Disclosure:  I don't work for Bit9, but I know a huge number of people there.)
Answered 05/09/2015 by: rattle1337
White Belt

Please log in to comment

I am an SE for Bit9. You will probably get much more and better responses to this question on the Bit9 User Exchange. 

Contact Bit9 support to gain access to the customer forum. 
Answered 05/10/2015 by: bigblueswope
White Belt

Please log in to comment
Answer this question or Comment on this question for clarity