Hello,

I have an issue where Bit9 is blocking the processes that the K1000 is using to install patches.  Basically kpatch.exe launches cscript.exe which runs expand.exe then extracts the patch files to disk from cab files that were written by other processes.  With the agent handing off these tasks to common processes, we are having a hard time allowing specific instances of these common processes.  If we allow cscript.exe and expand.exe any malicious software could possibly be executed on our machines, thus breaching our security. 

Has anyone used KACE patching with Bit9 before?  If so, what did your custom rule look like for allowing these processes?  Otherwise, does anyone have any idea on how to resolve this issue?  Is there a way to make KACE do all the work? 

Thank you,
Darren
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

1
These might be helpful. You can whitelist the files neded from the KB article. 

https://support.software.dell.com/k1000-systems-management-appliance/kb/111785

http://www.itninja.com/question/bit9-configuration
Answered 03/30/2016 by: nshah
Red Belt

  • Thank you for pointing me toward this information, I am proceeding to engage Bit9 support. Thank you.
Please log in to comment
Answer this question or Comment on this question for clarity
Nine Simple (but Critical) Tips for Effective Patch Management
This paper reviews nine simple tips that can make patch management simpler, more effective and less expensive.

Share