Carbon Black (Bit9) and K1000 Patch Deployments


I have an issue where Bit9 is blocking the processes that the K1000 is using to install patches.  Basically kpatch.exe launches cscript.exe which runs expand.exe then extracts the patch files to disk from cab files that were written by other processes.  With the agent handing off these tasks to common processes, we are having a hard time allowing specific instances of these common processes.  If we allow cscript.exe and expand.exe any malicious software could possibly be executed on our machines, thus breaching our security. 

Has anyone used KACE patching with Bit9 before?  If so, what did your custom rule look like for allowing these processes?  Otherwise, does anyone have any idea on how to resolve this issue?  Is there a way to make KACE do all the work? 

Thank you,

0 Comments   [ + ] Show comments

Answers (1)

Posted by: nshah 5 years ago
Red Belt
These might be helpful. You can whitelist the files neded from the KB article. 



  • Thank you for pointing me toward this information, I am proceeding to engage Bit9 support. Thank you. - dsykes 5 years ago
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ