Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSA and WindowsUpdate

Sorry, if I missed it in documentation.

How good is the idea to run Windows Update client on a server with CSA running?

I'm afraid that automatic updates could break the system. If not - it will probably generate too many alerts for every update. Is any policy/rules available for servers with Windows Update client?

  • Other Security Subjects
3 REPLIES
Bronze

Re: CSA and WindowsUpdate

The CSA or the Cisco Compression Service Adapters work with the 7500, 7200 and RSP7000 equipped devices and used to maximise compression performance. For more information on Cisco CSA, please see http://www.cisco.com/en/US/products/hw/modules/ps2957/prod_brochure09186a0080091d33.html. If on the other hand you are referring to Cluster Service Account (CSA), visiting www.microsoft.com would be a good idea.

New Member

Re: CSA and WindowsUpdate

:)

I've tried to ask about Cisco Security Agent:

http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html

AKA Okena StormWatch....

New Member

Re: CSA and WindowsUpdate

I'm testing this now with version 4.0119 and it appears that you would have to answer the Query with a YES to allow the update to continue.

Perhaps theres a way to create a rule to allow binaries from the /WindowsUpdates directory to run unimpeded.

But then that might introduce another vulnerability...

here is a snip from the server log file:

**BEGIN SNIP**

Warning The current application 'C:\WINDOWS\system32\wuauclt.exe' (as user NT AUTHORITY\SYSTEM) tried to execute the new application 'C:\Program Files\WindowsUpdate\wuaudnld.tmp\cabs\com_microsoft.817606_XPSP2_WinSE_43844_Critical\Q817606_WXP_SP2_x86_ENU. exe' and the user was queried. The user responded by choosing 'No (as default)'. Details Rule 296 Wizard

Find Similar

37 9/2/2003 10:09:30 AM D087063.sce.eix.com Warning The current application 'C:\WINDOWS\system32\wuauclt.exe' (as user NT AUTHORITY\SYSTEM) tried to execute the new application 'C:\Program Files\WindowsUpdate\wuaudnld.tmp\cabs\com_microsoft.Q823718_MSRC1589_MDAC\Q823718_MDAC_SecurityPatch.exe' and the user was queried. The user responded by choosing 'Yes'. Details Rule 296 Wizard

**END SNIP**

SO in the first example, I just watched it and it timed out with the default NO. In the 2nd case I chose YES to allow it to proceed.

Im going to see if I can use the profiler to create an analysis job for the "wuauclt.exe" process.

Ill let you know if Im able to find a way to allow these updates..

Good Luck

Mike

86
Views
0
Helpful
3
Replies
This widget could not be displayed.