Views:

It is recommended to use Windows Update Support feature. This feature, when enabled, automatically adds the updated files from Windows Update to the Approved List. This feature is capable of supporting the following scenarios:

  • Online Windows Update
  • Local Windows Update using *.msu KB File
  • Local Windows Update using *.exe KB File
  • Windows Update that includes reboot

Windows Update Support feature has limitations in the following scenarios:

  • Windows Update with Device Drivers included
  • Service Pack Installation

The following diagram shows the recommended workflow for StellarEnforce in properly using Windows Update Support feature:

StellarEnforce workflow

(1) Enable Windows Update Support

  • Via StellarEnforce (SE)

    SLCmd.exe –p <admin_password> set wus enable

  • Via StellarOne (SO)

    <config.xml>
<WindowsUpdateSupport Enable=”yes”/>

(2) Update Approved List

  • Via StellarEnforce (SE)

    SLCmd.exe –p <admin_password> add approvedlist –r “C:\Windows”

  • Via StellarOne (SO)

    Open the StellarOne Console and go to Agents > StellarEnforce > Select Agent(s) > Update & Check > Update Approved List

(3) Disable Windows Update Support

  • Via StellarEnforce (SE)

    SLCmd.exe –p <admin_password> set wus disable

  • Via StellarOne (SO)

    <config.xml>
<WindowsUpdateSupport Enable=”no”/>
Keywords: windows,win update,approved list,trend micro workflow,stellar enforce,recommendations,process,configure,best practice,bpg