This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WSUS Updates on 2012/2016 with Lockdown

Hello,

we have installed last week the Lockdown for our windows 2012 & 2016 server.

Now we can't installed any updates from our WSUS Server like Defender Updates.

What exactly we need to do that Updates from WSUS are allowed?

Many thank's

TheBob



This thread was automatically locked due to age.
Parents
  • in our environment WSUS updates are working with lockdown enabled. but the servers take much more time while updating. we have not enabled any specific policies or exclusions for that.

    do you see any lockdown events in central?

  • Hi LHerzog,

    no events on Central for both server!
    I have now unlock the lockdown on one server and the update was possible.

    On other server with lockdown the update stops after 50% oder installation prozess with Error 0x80070643.

  • I found this error id in combination with an defender update. I would think it is not related to sophos lockdown with the few infos we have about the issue.

  • Ofcourse it is a Defender Update and also, why is the update running if i unlock the Server?

    For me it look like sophos and before lockdown last week all updates are working fine.

  • I think you should disable defender anyway (not disabled by default when installing any other AV like intercept X)
    and then re-check if the updates are still failing for "real" OS updates from WSUS

  • OK i have to remove Sophos Antivirus first, then it was possible to remove Devender.

    Afer that I installed sophos again an do a lockdown.

    Yesterday i installed some new updates from MS and that one coud be installed, I restart server.

    Very nice the server cames up and cound load his roules!

    After unlock the Lockdown every thing is working again.

    So for me i'm wondering why the installation of Sophos are not disable the defender or give a note pls. uninstall it first and why the server could load his Roles is Lockdown is aktive and some MS Pachtes are installed??

    So pls Sophos Support investigate whats going on!!

Reply
  • OK i have to remove Sophos Antivirus first, then it was possible to remove Devender.

    Afer that I installed sophos again an do a lockdown.

    Yesterday i installed some new updates from MS and that one coud be installed, I restart server.

    Very nice the server cames up and cound load his roules!

    After unlock the Lockdown every thing is working again.

    So for me i'm wondering why the installation of Sophos are not disable the defender or give a note pls. uninstall it first and why the server could load his Roles is Lockdown is aktive and some MS Pachtes are installed??

    So pls Sophos Support investigate whats going on!!

Children