WSUS Updates on 2012/2016 with Lockdown

Hello,

we have installed last week the Lockdown for our windows 2012 & 2016 server.

Now we can't installed any updates from our WSUS Server like Defender Updates.

What exactly we need to do that Updates from WSUS are allowed?

Many thank's

TheBob

Parents Reply Children
  • Hello,
    thanks for the info but I wonder why this is not documented in Sophos KB-000035355.
    It makes a big difference if you have to install Defender manually or if the installer does it on its own.
    Moreover, it does not solve the problem that the server after a Windows update and a reboot can no longer load its roles!
    What solution does Sophos have here?

    Many thank's

    R.

  • Personally I would'nt expect the info of disabling Defender before or after Intercept-X installation in a KB about lockdown.

    And just to repeat, this is not a Sophos issue, it is a Microsoft design flaw.

    But I did not find a prominent KB of Sophos about the need (you "need" to disable defender, because otherwise you have two active AVs running and slowing down the machine) to disable MS Defender with a quick search. All the Intercept-X System requirements refer from one KB to the other and I did not find a note about Defender in them.

    Anyway, what do you mean with "roles"?

  • Of Course i could be a design Problem by MS but a note in the documentation of Sophos whoud be very good in that case because a DC is a very sensitive system.

    With Roles i meen evething what a DC can have like DHCP, DNS, ADDS ect. after update of MS-Patch all that didn't come up!

  • Hello RemoHehlert,

    If you wish to investigate the issue with your Server Roles further, I recommend opening a support case with our team.

    In the meantime, I will reach out to our documentation teams to see if we can update the Server Lockdown FAQ with some information regarding Windows Defender. 

    Kushal Lakhan
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids