We're having issues to install 2022-01 Patches on Windows Servers when the server has Lockdown enabled and is locked.
From what we've been told and my understanding, WU should with Lockdown enabled.
The Update ins installed but after reboot, it get's rolled back. Finally you can see the error in Eventlog: 0x80070005
What's the current feedback of Sophos about WU and Lockdown?
Lockdown Event:
<Event event_id="2003" event_time="1642527846828" ip_address="xxx.xxx.xxx.xxx" cause_id="File Action" cause="File delete blocked due to no write permissions" parent_name="\Device\HarddiskVolume2\Windows\System32\poqexec.exe" parent_process_file_name="\Device\HarddiskVolume2\Windows\System32\poqexec.exe" target_file_name="\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.14393.4886_none_fcf994c0f726058d\bootmgfw.efi" target_file_path="\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.14393.4886_none_fcf994c0f726058d\bootmgfw.efi" target_file_sha1="" target_file_size="0" target_application_name="" target_user_name="" target_user_sid="S-1-5-18" target_certificate_subject="" target_certificate_sha1="" target_certificate_size="0" target_change_info="" ask_reason="" ask_email=""></Event> <Event event_id="1022" event_time="1642527851328" ip_address="xxx.xxx.xxx.xxx" cause_id="0" cause="SLDService" parent_name="" parent_process_file_name="" target_file_name="" target_file_path="" target_file_sha1="" target_file_size="0" target_application_name="" target_user_name="" target_user_sid="" target_certificate_subject="" target_certificate_sha1="" target_certificate_size="0" target_change_info="" ask_reason="" ask_email=""></Event></EventList><?sha1 C1DEC312BB11C47C9E68430F1BA74C219CED66B1?><?sha1-content-size 1376?>
Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070005 fehlgeschlagen: 2022-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5009546)
The update installs fine if Lockdown is set to unlocked before installing the update.
This thread was automatically locked due to age.