Carbon Black (Bit9) and K1000 Patch Deployments
Hello,
I have an issue where Bit9 is blocking the processes that the K1000 is using to install patches. Basically kpatch.exe launches cscript.exe which runs expand.exe then extracts the patch files to disk from cab files that were written by other processes. With the agent handing off these tasks to common processes, we are having a hard time allowing specific instances of these common processes. If we allow cscript.exe and expand.exe any malicious software could possibly be executed on our machines, thus breaching our security.
Has anyone used KACE patching with Bit9 before? If so, what did your custom rule look like for allowing these processes? Otherwise, does anyone have any idea on how to resolve this issue? Is there a way to make KACE do all the work?
Thank you,
Darren
I have an issue where Bit9 is blocking the processes that the K1000 is using to install patches. Basically kpatch.exe launches cscript.exe which runs expand.exe then extracts the patch files to disk from cab files that were written by other processes. With the agent handing off these tasks to common processes, we are having a hard time allowing specific instances of these common processes. If we allow cscript.exe and expand.exe any malicious software could possibly be executed on our machines, thus breaching our security.
Has anyone used KACE patching with Bit9 before? If so, what did your custom rule look like for allowing these processes? Otherwise, does anyone have any idea on how to resolve this issue? Is there a way to make KACE do all the work?
Thank you,
Darren
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
nshah
8 years ago
These might be helpful. You can whitelist the files neded from the KB article.
https://support.software.dell.com/k1000-systems-management-appliance/kb/111785
http://www.itninja.com/question/bit9-configuration
Comments:
-
Thank you for pointing me toward this information, I am proceeding to engage Bit9 support. Thank you. - dsykes 8 years ago
