We've just had a very interesting case of a piece of software - purportedly from Samsung, which was deliberately crippling Windows Update. It was monitoring the registry and deliberately disabling Windows Update, even straight after we attempted to re-enable it again.
After quite some time fiddling around with various techniques, BrianDrab eventually went down the route of using auditpol.exe and registry security auditing to figure out what process was resetting the registry fixes we tried to implement. After a lot of extremely good analysis he figured out that C:\ProgramData\SAMSUNG\SWUpdate\Temp\Packages\BASW-A0394A05\64\Disable_Windowsupdate.exe was responsible.
It's not clear at this time whether the software is legitimately that of Samsung although this is something I am very interested in finding out. Either way there's something very suspect going on here and I am determined to get to the bottom of it. Thread is here: https://www.sysnative.com/forums/windows-update/14653-windows-update-problems.html
A huge round of applause should go to Brian though for nailing an extremely challenging thread. Very nicely done :)
After quite some time fiddling around with various techniques, BrianDrab eventually went down the route of using auditpol.exe and registry security auditing to figure out what process was resetting the registry fixes we tried to implement. After a lot of extremely good analysis he figured out that C:\ProgramData\SAMSUNG\SWUpdate\Temp\Packages\BASW-A0394A05\64\Disable_Windowsupdate.exe was responsible.
It's not clear at this time whether the software is legitimately that of Samsung although this is something I am very interested in finding out. Either way there's something very suspect going on here and I am determined to get to the bottom of it. Thread is here: https://www.sysnative.com/forums/windows-update/14653-windows-update-problems.html
A huge round of applause should go to Brian though for nailing an extremely challenging thread. Very nicely done :)