Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Taney
Advisor

Windows KB4485449 / KB4485447 Causing Multiple Check Point Service Failures?

I wanted to bring this to the Community's attention and get some feedback whether we are the only ones experiencing issues. Since the release / installation of KB4485449 on Windows 10, multiple Check Point functions seem to have stopped working. 

I have been able to specifically identify these symptoms:

SmartConsole R80.20: Unable to initiate manual IPS updates. I get a generic "Failed to download update package" error. I was able to reproduce this on two Windows 10 management machines; each with the KB4485449 update installed. I was able to update IPS once I went back to an old Windows Server 2008 R2 machine running the same version of SmartConsole as the Win10 machines. 

Endpoint / Sandblast Agent: This update hit a lot of our machines last Wednesday or Thursday evening. On Friday (2/15), we noticed machines were unable to update Anti-Malware signatures. When running a manual update, the Endpoint client would return that it was unable to connect to the server despite the Endpoint client being connected. We found other machines in our environment of the same build that hadn't been patched yet and Anti-malware signatures are able to be updated from those machines.

I began to suspect recent updates might be causing the problem since recently patched Windows 10 machines were all the common denominator to these problems. Then, I came across this thread where the OP is reporting the Windows Server 2016 version of this patch broke AD Query for Identity Awareness:

Microsoft Updates KB4487026/KB4485447 stops IA and remote access via RADIUS from working?? 

I had an open ticket with TAC regarding my IPS update issue. We spent hours testing and debugging and weren't able to determine a root cause for these failures. So, I'm wondering if anyone at Check Point is aware of this problem? I'd imagine that a lot of people may not aggressively patch their workstations, so this issue may be awaiting more users as the patch slowly rolls out. 

It may be worth noting that it seems these Servicing Stack Updates are dependent upon the base OS version. In our case, all the machines were running Windows 10 Build 1803. I suppose it could be possible that other builds received a different version of the Servicing Stack Update that could behave differently? 

I will update my TAC case with this information as well as pass it along to my SE.

R80 CCSA / CCSE
5 Replies
Daniel_Taney
Advisor

Update: It appears there has not been a Servicing Stack Update for Windows 10 build 1809 since December. Machines we have running 1809 are able to retrieve Anti-Malware updates. This evidence seems to support the theory there is something wrong with this specific update for the versions of Windows 10 that received it.

Also, our Endpoint Management Server is still R77.30.03 if that could matter. The SmartConsole machines are connecting to R80.20 SMS running Take 33 to run the IPS updates. Since this seems to be a Windows issue, I doubt the versions of the SMS should be relevant, but who knows? Smiley Happy 

R80 CCSA / CCSE
0 Kudos
Mark_Mitchell
Advisor

Hi Daniel,

I have just checked our builds also, all of ours are 1809 and I can confirm that we have not seen the issue on these either. 

I know this doesn't rrally help, but it does prove your findings in another environment. 

We are also running R80.20 SMS.

Hope you get to the bottom of it soon.

Regards

Mark

0 Kudos
Daniel_Taney
Advisor

Mark,

Thanks for the feedback! 

R80 CCSA / CCSE
0 Kudos
Daniel_Taney
Advisor

We have been working with TAC on the Endpoint / Sandblast Agent and it appears the timing of the installation of this patch and our issues is amazingly coincidental. TAC identified a number of issues on the SBA Management Server that seemed to be contributing to these problems. There also seem to be a couple of other client issues that still haven't been resolved. Regardless, I don't think these patches can be blamed for the SBA AM issue.

R80 CCSA / CCSE
Mark_Mitchell
Advisor

Thanks for the update. Coincidence? Who'd of guessed.

Seems like your getting somewhere though. 

Regards

Mark

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events