Does Client Security change local group policy?
We have noticed that most/all our Windows machines have the Local Group Policy "Configure automatic updates" set to Disabled, ie. Windows updates are not installed automatically and must be done manually by the user. By default all GPOs should be set to "Not configured". We are afraid this is the cause of some unpatched machines we have had.
I know that F-Secure has an Updater service, but I can't really see locally on the machine what takes care of what, so I can imagine that F-Secure has disabled Windows' updater to take care of it itself - to avoid a problem we had some time ago where F-Secure would wrongly install Delta updates alongside Windows, bricking the machine.
We're running a Samba NT4 domain that doesn't even support group policies (to my knowledge), and it's set as a Local group policy too.
F-Secure Software Updater turns Windows updates off when it initiates the procedure of patches installation, and then returns it to the initial state when it is completed.
The information about such events can be found in c:\ProgramData\F-Secure\Logs\fsoftupd\fssua.log. Example:
#1 WUS will be paused
#1 Current NoAutoUpdates state: 1, will be 1