[Client Security Premium 11.6 on Win7 and 8.1]
We have the Software Updater set to "ask user" to reboot, and to force a reboot only after five days. However, some machines are still restarting without asking and without the five day window elapsing - it happens shortly after the Software Updater's scheduled installation time, which is why we think it's the culprit.
Are there any Software Updater logs on the endpoint to say what was installed at a given time and why the decision to forcibly reboot was made?
You can find the most of the software updater related logs on the end-point under C:\ProgramData\F-secure\Logs\FSOFUPD
Let us know the results of your investigation or if you need further assistance.
Thanks for the tip :)
I'm looking for the line that says "I forcibly rebooted this computer in direct contradiction of policy because...." Any idea what I should be looking for?
There are a few lines that look like this in fssua.log:
1 90C 14/11/19 00:00:36 Installation status explanation: Type: return code (1), Id: 55, Status: pending reboot (3), Return code: 3010, Timestamp: 0
...but I've not found a smoking gun just yet!
Here's the Smoking Gun, from the Windows eventlog:
The process C:\ProgramData\F-Secure\FSOFTUPD\deploy\SafeReboot.exe (COMPUTER) has initiated the restart of computer COMPUTER on behalf of user NT AUTHORITY\SYSTEM for the following reason: Application: Installation (Planned)
Reason Code: 0x80040002
Shutdown Type: restart
Now, the question is, why'd it do that when the policy is set to Ask User?
In order to fully understand what happened there, could you open a support ticket, providing and fsdiag of the impacted machine?
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link: