In the course of the Windows Server 2016 - changeover I increasingly notice that the monthly cumulative updates fail, mostly with this error code 0x800705b4. The error code seems to be a TIMEOUT from Windows Update according to internet research.
There are many workarounds on the internet for troubleshooting.
After some testing I noticed that if I switch off the real-time scanning and the DeepGuard, the update process is completed much faster and successfully.
With activated DeepGuard and real-time scanning the installation usually fails and takes 2-3 hours.
With DeepGuard deactivated and real-time scanning - installation successful and takes 30min.
I have tested this variant with servers that get their Windows updates via the internal WSUS and install the updates normally via the menu function.
However, I have also tried other methods, where I also managed a successful installation of the updates with activated F-Secure.
Starting the Windows tool "sconfig" via an administrative cmd and installing Windows updates via it also led to success, but takes over 5h.
Furthermore, I downloaded the monthly update as a .msu file directly from Microsoft and then installed it manually, which also led to success. This took more than 4 hours and is of course not very effective.
In summary, you can say that F-Secure slows down the Microsoft update process on servers enormously or the update fails because of the timeout.
F-Secure Server Security Premium 12.11 is installed on the servers.
Can you trace or reproduce the above processes and do you have a solution?
Thank you very much for your help.
We have the same issue with Windows Server 2016 and F-Secure Server Security 12.12 build 104.
With F-secure enabled, windows update install via (internal) WSUS takes up to 8 hours (including several retries, errors and reboots) .
When F-secure is completely disabled via services or uninstalled, windows update is completed within 15-30minutes without errors.
Please, check that you have both public hotfixes installed on your server products:
Installing them helps to resolve the issue. If not, please, contact support.
Which specific hotfix do i need? We have much problems regarding patching windows via WSUS (takes up to 4 hours per server).
Please, start from checking the link. This hotfixes are for our SS product, not for Windows OS. Could be deployed form Policy Manager console, or locally.
This hotfixes help in several cases. If you have them installed and still can reproduce the problem, please, contact support.
I installed theese two hotfixes on a clean test server and the FSPM server.
F-Secure Server Security Standard 12.x FSGKHS Hotfix
December 20, 2018
F-Secure Anti-Virus 9.52 Hotfix #9 952.09
F-Secure Server Security Standard 12.12 FSMA Hotfix
October 29, 2018
'F-Secure FSMA 10.10 Hotfix #3 1010.03'
Windows update install took about 1 hour (however the Windows update GUI displays an error after 30minutes)
The restart after install took about 1hr, stuck on the blue screen "Installing updates, do not reboot..."
Compared to result with no F-secure
What is the status of ORSP connectivity before you start to deploy the Update?
Check that using ORSPDIAG. (Do a "DIR orspdiag /s" to obtain the correct path on your system).
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de