Windows Updates and WSUS +

Hello,

I submitted a support request but I figured that I would post it here as well.

I have sites that use WSUS for patch management. These sites use Syncro as well. I have been noticing for the last 2 months that some updates have been installing on client machines that have not been approved by WSUS. It took a little time to trace the issue back to Syncro because I don’t have a Windows Update policy applied to these sites within Syncro. Looking at the WindowsUpdate.log I am seeing:


Agent * START * Queueing Finding updates [CallerId = <>: Syncro.Service.Runner.exe Id = 2]
2021/10/12 22:01:00.0376766 24396 9100 Agent Service 7971F918-A847-4430-9279-4A52D1EFE18D is not in sequential scan list
2021/10/12 22:01:00.0376798 24396 9100 Agent Added service 7971F918-A847-4430-9279-4A52D1EFE18D to sequential scan list
2021/10/12 22:01:00.0378530 15740 36432 ComApi * START * Search ClientId = <>: Syncro.Service.Runner.exe, ServiceId = 8B24B027-1DEE-BABB-9A95-3517DFB9C552, Flags: 0X10010 (cV = 9yE0c1GmkEm9441L.1.1.0)
2021/10/12 22:01:00.0381325 24396 33944 Agent Service 7971F918-A847-4430-9279-4A52D1EFE18D is in sequential scan list
2021/10/12 22:01:00.0393699 24396 9100 IdleTimer WU operation (CSearchCall::Init ID 3) started; operation # 9; does use network; is not at background priority
2021/10/12 22:01:00.0452872 24396 37396 Agent * END * Queueing Finding updates [CallerId = <>: Syncro.Service.Runner.exe Id = 2]
2021/10/12 22:01:00.0519412 24396 37396 Agent * START * Finding updates CallerId = <>: Syncro.Service.Runner.exe Id = 2 (cV = 9yE0c1GmkEm9441L.1.0.0.2)
2021/10/12 22:01:00.0519431 24396 37396 Agent Online = Yes; Interactive = Yes; AllowCachedResults = No; Ignore download priority = No
2021/10/12 22:01:00.0519440 24396 37396 Agent Criteria = IsInstalled=0""
2021/10/12 22:01:00.0519458 24396 37396 Agent ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2021/10/12 22:01:00.0519464 24396 37396 Agent Search Scope = {Machine}
2021/10/12 22:01:00.0519494 24396 37396 Agent Caller SID for Applicability: S-1-5-18
2021/10/12 22:01:00.0757362 24396 9100 Agent * START * Queueing Finding updates [CallerId = <>: Syncro.Service.Runner.exe Id = 3]
2021/10/12 22:01:00.0757416 24396 9100 Agent Service 8B24B027-1DEE-BABB-9A95-3517DFB9C552 is not in sequential scan list
2021/10/12 22:01:00.0757444 24396 9100 Agent Added service 8B24B027-1DEE-BABB-9A95-3517DFB9C552 to sequential scan list
2021/10/12 22:01:00.7170921 24396 37396 SLS Get response for service 7971F918-A847-4430-9279-4A52D1EFE18D - forceExpire[False] asyncRefreshOnExpiry[False]
2021/10/12 22:01:00.7170958 24396 37396 SLS path used for cache lookup: /SLS/{7971F918-A847-4430-9279-4A52D1EFE18D}/x64/10.0.19043.1237/0?CH=931&L=en-US&P=&PT=0x30&WUA=10.0.19041.1237&MK=Dell+Inc.&MD=OptiPlex+5050
2021/10/12 22:01:00.7178344 24396 37396 Misc Got 7971F918-A847-4430-9279-4A52D1EFE18D redir Client/Server URL: https://fe2cr.update.microsoft.com/v6/ClientWebService/client.asmx""
2021/10/12 22:01:00.7234082 24396 37396 WebServices Proxy Behavior set to 2 for service url https://fe2cr.update.microsoft.com/v6/ClientWebService/client.asmx


My question is why/how would the Syncro.Service.Runner.exe be looking for updates if there is no policy applied. How would I stop it?

Thanks,
-Mike

Our services will make registry changes that will attempt to block Windows from installing updates so the update can be solely manged through Syncro. However, if there is no Windows Update Policy assigned to an asset, the intended behavior is for Windows to handle the updates as normal and our agent will not interfere or install anything.

You will see our agent polling the machine for update information so it can populate the update history for the asset’s ‘Windows Patches’ tab. It doesn’t necessarily mean it is installing updates.

We definitely want to check out your report in more detail. I found your ticket and replied to gather some more information about asset this log came from.

Hi Frank!

I have been trying to work out this problem for months and I can’t seem to resolution to it. Basically I have no Windows update policy assigned to a machine. The machines have a domain GPO applied to the machines to manage windows updates and point them to a local WSUS server. We can use the machines in our office as a good example of this. One of my office machines is going out and installing driver updates, security updates, etc all their own. We come in and see that the machines are pending a reboot after the updates have installed. We seem to notice this on the Wednesday following patch Tuesday. I have verified with WSUS that updates have not been approved yet to be installed on machines and the only other thing that can be controlling this is Syncro. I uninstalled Syncro on some office machines this week as a final straw and test. If I can’t find a solution to this I will be forced to look for a new RMM as I can’t have rouge updates installing. Can you help me troubleshoot and figure what is going on?

Hi @msmolens

MC, who has been working with you on your previous ticket, created a follow-up ticket as we’ve not had a response on the previous one. Please look out for his email - we would like to assist in troubleshooting if this remains an issue.

Hello Bee,

Yes, this is still an issue. We are thinking outside the box this month with this problem and we have removed a registry flag that was put in place to prevent workstations from updating to Windows 11. You basically define a windows targeted version. My thought process right now is maybe something set with that flag is actually causing the updates to happen. It is a frustrating process because we don’t really realize know updates install until the next CU update comes out. I will report back later this month.

-Mike

Hi @msmolens
Thanks for your response - I have passed the information on to MC. Could you let him know in the ticket which asset to look at? You should have another response from him now.