New
#21
I forgot that I'd unblocked updates for testing. Anyway when I block updates (hard block) I get this:
** Saturday 17/04/2021 18:05:09 **
Launched SU10Guard.exe[7140] « services.exe[860] « wininit.exe[788]
Windows Startup Settings
Registry Key hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer
Value NoWindowsUpdate (N) will be a new value with data
1
=======================================================
** Saturday 17/04/2021 18:05:18 **
Change Accepted
=======================================================
** Saturday 17/04/2021 18:05:18 **
Other Windows Settings
Registry Key hkey_local_machine\software\microsoft\windows\currentversion\windowsupdate
Value OSUpgrade (N) will be a new value with data
0
Value ReservationsAllowed (N) will be a new value with data
0
=======================================================
** Saturday 17/04/2021 18:05:22 **
Change Accepted
=======================================================
** Saturday 17/04/2021 18:05:22 **
Other Windows Settings
Registry Key hkey_local_machine\software\policies\microsoft\windows\windowsupdate
Value DisableOSUpgrade (N) will be a new value with data
1
Value DisableWindowsUpdateAccess (N) will be a new value with data
1
=======================================================
** Saturday 17/04/2021 18:05:23 **
Change Accepted
=======================================================
** Saturday 17/04/2021 18:05:23 **
Additional Security
Registry Key hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options
Subkey EOSNOTIFY.EXE has been added
Subkey InstallAgent.exe has been added
Subkey MusNotification.exe has been added
Subkey MUSNOTIFICATIONUX.EXE has been added
Subkey remsh.exe has been added
Subkey SIHClient.exe has been added
Subkey UpdateAssistant.exe has been added
Subkey UPFC.EXE has been added
Subkey UsoClient.exe has been added
Subkey WaaSMedic.exe has been added
Subkey WaasMedicAgent.exe has been added
Subkey Windows10Upgrade.exe has been added
Interestingly it's using IFEO to pass executables listed above to debugger with a value of "*"
NOTE: This post is nothing to do with WAU Manager. These entries are created by other software.
Last edited by Callender; 17 Apr 2021 at 13:05.