Windows update and CIS 6.2

In my XP x 86 system, I am no more able to update windows. Windows update is able to detect the required updates and lists them. When I select install selected updates, it just fails after trying for sometime. I tried to solve the problem by turning off firewall, antivirus and even keeping CIS in game mode! However nothing has worked out.

The culprit seems to be ‘fully virtualisation’ of svchost by CIS. Whenever windows update is run, ‘Sandboxed Apps’ show three entries i.e. under ‘cmdvirth.exe’ two svchost entries are shown as ‘fully virtualised’, though all the three ‘cmdvirth’ (comodo file) and svchost (microsoft) are shown as trusted.

All the three files are already ‘trusted’ files. So, CIS does not give me an option to take it out from sandbox. Under CIS HIPS rules, svchost is a system file defined by CIS, so I do not want to make any experimental changes there. Do you have any idea to solve the problem?

SVCHost being virtualized will cause some issues.

Programs running inside the Virtual Kiosk store the changes to the files accessed by them inside the sandbox so that the changes do not affect the real computer system. Items stored in the sandbox/Virtual Kiosk could, depending on your usage patterns, contain malware downloaded from websites or private data in your browsing history. Periodically resetting the sandbox will clear all this data and help protect your privacy and security. If data has accumulated over a long period of time, then resetting the sandbox will also help the Kiosk operate more smoothly.

Digging deeper into the rules, it seems as if you may want to close the virtual kiosk when performing Windows updates.

First question. Are you trying to run Windows Update from within Kiosk?

Svchost.exe is a host process. It serves many masters. So when one or two service host processes get run sandboxed that is only confined to the limited set of instances that are run virtualised. Unless you start Windows Update from Kiosk it should normally not get sandboxed.

The virtualised service host processes are like a red herring here.

Can you tell us more about your set up? What version of CIS are you running? What configuration are you running? What changes did you make to the default config?

Since when is this problem happening? What changes did you make to the system around the problem started to happen?

Can you post screenshots of the Defense + logs of around the time of running the Windows Updates?

When Windows updates go astray it will provide an error code. Please research what that error code means and what solutions can be found using search engines.