Windows Updates and Defense+

I don’t want to post a question twice, but I posted the following as a reply in another thread earlier this week, and assume it’s gone un-noticed. Does anyone have any comments?

I have Windows XP Update set to Notify me of updates before downloading and updating. Yesterday, the download went fine but when it started to install things, all hell broke loose. D+ kept having to be told it was OK to let files like “C:\WINDOWS$hf_mig$\KB933360\update\update.exe” do things. Of course I got tired of this soon and set “Installation Mode”.

But, what about people who allow Windows to do “Automatic Updates (Recommended)”? !!

It seems like the update procedure downloads these “update.exe” files to these “C:\WINDOWS$hf_mig$\KB933360\update” type directories and runs them. D+ of course, sais they’re not safe, and alerts you for everything every one of them tries to do.

In an attempt to avoid this in the future I added “%windir%**\update\update.exe” to the “Windows Updater Applications” group. See “Defense+ > Common Tasks > My Protected Files > Groups… > Windows Updater Applications > Add > Select From > Browse… > Add new item”.

Can anyone tell me if this makes sense, will it work for the next Windows update, or is it even safe enough? It just seems like there should be a better way to allow MS to Update Windows than switching modes manually every time.

Any thoughts or better ideas?

Thanks for any comments.

I would think the logical thing was to get all the update rules and files added to the White list by Comodo if this is possible without compromising the security.
I had a similar problem but not quite as bad as yours.

Well Mike,

Thanks for the response.

COMODO does have the file group “Windows Updater Applications”. That’s where I added my stuff. The problem is the MS Update procedure always puts the same named file (update.exe) in a different folder like “C:\WINDOWS$hf_mig$\KBnnnnnn\update”, where nnnnnn is the update number each time. They can’t white list update.exe because it’s never the same of course.

I have since changed “%windir%**\update\update.exe” to “%windir%$hf_**\update\update.exe” to be a little more specific. I think COMODO should have something like this in their default list. I don’t see it as a security risk, since you will always get an alert if an unsafe application tries to write into, or create, a folder that looks like that.

It would be lice if someone who knew more than me would bless this idea, shoot it down, or come up with an alternative. I had intended to install CFP on a friend’s XP box, but he just lets MS do Automatic Updates, and CFP would never work as is.

I guess I’ll have to wait for the next Windows Update to see if this trick stands a chance. :-/