Software Updater logs

alecw

Hi,

 

[Client Security Premium 11.6 on Win7 and 8.1]

 

We have the Software Updater set to "ask user" to reboot, and to force a reboot only after five days. However, some machines are still restarting without asking and without the five day window elapsing - it happens shortly after the Software Updater's scheduled installation time, which is why we think it's the culprit.

 

Are there any Software Updater logs on the endpoint to say what was installed at a given time and why the decision to forcibly reboot was made?

 

Many thanks,

alec

Ben

You can find the most of the software updater related logs on the end-point under C:\ProgramData\F-secure\Logs\FSOFUPD

 

Let us know the results of your investigation or if you need further assistance.

alecw

Hi Ben,

 

Thanks for the tip

 

I'm looking for the line that says "I forcibly rebooted this computer in direct contradiction of policy because...." Any idea what I should be looking for?

 

There are a few lines that look like this in fssua.log:

 

1 90C 14/11/19 00:00:36 Installation status explanation: Type: return code (1), Id: 55, Status: pending reboot (3), Return code: 3010, Timestamp: 0

 

...but I've not found a smoking gun just yet!

 

alec

alecw

Here's the Smoking Gun, from the Windows eventlog:

 

The process C:\ProgramData\F-Secure\FSOFTUPD\deploy\SafeReboot.exe (COMPUTER) has initiated the restart of computer COMPUTER on behalf of user NT AUTHORITY\SYSTEM for the following reason: Application: Installation (Planned)
Reason Code: 0x80040002
Shutdown Type: restart

Now, the question is, why'd it do that when the policy is set to Ask User?

 

Many thanks,

alec

Ben

Hello Alecw,

 

In order to fully understand what happened there, could you open a support ticket, providing and fsdiag of the impacted machine?