W10 Update Deployment Silent, certain not used old DLL in OEM Install paths BLOCKS update c:\drivers or c:\SWSETUP

 

Microsoft W10 Update to 1909 failed because the pre Check found the certain DLL somewhere under the c:\drivers or C:\SWSETUP olders. (APP/Software or driver was not installed, Update block by JUST finding the Certain DLL somewhere on certain paths used by certain Producer/OEM.

Often used paths for drivers and where W10 Update tried to find add. Info about a system and what was installed (Beside Software, Registry and Windows-Installer Cache/DB).

  • HP > C:\SWSETUP\
  • DELL > c:\DRIVERS\
  • Our deployment solution > c:\DRIVERS\

We just had a case where we update W10 1709 to 1909 through a Deployment solution. Updates of HP Laptop failed.

If we installed the Update manual we did see that the "Infineon TPM Professional Package" was blocking. But the software was not installed.

 

Reason for W10 Update failing:

At that customer we use c:\drivers\ for our deployment structure on HP (Like Dell does > By the way don't use c:\drivers for your own packages/batch on DELL systems it will break some DELL batches).

Under that structure we have a library of certain most used HP Service Packs. There was one which included an Infineon TPM driver. Just by searching through those files

Microsoft thinks the drivers IS installed a Blocks the update. The driver was not installed on the system.

Solution:

Just delete those Directory and files if you don't reference them and they are not used MSI-Source files on the system you handle the update. On HP systems you can even rename the folder like from C:\SWSETUP\ to C:\_SWSETUP\ and it will work.

Where we found that info:

We silent deploy the 1909 there will following command line which gives us detailed Debug Log Info:

c:\drivers\setup\CUSTOMER_W10_1909\setup.exe /auto upgrade /copylogs \\SERVER\w10_1909$\CLIENTS_DEBUG\%computername% /DiagnosticPrompt enable /Priority Normal /postoobe c:\drivers\setup\CUSTOMER_W10_1909\CUSTOMER_W10_ENDE_OK.cmd /postrollback c:\drivers\setup\CUSTOMER_W10_1909\CUSTOMER_W10_ROLLBACK.cmd /Quiet /ShowOOBE none /telemetry disable /compat IgnoreWarning /DynamicUpdate disable /migratedrivers all

In these Logfiles then you will find the reason why he did not upgrade. You will also see why if you skip the OPTIONS: /Quiet /ShowOOBE none

search over all log files for "StatusDetail="UpgradeBlock"

It will be found in the logfile Compatdata*.xml

Here is the info regarding the Block within the XML File:

<Program IconId="ifxspmgt.exe_f069054697b0a0ae" Id="0006c5c9b5d907dd9c81f4d74bb61beb7e3900000904" Name="Infineon TPM Professional Package">

<CompatibilityInfo BlockingType="Hard" StatusDetail="UpgradeBlock"/>

<Action Name="ManualUninstall" ResolveState="NotRun" DisplayStyle="Text"/>

</Program></Programs>

The where the files that Windows 10 Update found BUT where not installed on the system.

Just delete the files if unused and the update will do it what it should.

 

 

Browser TLS 1.3 activated and your Firewall can’t handle it?

TLS 1.3

https://tools.ietf.org/html/rfc8446

Some modern Browser switch to TLS 1.3 automatic if the Web server on the other side supports this. Like Version 72 of Chrome.exe or even your OS is like Windows 10 Buildnummer 20170 upwards (That means the OS itself). So it's all safer and faster?

https://blogs.windows.com/windows-insider/2020/07/15/announcing-windows-10-insider-preview-build-20170/

The problem is that some Next Generation Web Filter (Firewall) can't look into the SSL-encryption anymore and find malware/Ransomware. With Browser self updating mechanism like in Chrome or Edge Chromium you suddenly have a constellation that you did not want. While you approved IE11/EDGE Updates in WSUS and mostly checked each new Release of the Browser before releasing it this has changed.

The interesting point is that also some Load Balancer are only able to break (Deep Inspect) traffic with really new Firmware releases. Customers demanded that feature since 2017 we see in diverse blogs and feature request portals of producers. So if you want to sniff into SSL (Break SSL Stream) and you're Firewall can't handle TLS 1.3 special you currently have a problem.

Check if your browser has TLS 1.3 active is easy

CHROME:

chrome://flags/#tls13-variant (Since Version 72 TLS 1.3 default)

MICROSOFT EDGE CHROMIUM:

edge://flags/

As example Type edge://flags/ in the Browser URL window.

Or jump direct to the TLS 1.3 setting with edge://flags/#enable-tls13-early-data

Open following URL / Test Website to see what's supported:

https://browserleaks.com/ssl

 

https://news.sophos.com/en-us/2020/08/18/report-firewall-best-practices-to-block-ransomware/

https://www.fortinet.com/blog/business-and-technology/tls-is-here-what-this-means-for-you

https://www.f5.com/c/landing/encrypted-threats/article/tls-1-3-are-you-ready-for-the-update

https://community.checkpoint.com/t5/General-Topics/CheckPoint-TLS-1-3-support-When/td-p/63672

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/understanding_traffic_decryption.html

https://www.sonicwall.com/support/knowledge-base/ssl-tls-protocols-supported-by-sonicos-matrix/170615123553371/

 

 

Read more:

https://devblogs.microsoft.com/premier-developer/microsoft-tls-1-3-support-reference/

https://www.imperial.ac.uk/media/imperial-college/faculty-of-engineering/computing/public/1819-pg-projects/Detecting-Malware-in-TLS-Traf%EF%AC%81c.pdf

https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/

https://www.heise.de/security/meldung/Verschluesselung-TLS-1-3-Fauxpas-gefaehrdet-Embedded-Systeme-mit-wolfSSL-4883741.html

https://www.heise.de/hintergrund/Was-TLS-1-3-ist-und-wie-Sie-davon-profitieren-4248740.html

https://www.sans.org/reading-room/whitepapers/vpns/paper/39715

https://nakedsecurity.sophos.com/2020/02/18/malware-and-https-a-growing-love-affair/

 

 

 

WSUS, W10 19XX > Feature update to Windows 10, Unable to find Resource

Unable to deploy W10 > W10 19XX (Feature Updates) to Windows 10 Clients via WSUS on Server 2012 R2.

That is a patch you need to Update your W10 client from W10 19XX to 19XX/20XX via WSUS.

This should have been fixed by Update KB 2919355 and Windows8.1-KB3095113-v2-x64. However on some WSUS Server 2012 R2 we could not install the patch (Depending on the order you installed Patches and installed the WSUS role timely). The patch does open the handling of ESD files in the Web server IIS (So the IIS know what to do with the Extension and how to Deliver it). You can manually add that entry in IIS.

Error you see in WSUS Server

Feature update to Windows 10 (business editions), version 1909, de-de x64

Event reported at 27.08.2020 03:08:

(Unable to Find Resource:) ReportingEvent.Client.167; Parameters: Funktionsupdate für Windows 10 (Business-Editionen), Version 1909, de-de x64

 

Here is how to solve manual

Right side "ADD"

File name extension:

.esd (With the dot infront)

MIME type:

application/octet-stream

OK

Close and maybe restart IIS or best WSUS Server.

After reboot of the WSUS you that the clients download the update.

You can read here further info:

https://support.microsoft.com/de-de/help/3095113/update-to-enable-wsus-support-for-windows-10-feature-upgrades

This pre-needs KB 2919355

 

McAfee ENS WEB CONTROL outlook.exe chart.dll crash

 

01.09.2020, this is solved in 10.7.0.1607 JULY 2020 Release

Produktversion (Endpoint Security Platform)

10.7.0.1961 JUL 2020 Release

Produktversion (Endpoint Security Threat Prevention)

10.7.0.2021 JUL 2020 Release

Web Control

10.7.0.1607 JUL 2020 Release

 

 

 

On several W10 machines we have seen Outlook.exe crash with Mcafee ENS Endpoint Security 10.7 Web Control active.

This behavior is seen up to Release 10.7.0.1675 and HOTFIX 10.7.0.1733 on 19.05.2020 and is because of the function "E-Mail annotations" in Mcafee Web Control Module from ENS (Endpoint security).

This function will check existing URL in existing E-Mail and if the URL is Malicious Block or warn the user WITHIN the E-Mail.

For Mcafee to draw that warning it needs chart.dll. On some systems there is know old story with mix of chart.dll (We are unsure of 32/64 or language MIX like German and English lead finally MS side to this error but Google is full of it). Mainly it's because Windows itself has a chart.dll and there is a version from Office. Those are different.

Error your see:

"Required file chart.dll not found in your path. Install Microsoft Outlook again"

"Die erfoderliche Datei chart.dll wurde"

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

 

Event

Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 16.0.4954.1000, Zeitstempel: 0x5df956bf

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.18362.628, Zeitstempel: 0x54734dee

Ausnahmecode: 0xc06d007e

Fehleroffset: 0x00113db2

ID des fehlerhaften Prozesses: 0x2bac

Startzeit der fehlerhaften Anwendung: 0x01d5e67e5d8b1520

Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office16\OUTLOOK.EXE

Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll

Berichtskennung: 55ace164-ec8b-4166-8170-8616d13f0366

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

 

Version 16.0.4924.1000 +"chart.dll"

 

For Mcafee to draw that warning it needs chart.dll. On some systems there is know old story with mix of chart.dll (We are unsure of 32/64 or language MIX like German and English lead finally MS side to this error but Google is full of it). Mainly it's because Windows itself has a chart.dll and there is a version from Office. Those are different.

You can see what happens here. The YELLOW is when it does not find the chart.dll at that certain path.

 

 

SOLUTION:

McAfee ENS > Web Control > Optionen > Advanced Options > TURN off the FIRST OPTION (Uncheck)

View German Mcafee ENS

View EPO Policy English

 

This is what the function does. It highlights malicious URL. Here a sample from a Mcafee SECURITY FOR Exchange

Alert warning which had a malicious URL link. (This is a double alert but just to show what we talk about)

 

 

 

 

You don't have to reinstall Outlook.exe, Office, or ENS Modules. Just turn off the option.

Some Links with chart.dll (Not related to McAfee)

https://answers.microsoft.com/en-us/office/forum/office_2016-outlook/2016-outlook-has-error-message-required-file/772b47c6-ead1-4d6f-9ad1-41da627cb9c7

Links with Mcafee at askwoody.com

https://www.askwoody.com/forums/topic/outlook-2016-and-chart-dll-error-multiple-pcs/

https://community.mcafee.com/t5/Endpoint-Security-ENS/Outlook-2016-and-chart-dll-error/m-p/651239

HP W10 Phonewise Install Bluetooth error

ERROR: Install a driver failed because Bluetooth is off or unavailable.

Product: HP Phonewise Driver Install Error

Finally found a solution to a HP W10 Setup brand Problem. Had that under 1803/1809/1903. We are unsure If this was related to a CLEANUP tool we use to remove/Uninstall certain

HP bloat ware from Github. Install a driver failed because Bluetooth is off or unavailable.

This seems a rather complex installation because HP has to make sure that the BLUETOOTH drive is ON in BIOS, is active in W10 itself

And only then can install or uninstall the driver. If you look at the twi batch they are rather complex and handle reboot persistence etc.

We finally found a way to get rid of the error. There is a schedule Task running which handles the reboot persistence.

Remove that entry and you get of the warning. The RED Error we could not explain since the correct file was there AND the used

Mcafee ENS 10.7 virus protection DID not block the file.

HP PhoneWise Device Maintenance