PDA

View Full Version : Resident Shield blocks Windows Update



Appzalien
2007-07-01, 21:24
Today as I attempted to run Windows Critical updates for a computer I only update occasionally I was blocked from downloading the initial (wga or update manager 3.0 whatever) this in effect locked me out of downloading the criticals from the page that should have loaded after the initial install.

I regret that before visiting the Windows site I updated Spybot to the latest definitions otherwise the failure may not have occurred and I would know for sure it was something new.

After some extensive searching and trials to get the update to work again, I ran across someone who had disabled Zone Alarm, Spybot S&D and a few other things and was able to get the download. So, to test the theory that it was only one of these I disabled teatimer resident shield first and went back to the update site and bingo the installation succeded.

The error I recieved when the download failed [error number : 0x80070020] had been identified by a tech in one of my searches as a locked file stopping the installation of the download. So Teatimer is locking a file necessary for Microsoft to install its newest Download Manager (or WGA I suspect).

To test my theory I used another PC thats updated regularly so it would have the latest Spybot definitions and it also could not download the update until I disabled the Resident Shield.

If someone could verify this and look into the problem I would be gratful. I've used Spybot since the begining of time, when I was using a rock as a computer and real mouse to surf the ancient web (web .000001), and I will miss it if I have to let it go.

md usa spybot fan
2007-07-01, 22:32
Appzalien:

TeaTimer 1.4 currently monitors approximately 50 system Registry keys such as System Startup, ActiveX Distribution Unit, Browser page and Browser Helper Object. When a change is made to one of the registry keys that TeaTimer is monitoring it appears that the change is actually made to the registry. When TeaTimer recognizes that there has been a change to a monitored registry key it: Checks to see if there is a stored "Remember this decision" that covers the change. If there is, TeaTimer uses that information and just issues a pop-up notification of the action it took.
Issues a popup dialog to allows you to decide if you want to allow the registry change or reverse the change.If you answer the popup dialog "Allow change" nothing is done to the registry. If you "Deny change" the change the registry change is reversed (backed out). If you check the "Remember this decision" option while answering this pop-up dialog, Spybot stores the information for that change so that similar changes in the future will be handled automatically by either applying the "Allow change" or "Deny change" option. After you answer the pop-up dialog TeaTimer issues a pop-up notification of the action you took. Also note that if you close the registry change popup dialog without answering either "Allow change" or "Deny change" the registry change will be denied.

In other words the registry change function within TeaTimer 1.4 only blocks registry changes if you do not allow the change. If the download of the Office Genuine Advantage Validation Tool, Windows Genuine Advantage Validation Tool or the update itself was blocked because of TeaTimer 1.4, it was because the change was not allowed and you should have received either a popup dialog giving you the opportunity to allow the change or a notification that you instructed TeaTimer to automatically deny that type of change.

I may be able to determine more if you show us what change was denied from the Resident.log:
Go into Spybot > Mode > Advanced Mode > Tools > Resident > page (scroll) to the bottom of the listing and highlight a portion of the log that shows the time frame where you encountered the problem, then right click and select Copy. Paste (Ctrl+V) the log entries to another post in this thread.
If you no longer have Spybot installed, the Resident.log should still be stored in one of the following directories:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Vista
C:\ProgramData\Spybot - Search & Destroy\Logs
Using Windows Explorer, navigate to the Resident.log file. Double click on it and it should open with Notepad. Copy and paste the portion of the log that shows the registry changes around the time frame where you encountered the problem.

Appzalien
2007-07-01, 22:51
There's nothing there, the last entry is 6/30. There where no popups to warn of this block, it has to be something to do with the update. I was able to download the june tuesday criticals with no problems to my other PC's at that time and there were no popups from teatimer. It was only today when I started a PC that has been off for about a month and a half that I updated all my spyware cleaners, the AVG anti-virus updated itself and the ZoneAlarm as well. Then and only then did I go to the Windows Update site and got the error trying to download files that were already downloaded on other PC's without error. After which, out of curiosity, when I discovered that disabling teatimer resident shield in the system tray, I tried Windows update on my other always on PC's only to find them blocked too. There were never any popups during this update or previous updates.

So basically 3 PC's (all with Spybot running teatimer) had been updated with their criticals on the second tuesday in June no problems no popups. Today a new computer without the june updates failed and then the other PC's failed as well even though there are probably no criticals for them yet there is a site download manager update that needs to be installed to access the update page and thats whats failing to install (not download, it downloads OK but fails to install). If I disable Resident shield in the tray the installation is OK.

md usa spybot fan
2007-07-02, 00:18
I'm sorry but I can't personally be of further assistance in explaining your observations. Since TeaTimer normally issues popup dialogs (titled "Spybot - Search & Destroy") and/or notifications (titled "Resident") as well as records its activity in the Resident.log, I am at a loss to explain how it is interfering with the download/install without some evidence that it is even interfacing with the change.

Perhaps someone else can help.

Appzalien
2007-07-02, 01:07
No problem, I have the answer on my end to the problem. Others may have the same problem and this could help them .

Do you have Spybot 1.4 installed and updated with teatimer running? Why don't you try accessing the critical updates page and see what happens.

md usa spybot fan
2007-07-02, 01:57
Do you have Spybot 1.4 installed and updated with teatimer running?
I have TeaTimer 1.4 running and update Windows (XP home) and Windows Office (2003) as well as other Windows products regularly without problems.


Why don't you try accessing the critical updates page and see what happens.
I would be happy to. Since I am not experiencing the same problem that you seem to have (possibly because we use different methodologies to update Windows), please provide the URL of "critical updates page" that you are accessing when you are encountering the problem.

Appzalien
2007-07-02, 02:48
http://windowsupdate.microsoft.com/

or


http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us

or what I do:

Start > All Programs > (up at the top of the menu) Windows Update

md usa spybot fan
2007-07-02, 06:34
I'm sorry but I can't test because I have nothing to update. I'll try again on July 10th if there are updates.

June updates downloaded and installed with TeaTimer running:

Windows XP Cumulative Security Update for Internet Explorer 7 for Windows XP (KB933566) Tuesday, June 12, 2007 Windows Update
Windows XP Cumulative Security Update for Outlook Express for Windows XP (KB929123) Tuesday, June 12, 2007 Windows Update
Windows XP Security Update for Windows XP (KB935839) Tuesday, June 12, 2007 Windows Update
Windows XP Security Update for Windows XP (KB935840) Tuesday, June 12, 2007 Windows Update
Windows XP Windows Genuine Advantage Validation Tool (KB892130) Tuesday, June 12, 2007 Windows Update

md usa spybot fan
2007-07-10, 23:46
Appzalien:

Follow up.

I waited until how to post because of your challenge which I was unable to complete because I had no Windows Updates to download:


Why don't you try accessing the critical updates page and see what happens.
Well, I just downloaded July's updates (July 10th - 2nd Tuesday as promised) using Windows Update with TeaTimer 1.4 running and the update went without a hitch. Unfortunately, there were just two (2) minor updates that I was able to receive:
Windows XP Update for Windows XP (KB936357) Tuesday, July 10, 2007 Windows Update
Windows XP Windows Malicious Software Removal Tool - July 2007 (KB890830) Tuesday, July 10, 2007 Windows Update

However, those updates did not appear to include updates to the Windows Update process itself as I reported I received without a problem in June (2007):
Windows XP Windows Genuine Advantage Validation Tool (KB892130) Tuesday, June 12, 2007 Windows Update
_________

re: "0x80070020" error.

The following article indicates "This problem occurs when your computer has an antivirus program that uses real-time scanning.":
You receive a "0x80070020 The process cannot access the file because it is being used by another process" error message when you try to download an update from Windows Update or from Microsoft Update
http://support.microsoft.com/kb/883825
From that article it appears that Windows Update and Microsoft Update are intolerant at times of access by other applications to the files they use.


CAUSE
This problem occurs when your computer has an antivirus program that uses real-time scanning.
When programs are started, TeaTimer does access the exe files to check their attributes. I assume that in this case the same error as described in the article could occur. However, with thousands of people running TeaTimer and doing Windows Updates, the problem does not appear to wide spread. As I indicated, I personally had no problems with the June 2007 Windows Updates nor any problems with Windows Updates with TeaTimer running in the past, starting with TeaTimer 1.3 in May 2004 and TeaTimer 1.4 in June 2005.

I guess the problem could occur because of an iffy timing thing between Windows Update and TeaTimer accessing files. On the other hand the article would seem to indicate that any program that uses real-time scanning can cause the problem. From the following statement, Microsoft appears to acknowledge that it may be their problem. It almost seems that when they attempt to access a file and if it is being used by someone else they just issue an error message and terminate the process rather than retry the access.


STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

APPLIES TO
Microsoft Windows Update
Microsoft Update
Please note that the Microsoft article also contains the following:


WORKAROUND

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk. ...

Monsoon
2007-07-18, 17:20
I have XP too and cannot access the updates either with no idea what the cause really is although Spybot + McAfee are the prime suspects. Just the other day I received two critical updates 'automatically' and they both installed OK. After that, a visit to the m'soft.com update site to check that I now had everything resulted in the same outcome - I couldn't install either the updating software or any relevant updates. I am loathe to disable either spybot or t-timer. If M'soft are going to hold their hands up for this one it would be interesting to see how they can create a 'critical' update - that cannot be downloaded?

Also I have an unusual incident where, on 'immunize' the products immunized keeps changing from the updated level of 24,000 odd back to 18,000 odd. A reinstall of the update corrects the prob but only short term. In seems that XP security updates or McAfee block certain entries in the registry, when it seems that S'Bot puts the same entries in the registry but with a routine that makes them inoperable. Seems like a clash of ideas. I am of the view that S'Bot are up to the problem and that it is XP that need to look at the way S'Bot deals with these problems so that some synergy develops for the benefit of all.

S'Bot always seem to have a genuine and human(e) appreciation of the probs 'out here' when XP seem to live in an ivory tower 'out there' where probs are a pain.