What's new

[SOLVED] Windows update problems

BrianDrab

Administrator, Windows Update Instructor, Security Analyst
Staff member
Joined
Oct 20, 2014
Messages
17,749
Please follow these step by step instructions to enable registry auditing and to provide me your security log.

Step#1 - Enable Registry Auditing
1. Right-click on the Start
button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
auditpol /set /subcategory:"Registry" /success:enable

3. You should get a message within the command-prompt that states "The command was successfully executed."

Step#2 - Designate Registry Key to Monitor
1. Type regedit in the command-prompt window and hit enter.
2. The Registry Editor will open.
3. Scroll all the way to the top of the screen using the vertical scroll bar. You will see several root keys named HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, etc.
4. Click the arrow next to HKEY_LOCAL_MACHINE so it expands and shows the info beneath this key. Then find SOFTWARE and expand this one. Continue doing this until you get to the Auto Update key (Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update)
5. Right-click on the Auto Update key and choose Permissions...
6. Click the Advanced button.
7. Click the Auditing tab.
8. Click the Add button and then click the "Select a principal" link at the top of that form.
9. Type Everyone in the text box and click OK.
10. Click the Show advanced permissions link.
11. Check the box that says "Set Value". Uncheck all other options.
12. Click OK on this screen and the click OK again and then OK again to get out of all the screens.
13. You may close the registry editor and the command-prompt now.

Step#3 - Change Windows Update Options
1. Go ahead and change your Windows Update options again so that they are they way you want them.

Step#4 - Retrieve Security Event Log
1. Right-click on the Start
button and select Event Viewer
2. Click the arrow next to Windows Logs and then click on the Security log.
3. Right-click on the Security Log and choose Save All Events As...
4. Select your desktop as the location to save and type Security for the File name and click Save.
5. If you are using a language on your machine other than English then on the next screen please ensure to select Display information for English and click OK. Otherwise you can simply click OK.
6. There will be a file on your desktop named Security.evtx. Right-click on this file and choose Send To..Compressed (zipped folder) which will create a file named Security.zip.
7. Please upload this file to SendSpace and provide the link in your next post.
 

BrianDrab

Administrator, Windows Update Instructor, Security Analyst
Staff member
Joined
Oct 20, 2014
Messages
17,749
Excellent job!! You did it perfect. OK. Next time you see the Windows Update settings change please do the following again. You may want to delete the Security.evtx and Security.zip off of your desktop to avoid confusion when you need to do it again.

Retrieve Security Event Log
1. Right-click on the Start
button and select Event Viewer
2. Click the arrow next to Windows Logs and then click on the Security log.
3. Right-click on the Security Log and choose Save All Events As...
4. Select your desktop as the location to save and type Security for the File name and click Save.
5. If you are using a language on your machine other than English then on the next screen please ensure to select Display information for English and click OK. Otherwise you can simply click OK.
6. There will be a file on your desktop named Security.evtx. Right-click on this file and choose Send To..Compressed (zipped folder) which will create a file named Security.zip.
7. Please upload this file to SendSpace and provide the link in your next post.
 

BrianDrab

Administrator, Windows Update Instructor, Security Analyst
Staff member
Joined
Oct 20, 2014
Messages
17,749
Good news! We found the program that is changing your windows update settings. It's your Samsung Software that likely came with your machine. It's specifically disabling Windows Update. I'm not sure why. You may want to ask Samsung. If you don't have the ability to do this then I would uninstall the program.

C:\ProgramData\SAMSUNG\SWUpdate\Temp\Packages\BASW-A0394A05\64\Disable_Windowsupdate.exe

I would suggest that you go to Add/Remove programs and uninstall the SW Update program. Once you have done this, go ahead and change your Windows Update settings and then see if they change again.
 

niemiro

Senior Administrator, Windows Update Expert, Developer
Staff member
Joined
Mar 2, 2012
Messages
8,385
Location
District 12
@wavly, would it be possible for you to specifically navigate to C:\ProgramData\SAMSUNG\SWUpdate\Temp\Packages\BASW-A0394A05\, copy whatever's inside to your Desktop, zip it up and upload?

I'd love to be able to get my hands on a copy of those files which are seemingly breaking Windows Update in order to be able to perform some proper analysis on them. Something's surely not right here.
 

wavly

Active member
Joined
Jun 7, 2015
Messages
34
Brian, Brilliant, absolutely brilliant. Well done, you're awesome. Thanks.

It dawned on me a while ago that this issue wasn't a run of the mill type of problem and I've been amazed (and impressed) by your efforts and patience.

I went to Samsung online help and described the issue and asked them to explain why this was happening. Their site didn't allow me to copy so I noted the comments:

Me: Please explain why Samsung Software is configured this way and how I am meant to know about it and change it?

Samsung: Some of specific windows update installation caused slowness on pc before and we prevent this issue to update windows configuration update to change the setting. If you want to install windows updates automatic installation then please do not update the windows update configuration from sw update.

I replied to that with a bit of a rant about Samsung arbitrarily doing things without telling me and got a response that they would report to tech department about it.

As per Niemiro I had a look under ProgramData\Samsung and I have 2 file folders marked SW Update and 1 marked SW Update Service. The Packages file folder was empty but both SW Updates had XML files. The nearest I could find to the one you identified was BASW-A0394A05_1B33BCEB.XML. I zipped it (or I think I have) to this location

https://www.sendspace.com/file/aiy25k

I'm still excited (and pleased) with your news at finding the problem and inclined to remove SW Update in its entirety but will not do anything until advised. It may be you would wish details contained in some other files?

It may well be that this issue has arisen out of something I have done rather than intentional design by Samsung software but if that's the case I've done it through ignorance rather than intent. If it is by design through the software, I think, as Niemiro suggests, there is something that requires attention more than my computer.

wavly
 

BrianDrab

Administrator, Windows Update Instructor, Security Analyst
Staff member
Joined
Oct 20, 2014
Messages
17,749
Now that we found the culprit if you would like to turn off registry auditing you can follow the instructions below.

Disable Registry Auditing
1. Right-click on the Start
button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
auditpol /clear

3. Confirm when prompted.
 

tom982

Senior Administrator, Windows Update Expert
Joined
May 31, 2012
Messages
4,357
Location
New York
Top