Advice Request What process spawns "Delta patch"?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
On Windows 10, you often get newly-spawned files such as this:
AM_Delta_Patch_1.245.777.0.exe
I understand that they are updates for Windows Defender.
What process spawns these files?
I want to mark that process as a trusted installer, so the delta patches won't be classified as "unrecognized".
(I am using Comodo firewall, with trusted vendors disabled)
 
5

509322

It's already a Trusted Installer > Windows Update

wuauclt.exe

"C:\windows\softwaredistribution\download\install\am_delta_patch_1.145.209.0.exe" antimalware /q

These might come through via Manual Update of Defender also, but I haven't checked.

I wouldn't go to any extraordinary lengths to make something a Trusted Installer. If there are problems, submit it as a bug report as they need to get this kind of issue sorted out.
 
  • Like
Reactions: shmu26
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Lockdown said:
It's already a Trusted Installer > Windows Update

wuauclt.exe

"C:\windows\softwaredistribution\download\install\am_delta_patch_1.145.209.0.exe" antimalware /q
Click to expand...
Yes, I see you are right.
So why do my delta patch files fall into "unrecognized", if I have enabled "trust files installed by trusted installers"?
 
5

509322

shmu26 said:
Yes, I see you are right.
So why do my delta patch files fall into "unrecognized", if I have enabled "trust files installed by trusted installers"?
Click to expand...

Do the Delta patches get sandboxed ?

If no, then the file rating of the Delta Patch is not changing, but C isn't messing with it = allowing Windows Update doing its thing.

Remember, every single file via Windows Update = Unrecognized to C. They don't see those files before they are distributed by Microsoft, so when they hit your system = Unrecognized.

The local file rating = Unrecognized, but C is not sandboxing or blocking or whatever the user has the settings adjusted to when dealing with Unrecognized files. So, Trusted Installers are installing those Unrecognized files as if they were Trusted.

Make sense ?
 
  • Like
Reactions: shmu26
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Lockdown said:
Do the Delta patches get sandboxed ?

If no, then the file rating of the Delta Patch is not changing, but C isn't messing with it = allowing Windows Update doing its thing.

Remember, every single file via Windows Update = Unrecognized to C. They don't see those files before they are distributed by Microsoft, so when they hit your system = Unrecognized.

The local file rating = Unrecognized, but C is not sandboxing or blocking or whatever the user has the settings adjusted to when dealing with Unrecognized files. So, Trusted Installers are installing those Unrecognized files as if they were Trusted.

Make sense ?
Click to expand...
I have autosandbox disabled. HIPS is not throwing prompts for the delta patches.
Either the updates are working, even though the file is unrecognized, or they are failing, and I just don't know about it.
 
5

509322

shmu26 said:
I have autosandbox disabled. HIPS is not throwing prompts for the delta patches.
Either the updates are working, even though the file is unrecognized, or they are failing, and I just don't know about it.
Click to expand...

L0L... enable the sandbox and verify that they won't be sandboxed; they should not.

HIPS is not going to generate any alerts involving a designated Trusted Installer when it is installing something. If an Unrecognized process, that has not been excluded from monitoring by other policy, attempts to launch Trusted Installer, then there would be an alert.

If there are failures you generally will see it in Windows Update or Windows Defender will throw an error.

Eventually you will abandon C...
 
Last edited by a moderator:
  • Like
Reactions: shmu26
D

Deleted member 178

shmu26 said:
Yes, I see you are right.
So why do my delta patch files fall into "unrecognized", if I have enabled "trust files installed by trusted installers"?
Click to expand...
Welcome to th buggy world of Comodo :D

More seriously surely because the file name changes every time. so you have to use wildcards.
 
  • Like
Reactions: frogboy
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Umbra said:
Welcome to th buggy world of Comodo :D

More seriously surely because the file name changes every time. so you have to use wildcards.
Click to expand...
Unfortunately, the file list does not accept wildcards.

The issue seems to have to do with the way Comodo categorizes files.
"Trusted" status has to come either from the trusted vendor list, or from cloud lookup, or from the user's decision to "trust" that file. Just being spawned by a trusted installer does not automatically bestow "trusted" status on the file.

In order to make life easier for myself, I went back to using my custom list of trusted vendors.
The main thing that irks me about it is that Comodo forces itself back on the list, even if you delete it. If they only signed their own products, I wouldn't mind, but they seem to issue a lot of 3rd party certificates.
 
Last edited:
Status
Not open for further replies.

Similar threads

Jengo
    • Like
    • Thanks
    • Applause
New Update Norton Security 22.24.1.6 for Windows is now available!
Replies
51
Views
3,428
Norton
simmerskool
simmerskool
Bot
    • Like
Norton Security 22.23.10.10 for Windows is now available!
Replies
0
Views
460
Norton
Bot
Bot
Bot
    • Like
Norton Security 22.23.9.9 for Windows is now available!
Replies
3
Views
699
Norton
Jengo
Jengo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top