Netscan forcing Windows updates

Started by Rob Gibson

Rob Gibson

Netscan forcing Windows updates   02 February 2016, 22:32

We seem to have discovered an issue when running a scan using Network Scanner. If the computers being scanned have pending updates, (Windows, Flash, Silverlight etc.), Network Scanner scanning the computer is enough to restart the computer even if a student is logged on (our WSUS is set so that only users with Administrative Rights can perform updates). Is there a way to stop Network Scanner from creating an event in the Security Log when scanning computers?
SoftPerfect Support forum - Andrew avatar image

Re: Netscan forcing windows updates   02 February 2016, 22:45

The app itself doesn't create any events in the Security Log. I guess it's a specific scan that Windows reacts upon and restarts, but can't tell specifically.
Rob Gibson

Re: Netscan forcing windows updates   02 February 2016, 23:10

Could it be 'Lookup logged on users'? What features does that option use to retrieve the logged on users?
SoftPerfect Support forum - Andrew avatar image

Re: Netscan forcing windows updates   02 February 2016, 23:17

Sorry, I am not sure which scan it is.

The Lookup logged on users option calls a system API first NetWkstaUserEnum

If this function fails, then it sends a specially crafted NetBios packet in the same way as the nbtstat -a command.

Hope this helps.
Rob Gibson

Re: Netscan forcing windows updates   02 February 2016, 23:34

Network Scanner seems to be creating the following in the Security Event Log - even with all the additional scans turned off.

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 02/02/2016 12:23:16
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: computer_Name
Description:
Special privileges assigned to new logon.

Subject:
Security ID: Domain_Name\username
Account Name: Username
Account Domain: Domain_Name
Logon ID: 0x687702

Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege

It then creates a an additional event when the Logoff is destroyed roughly 30 seconds later with the same Logon ID. it appears that this logoff event is enough to trigger the windows update.

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

       **  **         **        **        **    ** 
       **  **    **   **        **        ***   ** 
       **  **    **   **        **        ****  ** 
       **  **    **   **        **        ** ** ** 
 **    **  *********  **        **        **  **** 
 **    **        **   **        **        **   *** 
  ******         **   ********  ********  **    ** 

Message: