I discovered a strange issue on some machines, where WSUS-deployed patches are blocked by SEP´s proactive thread scan ("CoHo" component).
Based on my researches, only those patches are affected, that touches the windows kernel, just like the following patches in February:
MS 10-015 (KB 977165)
MS 10-006 (KB 978251)
WSUS always gives 0x8007054f (internal error) for the failed installation on the WSUS-Client.
Manual installation of such bulletins failed, too! The only way to resolve that, is to disable proactive thread scan during manual installation.
Normaly, all patches will be installed automaticaly, as indecated in the gpo settings on the WSUS-client.
Another thing I noticed is, that not all client machines are affected in the same infrastructure, with the same bulletins and the same SEP-Settings. It´s always 2 or 3 of the whole bunch.
We can´t make any exeption for windows kernel, can´t we?!? :=)
The question is: What is wrong? Do I have any configuration error, that I do not see?
By the way: We´re working currently with XP SP3, WSUS 3 SP2 and SEP11 RU5.
regards from Germany,