You can enable “crawling” and approval of the contents of Windows Image (WIM) files in trusted directories. Addition of support for WIM crawling will help increase approval coverage of updates you receive via Windows Server Update Service (WSUS).

One important use of this feature will be to enable Carbon Black App Control to support updates to the upcoming Windows 10 Anniversary Update and later Windows 10 releases on your endpoints without removal of the agent. Although full crawl of the ISO contents ahead of time is not necessary required for Windows 10 updates with the agent in place, it is recommended to avoid upgrade failures due to unexpected blocks of installation files.

See Approving by Trusted Directory you have not already set up a trusted directory. If you use multiple trusted directories, the procedure must be repeated for each one in which you want WIM files to be approved.

To allow trusted directory approval of WIM files:

  1. Choose or create the trusted directory in which you want to approve the content of WIM files (including those in ISOs). On the system where the trusted directory is located, download and install the Microsoft Windows Automated Installation Kit (AIK) or for Windows 10 the Assessment and Deployment Kit (ADK). The installation image and instructions can be found in the following locations:

    The AIK (or ADK) includes ImageX.exe , which is required for WIM approval. The version of ImageX.exe is the same for both downloads – using the version specified for your OS makes the installation simpler.

  2. Disable tamper protection on the agent running on the trusted directory server.
    1. On the console menu, choose Assets > Computers.
    2. In the Computers table, find the name of the computer hosting the trusted directory, and click on the name or View Details button.
    3. On the Computer Details page, click on Disable Tamper Protection in Advanced section of the right menu bar.
  3. From the download location, copy ImageX.exe into the agent installation directory (typically C:\Program Files (x86)\Bit9\Parity Agent).
    Note: Once you have copied ImageX.exe into the agent directory, you may uninstall the AIK (or ADK) software. It is not required for agent operation.
  4. In the Carbon Black App Control Console, approve the ImageX.exe file on the agent hosting the trusted directory:
    1. On the console menu, choose Tools > Find Files and search for ImageX.exe.
    2. In the Find File results, check the box next to ImageX.exe and choose Approve Locallyor Approve Globally on the Action menu.
  5. On the Computer Details page for the agent on which you placed ImageX.exe, re-enable tamper protection.
  6. Add WIM files to the file types that the agent can “crawl” in a trusted directory:
    1. Navigate to the Support page in the Carbon Black App Control Console by manually entering the URL: https://<yourserveraddress> /support.php
    2. Click on the Advanced Configuration tab, and in the Agent Configuration panel, check the box for Enable Deep Crawl.
    3. In the next line, Deep Crawl Files, add *.wim (be sure to include the asterisk) to the end of the list of file extensions if it is not already there. Use a comma to separate the new extension from the previous one in the list. Click Update when you are finished.
  7. On the console, choose Assets > Computers, and locate the computer that has the trusted directory. You must wait until this computer shows Up to date in the Policy Status column of the Computers page before proceeding.
  8. Copy or move any ISO files and/or separate WIMs you want approved into the trusted directory. The inventory and approval of the contents of these files begins. Completion of this process could take several hours and consume considerable system resources, depending upon your hardware.
Note:

For additional info on ImageX.exe, see:

https://technet.microsoft.com/en-us/library/cc722145(v=ws.10).aspx

For additional info on WIM, see:

https://www.microsoft.com/en-us/download/confirmation.aspx?id=13096