WER DISM fault when integrating Cumulative Update KB5025221

  • Thread starter Thread starter XYZ
  • Start date Start date
X

XYZ

Guest
It does seem to end up integrating/completing successfully though, if you leave it long enough. Not sure there's anything you can do though.

I wouldn't have known it happened if it wasn't for the fact I run an anti-executable. Below is the error and parameters:

View attachment 9648
 
Disable your AV solution, or add NTLite to the exclusion list.
 
Why does SpyShelter care about DismHost.exe (service), if it's not acting as AV?

Everyone who has a 3rd-party AV always insists it's never their AV product. And they're usually wrong.
Choose "Disable monitoring of action".
 
Because this module is an anti-executable, not an AV, so it alerts when it detects a process (in this case DismHost.exe, which was launched by NTLite.exe during processing) starting another process (in this case wermgr.exe). So, it's just informing me that DismHost.exe had some error during integration of that Cumulative Update, and the Windows Error Reporting Manager was launched to handle the error.

The anti-executable part is because it alerts me when a process is trying to start. Far better to not let something run in the first place (ie. white-list/black-list/alert), rather than let everything run and try and try to determine if it's malicious.

I know that Disable monitoring of that action would stop the alert being displayed, but is doesn't solve the issue of why DismHost.exe is erroring out during integration.
 
Anti-executable = anti-virus protection. Stop trying to argue this point.

DismHost and TrustedInstaller are privileged processes, they will trigger 3rd-party security. If your security is blocking file access, then integration attempts will fail.

Do your own experiment, install NTLite inside a VM without your 3rd-party security. Integrate the same updates.
 
Lets agree to dis-agree, because we do - They are different.

It's irrelevant though, as the software is not blocking access to anything apart from pausing it from launching wermgr.exe. When you allow it (haven't tried denying it), it will eventually complete the integration.

The point is - Why is DismHost.exe launching wermgr.exe ?

The experiment won't help, because as I've already mentioned, it does end up completing the integration. Without SpyShelter (or any other anti-executable, AE), I just won't be alerted that DismHost.exe is launching wermgr.exe (which I don't think it should be doing, unless it encounters some sort of error - which begs the question - why is it encountering an error ?)

Anyway, as it's not a part of NTLite, nuhi obviously can't fix it, and it does end up integrating in the end.

Thought I'd post it for informational purposes.
 
Wermgr.exe is Windows Error Reporting. It means your security has blocked DISM or a child process from normal processing, and it crashed. This triggers WER to collect crash data. Look in Event Viewer for more details.

NTLite -> DISM -> DismHost -> TrustedInstaller service -> write to protected files owned by TrustedInstaller
 
You must log in or register to reply here.
Back
Top