My enterprise has XCitium, but very recently we can’t update some of our machines, as they can’t create a “Restore Point.” We have a Group Policy that disables “Restore Points” on the system.
This wasn’t a problem last year, before Christmas, when I was updating our machines, but now none of my machines will update. There is with the notification message popping up on the Endpoint Manager that it failed making a restore point.
Right now, the only machines that will update are ones where I am installing the Client from scratch.
So, I have 100+ machines that are stuck on;
- Security Client Version 18.104.22.16897
Is there a setting somewhere where I can tell the updater to not require a Restore Point to update?
Thank you for your time.
As I have checked with the internal specialist they have said that It is enabled locally, but denied on domain GPO level. Our process cfpconfg.exe tries to create restore point, because restore point creation allowed locally, but getting error while trying to create it, because it is denied on domain level.
Request you to disable it locally, restart device, push update and you will see that update will work. OR Enable it globally and do the same steps → restart, update
If you need more information about System Restore settings and GPO hierarchy , request you to reach out Microsoft support team.
Thank you for the information that I need to disable System Protection locally.
Digging into this, I found the C drive was still listed as enabled. Which I was unable to click on the settings as it was disabled through GPO.
I found that I was able to disable it through Power Shell with this code:
Disable-ComputerRestore -Drive "C:\"
I did the update on my own machine, and it’s working now. I just got to add this code to our GPO to have it enact the change through PowerShell. Hopefully this helps others, and thank you nivedithab for the time you’ve taken.
Hi @Timothy, why not just change the GPO to allow system restore points to be created?
We didn’t have to disable this policy to enable push updates when we got XCitium early last year, and we were pushing updates to our network up until the Winter Holidays hit.
Nothing on our end changed for the year, and yet it broke. Why was the System Protection feature spontaneously a requirement to change?
Edit: Checking the logs, it seems the last time I tried to push security client updates, there were no updates. So, this was the first time I tried to push and update when there actually were updates. So, I guess this was always a problem, and we didn’t realize it.
I’ve always thought that the installation of XCS requires system restore to be enabled.