This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 57.99999999999999%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
After installing the Windows Server 2019 patch update (KB5035849), customer encountered an issue with their IIS-hosted application. The associated application pool started experiencing shutdowns. Upon investigation, it was discovered that the Carbon Black antivirus software, responsible for monitoring the server was terminating the w3wp.exe process that hosts the web application.
As a temporary solution, the customer changed the configuration of the IIS application pool from "No Managed Code" with "Classic Managed Pipeline" mode to ".NET CLR Version v4.0.30319" with "Integrated Managed Pipeline" mode, which resolved the problem. However, the application vendor recommends using the "No Managed Code" with "Classic Managed Pipeline" mode.
It's important to note that this issue only occurs after installing the Windows Server 2019 patch update (KB5035849). We need help on how to address this issue while considering the application vendor's recommendation to have the IIS application pool running under "No Managed Code " with "Classic Managed Pipeline" setting.
When we roll back the Windows Patch update (KB5035849) we are not seeing issue.
When the Windows patch update (KB5035849) is installed, it causes the IIS process application pool, which is configured to run under "No Managed Code" with "Classic Managed Pipeline," to access files on the system drive. This access is flagged by Carbon Black as a potential vulnerability, leading to the termination of the application pool process w3wp.exe. How should we go about addressing this issue?
You might want to start by opening a support case with Carbon Black since it is their software that is terminating the app pool. Sounds like a false positive.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 9%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWL%3C/text%3E%3C/svg%3E)
Hello
The latest update for Server 2019 is "KB5036896", we may install the latest update then check the issue again as the KB5035849 got known issue related to "LSASS".
Since the process was killed by Carbon, we may ask for help from Carbon support why it would kill the process after the update.