Question
Windows Update fails and performance degradation when FortiClient Sandbox profile is enabled EMS
Hello community,
- We are currently running Forti EMS Cloud 7.4.3 with several endpoint versions, mainly FortiClient 7.2.11 y 7.0.X on Windows 11 devices.
- We are working together with the customer and Microsoft support to troubleshoot an issue where Windows Update downloads do not complete and the update process becomes extremely slow or stuck.
Issue Description:
- When endpoints have a FortiClient profile with Sandbox enabled, Windows Update shows the following symptoms:
- Update download does not complete
If we change the endpoint policy to Default profile (no Sandbox), the Windows Update process completes successfully.
Tests Performed
To verify this behavior, we performed the following tests:
- Disabled Sandbox profile → Windows Update completes normally
- Re-enabled Sandbox profile → Windows Update fails or hangs
- We tested with multiple Windows Update components excluded:
- TrustedInstaller.exe
- TiWorker.exe (Windows Modules Installer Worker)
- DISM.exe
- C:\Windows\WinSxS\
- C:\Windows\SoftwareDistribution\
- Even with these exclusions, the issue persists.
- This strongly indicates that the FortiClient Sandbox module or its interaction with EMS Cloud 7.4.3 is affecting Windows Update performance or blocking the process.
Request
Has anyone experienced similar behavior with:
- EMS 7.4.x
- FortiClient 7.2.x
- Sandbox Cloud enabled
- Windows Update performance issues?
We would appreciate guidance on:
- Recommended compatibility settings
- Additional exclusions required
Thanks in advance for any insight or recommendations