GFI Support Home Start a conversation Sign in
Start a conversation
  1. GFI LanGuard
  2. GFI LanGuard - Agent Scanning
  3. Articles

Scans take excessively long (30–90+ minutes) during “Microsoft Security Patches” stage due to Windows Update Agent (WUA) timeouts

Overview

In some environments, the “Microsoft Security Patches” stage of LanGuard scans can hang for ~30 minutes and then retry, causing total scan times to balloon to an hour or more. The securityscanner logs typically show:

  • Repeated “NO New IP detected continuing waiting” entries for ~30 minutes
  • A timeout and kill of the WUA process:
    • TProcessLauncher.LaunchWaitForAndKillProcessGetOutput - The process did not finish in the given amount of time ‘1800000’ ms.
  • A subsequent retry with a longer wait, adding more time to the same scan stage

What’s happening:

  • LanGuard calls Microsoft’s Windows Update Agent (WUA) via lnsscorollary.exe to enumerate installed/missing Microsoft patches.
  • In affected environments, that WUA call exceeds the default first-attempt timeout (30 minutes). LanGuard then kills the process and retries with a longer wait (45 minutes), which inflates overall scan time.
  • Forcing the “long timeout” from the outset avoids the kill-and-retry cycle and improves the end-to-end scan duration.

Solution

Configure WUA to use the “long timeout” on the first attempt so it doesn’t get killed at 30 minutes and retried.

Steps

  1. On the agent machine, open this file in a text editor (create a backup first):
    C:\ProgramData\GFI\LanGuard 12\toolcfg_simple.xml

  2. Add or update the WUA category to include the long-timeout item. If the WUA category does not exist, add the whole category as shown below. If it exists, add just the Item line inside its Items block.

    <Category Name="WUA">
    <Items>
        <Item Name="CheckForUpdates_WUA_UseLongTimeOut"><![CDATA[1]]></Item>
    </Items>
</Category>

  3. Save the file.

  4. Rerun a scan on one affected machine and observe the “Microsoft Security Patches” stage. You should no longer see the 30‑minute timeout/kill followed by a retry, and total scan time should improve accordingly.

Note

  • This adjustment does not fix an underlying Windows Update/WUA slowness; it prevents the wasted time from an aborted first attempt. If scans remain slow, also review standard performance recommendations (AV exclusions, storage/network health, etc.) separately.
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Keyur Saxena

  2. Posted

Comments