gpupdate.exe
- File Path:
C:\windows\SysWOW64\gpupdate.exe - Description: Microsoft Group Policy Update Utility
Hashes
| Type | Hash |
|---|---|
| MD5 | E84B49E0226ED4B1912FD136526BECBA |
| SHA1 | BA7D36400BAA7F2578A86D8D7418755433FE9D47 |
| SHA256 | A2DBB68E62468B24185BAF6E305A756F0FE3EB34F218417A1D579CF3D4A4BCAB |
| SHA384 | 32347A34A9A2A38707D612ED7D783752E0EE7406D2D8D7AA0279319D86E0DAB9F1C08987C303E0A2DD8CEFA078B1DA03 |
| SHA512 | E80DC518B4CA1CC836E93FD9D140D1DCAC4C614F7CDE77FC73E69CA4AEE5A9789C7933ECD5149C71223773B92CA716087CDDF7AC4A0D2B10F729DF036DB696C1 |
| SSDEEP | 192:6GCX4/WACGZU612fNck+iEQlYQXvTX2H7mIo9PkqkSWFeDWN6ef4:6GCrACXfNB+iEOYQX7a86SWFeDWN6 |
Signature
- Status: The file C:\windows\SysWOW64\gpupdate.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
- Serial: ``
- Thumbprint: ``
- Issuer:
- Subject:
File Metadata
- Original Filename: GPUpdate.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
- Product Version: 6.3.9600.16384
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
Possible Misuse
The following table contains possible examples of gpupdate.exe being misused. While gpupdate.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | sysmon_suspicious_remote_thread.yml | - '\gpupdate.exe' |
DRL 1.0 |
| sigma | proc_creation_win_susp_spoolsv_child_processes.yml | - \gpupdate.exe |
DRL 1.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
gpupdate
Updates Group Policy settings.
Syntax
gpupdate [/target:{computer | user}] [/force] [/wait:<VALUE>] [/logoff] [/boot] [/sync] [/?]
Parameters
| Parameter | Description |
|---|---|
/target:{computer|user} |
Specifies that only User or only Computer policy settings are updated. By default, both User and Computer policy settings are updated. |
| /force | Reapplies all policy settings. By default, only policy settings that have changed are applied. |
/wait:<VALUE> |
Sets the number of seconds to wait for policy processing to finish before returning to the command prompt. When the time limit is exceeded, the command prompt appears, but policy processing continues. The default value is 600 seconds. The value 0 means not to wait. The value -1 means to wait indefinitely.<p>In a script, by using this command with a time limit specified, you can run gpupdate and continue with commands that do not depend upon the completion of gpupdate. Alternatively, you can use this command with no time limit specified to let gpupdate finish running before other commands that depend on it are run. |
| /logoff | Causes a logoff after the Group Policy settings are updated. This is required for those Group Policy client-side extensions that do not process policy on a background update cycle but do process policy when a user logs on. Examples include user-targeted Software Installation and Folder Redirection. This option has no effect if there are no extensions called that require a logoff. |
| /boot | Causes a computer restart after the Group Policy settings are applied. This is required for those Group Policy client-side extensions that do not process policy on a background update cycle but do process policy at computer startup. Examples include computer-targeted Software Installation. This option has no effect if there are no extensions called that require a restart. |
| /sync | Causes the next foreground policy application to be done synchronously. Foreground policy is applied at computer boot and user logon. You can specify this for the user, computer, or both, by using the /target parameter. The /force and /wait parameters are ignored if you specify them. |
| /? | Displays Help at the command prompt. |
Examples
To force a background update of all Group Policy settings, regardless of whether they’ve changed, type:
gpupdate /force
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.