gpupdate.exe

  • File Path: C:\windows\SysWOW64\gpupdate.exe
  • Description: Microsoft Group Policy Update Utility

Hashes

Type Hash
MD5 E84B49E0226ED4B1912FD136526BECBA
SHA1 BA7D36400BAA7F2578A86D8D7418755433FE9D47
SHA256 A2DBB68E62468B24185BAF6E305A756F0FE3EB34F218417A1D579CF3D4A4BCAB
SHA384 32347A34A9A2A38707D612ED7D783752E0EE7406D2D8D7AA0279319D86E0DAB9F1C08987C303E0A2DD8CEFA078B1DA03
SHA512 E80DC518B4CA1CC836E93FD9D140D1DCAC4C614F7CDE77FC73E69CA4AEE5A9789C7933ECD5149C71223773B92CA716087CDDF7AC4A0D2B10F729DF036DB696C1
SSDEEP 192:6GCX4/WACGZU612fNck+iEQlYQXvTX2H7mIo9PkqkSWFeDWN6ef4:6GCrACXfNB+iEOYQX7a86SWFeDWN6

Signature

  • Status: The file C:\windows\SysWOW64\gpupdate.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: GPUpdate.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of gpupdate.exe being misused. While gpupdate.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma sysmon_suspicious_remote_thread.yml - '\gpupdate.exe' DRL 1.0
sigma proc_creation_win_susp_spoolsv_child_processes.yml - \gpupdate.exe DRL 1.0

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


gpupdate

Updates Group Policy settings.

Syntax

gpupdate [/target:{computer | user}] [/force] [/wait:<VALUE>] [/logoff] [/boot] [/sync] [/?]

Parameters

Parameter Description
/target:{computer|user} Specifies that only User or only Computer policy settings are updated. By default, both User and Computer policy settings are updated.
/force Reapplies all policy settings. By default, only policy settings that have changed are applied.
/wait:<VALUE> Sets the number of seconds to wait for policy processing to finish before returning to the command prompt. When the time limit is exceeded, the command prompt appears, but policy processing continues. The default value is 600 seconds. The value 0 means not to wait. The value -1 means to wait indefinitely.<p>In a script, by using this command with a time limit specified, you can run gpupdate and continue with commands that do not depend upon the completion of gpupdate. Alternatively, you can use this command with no time limit specified to let gpupdate finish running before other commands that depend on it are run.
/logoff Causes a logoff after the Group Policy settings are updated. This is required for those Group Policy client-side extensions that do not process policy on a background update cycle but do process policy when a user logs on. Examples include user-targeted Software Installation and Folder Redirection. This option has no effect if there are no extensions called that require a logoff.
/boot Causes a computer restart after the Group Policy settings are applied. This is required for those Group Policy client-side extensions that do not process policy on a background update cycle but do process policy at computer startup. Examples include computer-targeted Software Installation. This option has no effect if there are no extensions called that require a restart.
/sync Causes the next foreground policy application to be done synchronously. Foreground policy is applied at computer boot and user logon. You can specify this for the user, computer, or both, by using the /target parameter. The /force and /wait parameters are ignored if you specify them.
/? Displays Help at the command prompt.

Examples

To force a background update of all Group Policy settings, regardless of whether they’ve changed, type:

gpupdate /force

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.