We are running version 2016.3. We are having issues patching Windows 10 with Endpoint Security enabled. We do not have any issues patching when Endpoint Security is disabled. Under Application Control > Preventions by computer, I see logs that say a disallowed file access was detected, and they all point to the EFI partition on the computer. the path is \Device\HarddiskVolume1\EFI\Microsoft\Boot, and it references multiple folder under that directory that are all language packs formatted liked xx-XX. Somewhere along the lines, the EFI partition becomes full (it starts off with 500mb of space) and Windows updates start reverting. The only way we can get computers to patch is to free up space on the EFI partition by deleting language packs out of the aforementioned directory that are not English, installing an agent with endpoint security disabled, then patching the computer.
Has anyone else run in to this before? an idea of what type of exclusion will need to be set in Endpoint Security in order for this to work properly?