We recently removed Patch Manager from our WSUS and during the deployment we had Wireshark being deployed to workstations. We're now trying to remove Wireshark from some of those workstations, but it continues to reinstall via WSUS. I see no mention of Wireshark in WSUS anymore.
I tried renaming the SoftwareDistribution on the client machines and they still pull the .cab file from the WSUS server? I've even ran the WSUS server clean-up. Anyone have any ideas? If it helps here is the WindowsUpdate log from a client. Again, from what I can see Wireshark has been removed when we decommissioned Patch Manager.
2020/06/30 14:34:31.9704376 4816 6524 Agent Title = Wireshark 3.2.2 x64 (Upgrade)
2020/06/30 14:34:31.9704417 4816 6524 Agent UpdateId = 4E96905D-C3D8-41F3-8D0A-4801E3656EFD.2
2020/06/30 14:34:31.9704563 4816 6524 DataStore Failed to find update with global id of 4E96905D-C3D8-41F3-8D0A-4801E3656EFD.2 (sessiondata = (null))
2020/06/30 14:34:31.9704642 4816 6524 DownloadManager No locked revisions found for update 4E96905D-C3D8-41F3-8D0A-4801E3656EFD.2 (SessionData = (null)); locking the user-specified revision.
2020/06/30 14:34:31.9704724 4816 6524 DataStore Failed to find update with global id of 4E96905D-C3D8-41F3-8D0A-4801E3656EFD.2 (sessiondata = (null))