Windows Update

[jcoffin]

Yes, the bypass should work.

[AdamB]

Yes, the bypass should rule.

Great, appreciate the input!

[AdamB]

Going on 4 months of having Untangle. Not a single virus has been caught. What it has caught is some more Windows updates, I can't keep up with all these microsoft update server IP's, the bypass rule is quite worthless, unless I can use the domain in the bypass rule like this "download.windowsupdate.com"

Thanks,
Adam

[sky-knight]

Going on three years with Untangle, I've seen 1 windows update caught and it corrected itself in a few days without further modification.

Virus Blocker reports 79 infections removed, 10 blocked.
Kaspersky reports another 21 infections removed.

This since the last reboot, which would have been the upgrade to 9.0.2.

[AdamB]

Going on three years with Untangle, I've seen 1 windows update caught and it corrected itself in a few days without further modification.

Virus Blocker reports 79 infections removed, 10 blocked.
Kaspersky reports another 21 infections removed.

This since the last reboot, which would have been the upgrade to 9.0.2.

This isn't a huge network 400-500 users, I would think we would have caught at least 1 or 2 viruses by now, or everyone here is just extremely careful.

Every time I see the virus blocker got something I get excited to see, but then it turns out to be a windows update. So within 4 months that's roughly 15 times it has caught a windows update as a virus, but has yet to actually catch a virus, must be my users are smarter than the average.

Either way any idea on whether the domain will work in the bypass rules, I know it doesn't in the firewall so I figured I would ask.

[sky-knight]

Or the Web Filter is doing its job.

I get these things in my logs because I often disable the web filter for testing. But in my experience the malware category on the zVelo Web Filter is nailing most things before the AV modules get a hold of it.

[hlarsen]

any idea on whether the domain will work in the bypass rules

sorry, it won't - you'll need to stick with IPs.

[AdamB]

Well then a bypass rule is pointless. I would spend most of my day trying to pin down all the different addresses. They seem to change on a daily basis.

[sky-knight]

You can't bypass Windows Updates, they are served via CDN. Furthermore, as I indicated before, this process isn't required as Windows Updates function normally.

If you need further assistance I suggest you call UT support, and get their engineers to deal with it. I'm sure they'd love to get their hands on an asymptomatic AV module that is consistently breaking something this big.

Of course that assumes you have support for a box in production. You do have support don't you?

[AdamB]

You can't bypass Windows Updates, they are served via CDN. Furthermore, as I indicated before, this process isn't required as Windows Updates function normally.

If you need further assistance I suggest you call UT support, and get their engineers to deal with it. I'm sure they'd love to get their hands on an asymptomatic AV module that is consistently breaking something this big.

Of course that assumes you have support for a box in production. You do have support don't you?

Nope no live support. I definitely find it odd, my untangle install at home never picks up on windows updates.