Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Windows Update

  1. #1
    Master Untangler
    Join Date
    Mar 2011
    Location
    Auburn, NY
    Posts
    438

    Default Windows Update

    So we have had Untangle in place with 400 or so users for roughly a month now. Virus blocker has picked up 7 viruses. Now if only they weren't all Microsoft updates. 7/7 all updates. Any way to stop this from happening?

  2. #2
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    719

    Default

    WSUS server and bypassing that servers IP. 400 nodes you would have some sort of local repository for windows updates already?

    Do you know what windows updates seem to be triggering the virus blocker?
    The beatings shall continue until morale improves!

  3. #3
    Untangler IHateShuttle's Avatar
    Join Date
    Jul 2009
    Location
    Left Coast
    Posts
    73

    Default

    Kinda makes me wonder what caused them to be flagged in the first place...

  4. #4
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,636

    Default

    false positives.

    WSUS for sure for an office that big, save a ton on bandwidth.
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  5. #5
    Master Untangler
    Join Date
    Mar 2011
    Location
    Auburn, NY
    Posts
    438

    Default

    Quote Originally Posted by Mathiau View Post
    false positives.

    WSUS for sure for an office that big, save a ton on bandwidth.
    We have WSUS, should it not be going through Untangle? Appreciate the quick input guys!!

  6. #6
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    719

    Default

    For a trusted server you may want to either bypass its network traffic or use policy manager to send it through a lighter more friendly rack (one without virus blocker or looser virus blocker).

    Alternative would be to figure out windows update servers ip ranges and allowing them through, but that is harder. Haven't seen the virus blocker pop on a MS update before though. Very curious what the update was.
    Last edited by Big D; 07-18-2011 at 02:01 PM.
    The beatings shall continue until morale improves!

  7. #7
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,293

    Default

    I've seen a few Windows Updates get blocked as viruses. They always work after the next signature update.

  8. #8
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,636

    Default

    Ya, i would allow your WSUS box access out on port 80/443 and it should be fine
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  9. #9
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,098

    Default

    Strange, I never see a Windows update tagged. You could add a bypass rule for the microsoft site.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  10. #10
    Master Untangler
    Join Date
    Mar 2011
    Location
    Auburn, NY
    Posts
    438

    Default

    Quote Originally Posted by jcoffin View Post
    Strange, I never see a Windows update tagged. You could add a bypass rule for the microsoft site.
    Give you guys a little more detail.

    We use WSUS but do have some odd machines which still utilize the normal windows update method. Virus blocker is again picking up on Microsoft updates.

    jcoffin, so I should be able to add a bypass rule for windows update and from now on all traffic from windows update will be bypassed correct?

    blocked

    10.80.5.212:49258

    (HTTP) http://au.download.windowsupdate.com...34009e84be.cab

    virus found

    70.37.129.94:80

    Looks like Microsoft update uses these 70.37.129.0/24,70.37.128.0/24. I went ahead and made a bypass rule for these destination ranges. That should do the trick.
    Last edited by AdamB; 08-16-2011 at 08:46 AM.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2