It only requires 3 pass rules to avoid the false positive for Microsoft.
Virus-Blocker-Lite-Pass-List.jpg
It only requires 3 pass rules to avoid the false positive for Microsoft.
Virus-Blocker-Lite-Pass-List.jpg
Attention: Support and help on the Untangle Forums is provided by
volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
Thanks, but exceptions are not my issue here...I'm still getting alerts today from mid-February; before I created the exceptions. I'm not getting any new alerts, the exceptions worked. I'm going to just wipe the box and reinstall.
Although, I agree with YeOldeStonecat to an extent...I don't mind adding some exceptions and that wouldn't be an issue, but you have to do it manually on every single box....centralized management is definitely a must to be able to scale with Untangle.
Oh there's much MUCH more...I don't care about Microsoft updates (we handle much of those through our RMM..N-Ables patch manager) as much as Office 365 functionality. Seriously..it's a full time job until clam fixes this. It's just easier to remove Clam.
https://support.office.com/en-us/art...1-355ea5aa88a2
Just look at that above list....in the link.
Ah...here..I'll copy 'n paste. And this is just for some Microsoft stuff that has hit us hard. There are other 3rd party updates, Java, Adobe, ...list is going on and growing.
***************
Required: Office 365 Portal
Client Computer | Logged on user
*.office365.com
See row three
No
Portal and shared IP ranges.
TCP 443
2
Required: Office 365 Portal
Client Computer | Logged on user
Home.Office.com
Portal.Office.com
agent.office.net
www.office.com
outlook.office365.com
See row three
Yes
Portal and shared IP ranges & Exchange Online IP ranges.
TCP 443
3
Required: CDNs used for portal and shared
Client Computer | Logged on user
Prod.msocdn.com
appsforoffice.microsoft.com
Microsoft and Akamai
No
N/A
TCP 443
4
Required: Shared infrastructure
Client Computer | Logged on user
Clientlog.portal.office.com
Nexus.officeapps.live.com
Various
No
Portal and shared IP ranges.
TCP 443
5
Required: Certificate revocation lists
Client Computer | Logged on user
See well known certificate root CRLs in the table below.
No
No
N/A
TCP 80 & 443
6
Required: Some Office 365 features require endpoints within these domains.
Client Computer | Logged on user
*.onmicrosoft.com
*.microsoft.com
*.office.com
*.msedge.net
*.office.net
*.live.com
*.msocdn.com
No
No
N/A
TCP 443
7
Optional: Shared help and support
Client Computer | Logged on user
support.office.com
products.office.com
technet.microsoft.com
Various
No
N/A
TCP 80 & 443
8
Optional: Deprecated FQDNs
Client Computer | Logged on user
*.glbdns.microsoft.com
No
No
N/A
TCP 80 & 443
9
Optional: Azure Rights Management
Client Computer | Logged on user
*.aadrm.com
*.azurerms.com
No
No
N/A
TCP 443
*.cloudapp.net2
No
No
N/A
TCP 443
10
Optional: Microsoft Azure Active Directory RemoteApp
Client Computer | Logged on user
dc.services.visualstudio.com
liverdcxstorage.blob.core.windowsazure.com
telemetry.remoteapp.windowsazure.com
vortex.data.microsoft.com
www.remoteapp.windowsazure.com
No
Varies3
N/A
TCP 443
11
Optional: Office 365 Management Pack for Operations Manager
Customer Operations Manager environment | Machine1 Account
office365servicehealthcommunications.cloudapp.net
No
Resident "Geek on a Harley" in Southeast Connecticut, USA.
Just add exclusions to all MS product updates. Problem solved.
Virus Blocker Lite (CLAMAV) - Clam is good at recognizing bad packers, for that it's wise to keep it running. It can nail some unknown malware by the simple virtue of it's strong packer recognition. That's why I like it. Also our lab submits directly to ClamAV, so it is relevant for my home use to ensure ClamAV gets some really nasty stuff other products might miss. Otherwise, yes, it's mediocre at best and we all know that. But it serves a purpose IMO.