Windows Updates Blocked by Default Business Profile

iSpeed
iSpeed Posts: 110
First Comment Third Anniversary
 Ally Member
edited April 2021 in Security

Just installed a ATP200 for a client and am using the default Business Security Profile protection and SecuReporter. Everything is working nicely, but it appears to be blocking Windows Updates. Can anyone provide some insight on how to allow?

«1

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,177
    100 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    Hi @iSpeed

    As your description the traffic is blocked by Content Filter “Business Productivity Protection” rule.

    You can go to Monitor > Log to check which URL is blocked.

    And then go to custom service to add URL into trusted web sites. Then the traffic will allow by this rule.


  • iSpeed
    iSpeed Posts: 110
    First Comment Third Anniversary
     Ally Member

    Stanley, It may be App Patrol that is blocking Windows Updates. Is it a similar procedure?

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,177
    100 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    Hi @iSpeed

    In App Portal has defined Windows update service.

    You can make sure it is forwarded in your profile.

    To find the root cause of it, we have to clarify which security service drops download traffic from server side.

    You can click Windows update on your PC, and go Monitor > Log to make sure if there is any drop log.

  • iSpeed
    iSpeed Posts: 110
    First Comment Third Anniversary
     Ally Member

    Stanley, I believe it's content filter, but what happens is the win update starts to download and then just hangs and doesn't complete. When I turn off the filter updates go back to normal. See attached wondering if it's this version 3 ssl filter and timeout.

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,177
    100 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    Hi @iSpeed

    Can you make sure which URL is blocked by Content Filter?

    When CF function is enabled, and click Windows update.

    Then Windows update will fail and then go to Monitor > Log to check which URL is blocked by CF. It will display blocked URL and category.

  • hello I have same problem, any solution?

  • iSpeed
    iSpeed Posts: 110
    First Comment Third Anniversary
     Ally Member

    I've added *.microsoft.com to the trusted websites tab in content filter bpp service. I think it's fixed, but still testing. You may have to add windowsupdates.com or other also.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 990
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 500 Comments
     Guru Member

    Hi @iSpeed

    Thanks for updating your test result.😀


    @neilos2015

    You could follow Stanley’s instruction to add windows update server to trusted web site.

  • ok solved. Thank you

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 990
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 500 Comments
     Guru Member

    @neilos2015 Good to hear that you solved this issue 😀

Security Highlight