Windows Updates Blocked by Default Business Profile

iSpeed · June 2019

Just installed a ATP200 for a client and am using the default Business Security Profile protection and SecuReporter. Everything is working nicely, but it appears to be blocking Windows Updates. Can anyone provide some insight on how to allow?

Zyxel_Stanley · June 2019

Hi @iSpeed

As your description the traffic is blocked by Content Filter “Business Productivity Protection” rule.

You can go to Monitor > Log to check which URL is blocked.

And then go to custom service to add URL into trusted web sites. Then the traffic will allow by this rule.

iSpeed · June 2019

Stanley, It may be App Patrol that is blocking Windows Updates. Is it a similar procedure?

Zyxel_Stanley · June 2019

Hi @iSpeed

In App Portal has defined Windows update service.

You can make sure it is forwarded in your profile.

To find the root cause of it, we have to clarify which security service drops download traffic from server side.

You can click Windows update on your PC, and go Monitor > Log to make sure if there is any drop log.

iSpeed · June 2019

contentfilter.jpg

Stanley, I believe it's content filter, but what happens is the win update starts to download and then just hangs and doesn't complete. When I turn off the filter updates go back to normal. See attached wondering if it's this version 3 ssl filter and timeout.

Zyxel_Stanley · June 2019

Hi @iSpeed

Can you make sure which URL is blocked by Content Filter?

When CF function is enabled, and click Windows update.

Then Windows update will fail and then go to Monitor > Log to check which URL is blocked by CF. It will display blocked URL and category.

neilos2015 · July 2019

hello I have same problem, any solution?

iSpeed · July 2019

I've added *.microsoft.com to the trusted websites tab in content filter bpp service. I think it's fixed, but still testing. You may have to add windowsupdates.com or other also.