cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Tighten Down Those TLS Settings, and Enhance Your Error Handling Microsoft and Akamai

I was doing some rule tracing, and noticed these requests for akamaized.net (img-prod-cms-rt-microsoft-com.akamaized.net)—hordes of them.  They were really making rule tracing difficult to read there were so many.   So, I started digging.

The User-Agent string is for Microsoft Edge (yes, an exact match)—but I’m not running Microsoft edge.  I tried blocking it (just for me), and nothing complained. 

I started doing Internet searches for the host name. About the tenth link down, someone had written a script to pull these things—to get the “imageFileData”.  So, I pulled one down to an appliance with curl, and it was clearly binary.  I pulled it from the appliance to my laptop, and it turns out to be a jpeg, a pretty image of thatch umbrellas on a beach:

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWj8J0?ver=4676

This looked very much like the kind of image we see on our Windows 10 login screens.  But, why is it pulling so many???

So, I thought I’d grab another, this time using my browser through the proxy… Bam, Failed SSL Handshake for “Unsafe Legacy Renegotiation”.

So, I put an exception in allowing unsafe legacy renegotiation (they're just images, right?), and now it’s quieted down. Go figure.

Hey Microsoft and Akamai, TLS settings, RFC 5746, it's a thing (hostname posted on Qualys SSL Labs).  And, just spewing hordes of requests into the same error over and over again is the definition of insanity. It almost made me crazy.  (And, I almost had it flagged as beaconing.)

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community