cancel
Showing results for 
Search instead for 
Did you mean: 
gizmagis
Level 11

Web Gateway with SSL Scanner block Windows Update

Jump to solution

Hi Guys,

I am using MWG 7.1.5 with SSL scanner enabled (default rules from library). I can not figure it out why does windows updates not working if SSL scanner is enabled. Anybody has a clue or some kind of idea ?

Regards,

Gregor

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Web Gateway with SSL Scanner block Windows Update

Jump to solution

OK, then let's think different

If URL.Host matches in list (*.windowsupdate.com$;windowsupdate.microsoft.com$;w2ksp*.microsoft.com$;office.microsoft.com$;download.microsoft.com$;update.microsoft.com$) then enable workaround.

In the workaround, you need to only check "Check handling of conflicting content length header". Windows update uses the CL header to check the downloaded files against their announced size.

If this doesn't help, I suggest opening a call with support.

best,

Michael

0 Kudos
4 Replies
McAfee Employee

Re: Web Gateway with SSL Scanner block Windows Update

Jump to solution

Just on a guess, we are prompting windows upgrade with a page to confirm the certificate , which it can't see. Did you trust MWG's root CA in your browser?

best,

michael

0 Kudos
gizmagis
Level 11

Re: Web Gateway with SSL Scanner block Windows Update

Jump to solution

MWG's root CA is trusted on all machines (Group policy). Anyway, if SSL Scanner is enabled windows update always fail.

Gregor

0 Kudos
McAfee Employee

Re: Web Gateway with SSL Scanner block Windows Update

Jump to solution

OK, then let's think different

If URL.Host matches in list (*.windowsupdate.com$;windowsupdate.microsoft.com$;w2ksp*.microsoft.com$;office.microsoft.com$;download.microsoft.com$;update.microsoft.com$) then enable workaround.

In the workaround, you need to only check "Check handling of conflicting content length header". Windows update uses the CL header to check the downloaded files against their announced size.

If this doesn't help, I suggest opening a call with support.

best,

Michael

0 Kudos
gizmagis
Level 11

Re: Web Gateway with SSL Scanner block Windows Update

Jump to solution

Hi michael... your solution could be correct. I will wait another day or two if everything will work as it should, before thanking you. Meanwhile you get my points for probably correct answer (if I forgot to click it later)

thx,

Gregor

0 Kudos