Windows Updates Blocked by Default Business Profile

iSpeediSpeed Member Posts: 48  Freshman Member

Just installed a ATP200 for a client and am using the default Business Security Profile protection and SecuReporter. Everything is working nicely, but it appears to be blocking Windows Updates. Can anyone provide some insight on how to allow?

«1

Answers

  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 586  mod

    Hi @iSpeed

    As your description the traffic is blocked by Content Filter “Business Productivity Protection” rule.

    You can go to Monitor > Log to check which URL is blocked.

    And then go to custom service to add URL into trusted web sites. Then the traffic will allow by this rule.


  • iSpeediSpeed Member Posts: 48  Freshman Member

    Stanley, It may be App Patrol that is blocking Windows Updates. Is it a similar procedure?

  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 586  mod

    Hi @iSpeed

    In App Portal has defined Windows update service.

    You can make sure it is forwarded in your profile.

    To find the root cause of it, we have to clarify which security service drops download traffic from server side.

    You can click Windows update on your PC, and go Monitor > Log to make sure if there is any drop log.

  • iSpeediSpeed Member Posts: 48  Freshman Member

    Stanley, I believe it's content filter, but what happens is the win update starts to download and then just hangs and doesn't complete. When I turn off the filter updates go back to normal. See attached wondering if it's this version 3 ssl filter and timeout.

  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 586  mod

    Hi @iSpeed

    Can you make sure which URL is blocked by Content Filter?

    When CF function is enabled, and click Windows update.

    Then Windows update will fail and then go to Monitor > Log to check which URL is blocked by CF. It will display blocked URL and category.

  • hello I have same problem, any solution?

  • iSpeediSpeed Member Posts: 48  Freshman Member

    I've added *.microsoft.com to the trusted websites tab in content filter bpp service. I think it's fixed, but still testing. You may have to add windowsupdates.com or other also.

  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 334  mod

    Hi @iSpeed

    Thanks for updating your test result.😀


    @neilos2015

    You could follow Stanley’s instruction to add windows update server to trusted web site.

  • ok solved. Thank you

    Zyxel_Cooldia
  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 334  mod

    @neilos2015 Good to hear that you solved this issue 😀

Sign In to comment.