AMP blocking Microsoft Security Updates

rhamersley
Getting noticed

AMP blocking Microsoft Security Updates

Has any changes recently to Meraki AMP that would cause some Microsoft updates being blocked.   Has AMP's dispositions updates changed to block Microsoft security updates for this month?

 

#

Timeslice

action

dest_ip

dest_port

disposition

eventcount

mac

name

sha256

src_ip

src_port

url

1

07/14/2023 09:31:28 AM EDT

block

209.197.3.8

80

malicious

1

03:DA:62:6C:65:BC

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.101

53601

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?e3af382994298...

2

07/14/2023 09:31:23 AM EDT

block

209.197.3.8

80

malicious

1

03:CA:03:AC:F9:6E

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.122

57537

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?3c00f3ac30e0c...

3

07/14/2023 09:31:12 AM EDT

block

209.197.3.8

80

malicious

1

03:CA:03:AC:F9:6E

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.122

57508

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?b1333292a8f47...

4

07/14/2023 09:29:37 AM EDT

block

209.197.3.8

80

malicious

1

03:ED:38:A7:D8:B9

GA_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.16.108

49986

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?f58235544e96a...

5

07/14/2023 09:29:23 AM EDT

block

209.197.3.8

80

malicious

1

03:DA:62:6C:65:BC

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.101

53531

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?93973fae5b121...

6

07/14/2023 09:29:23 AM EDT

block

209.197.3.8

80

malicious

1

03:DA:62:6C:65:BC

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.101

53532

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?0dcc104a67523...

7

07/14/2023 09:29:19 AM EDT

block

209.197.3.8

80

malicious

1

03:77:19:74:2E:E8

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.58

58044

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?f19273b530388...

8

07/14/2023 09:29:18 AM EDT

block

209.197.3.8

80

malicious

1

03:77:19:74:2E:E8

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.58

58042

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?f0309c6b70dec...

9

07/14/2023 09:28:51 AM EDT

block

72.21.81.200

80

malicious

1

03:53:3E:2B:FA:5B

EP_FW01

9b8db510ef42b8ed54a3712636fda55a4f8cfcd5493e20b74ab00cd4f3979f2d

10.1.17.27

53389

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0a309cb7-a9a1-4f87-9ac4-...

10

07/14/2023 09:28:51 AM EDT

block

72.21.81.200

80

malicious

1

03:53:3E:2B:FA:5B

EP_FW01

9b8db510ef42b8ed54a3712636fda55a4f8cfcd5493e20b74ab00cd4f3979f2d

10.1.17.27

53388

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0a309cb7-a9a1-4f87-9ac4-...

11

07/14/2023 09:28:48 AM EDT

block

209.197.3.8

80

malicious

1

03:53:3E:2B:FA:5B

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.27

53375

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?de31690b9ad2a...

12

07/14/2023 09:28:48 AM EDT

block

209.197.3.8

80

malicious

1

03:53:3E:2B:FA:5B

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.27

53380

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?aa7691569af69...

13

07/14/2023 09:28:47 AM EDT

block

209.197.3.8

80

malicious

1

03:53:3E:2B:FA:5B

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.27

53373

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?d0c65cf44df00...

14

07/14/2023 09:28:46 AM EDT

block

72.21.81.200

80

malicious

1

03:53:3E:2B:FA:5B

EP_FW01

9b8db510ef42b8ed54a3712636fda55a4f8cfcd5493e20b74ab00cd4f3979f2d

10.1.17.27

53372

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0a309cb7-a9a1-4f87-9ac4-...

15

07/14/2023 09:28:02 AM EDT

block

209.197.3.8

80

malicious

1

03:D3:F0:D1:4D:FF

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.109

61485

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?48a97999ec95b...

16

07/14/2023 09:28:02 AM EDT

block

209.197.3.8

80

malicious

1

03:D3:F0:D1:4D:FF

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.109

61472

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?412ea57d31e4b...

17

07/14/2023 09:28:01 AM EDT

block

209.197.3.8

80

malicious

1

03:D3:F0:D1:4D:FF

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.109

61471

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?e98a5752b2b0f...

18

07/14/2023 09:26:55 AM EDT

block

72.21.81.240

80

malicious

1

03:DA:62:6C:65:BC

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.101

53468

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?868996573b5fa...

19

07/14/2023 09:26:29 AM EDT

block

72.21.81.240

80

malicious

1

03:AF:44:A8:BF:8A

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.240

51605

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?bb0d0bc092c66...

20

07/14/2023 09:26:22 AM EDT

block

72.21.81.240

80

malicious

1

03:AF:44:A8:BF:8A

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.240

51560

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?d8d8185aeb647...

21

07/14/2023 09:26:21 AM EDT

block

72.21.81.240

80

malicious

1

03:AF:44:A8:BF:8A

EP_FW01

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

10.1.17.240

51554

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?3d6c8b90751c8...

1 Reply 1
Mustafa_Taqi
Meraki Employee
Meraki Employee

This can be caused by AMP's inability to connect to AMP cloud. This will cause all AMP inspected file downloads to be blocked unless AMP is manually disabled.

 

Most likely culprit is a firewall issue, or a DNS issue preventing the MX from resolving AMP Cloud hostnames. 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels