Have an MX84 with firmware: MX 13.36
Cannot run Windows Update (on either Windows 7 or Win 10) with Threat Protection on. Disabled AMP & changed IPS to Detection Mode and it works.
I attempted to make the following AMP whitelists, but without success:
*.windowsupdate.com/*
*.microsoft.com/*
I can also document the issue from linux with:
That fails with AMP on, and succeeds with AMP off, so I know it is not an issue with any of the Windows workstations.
Solved! Go to solution.
We have 14.19 and 14.27 on hundreds of MXes. No problems.
I know MX13.xx has some issues with AMP, particularly the Whitelist. Meraki has done a lot of work in the MX14.xx firmware revisions to improve this and has worked from my observations. I would suggest trying that out for you. Maybe try updating a test environment first to make sure it doesn't have a bug that might cause an issue for you.
Any issues I should be concerned about with switching production to a Beta firmware??? I worry even typing that on Halloween....
@khowanitz You dont happen to have any content filtering rules blocking Windows updates do you?
@khowanitz I find that Meraki's beta firmware releases to be quite stable. I would highly recommend testing before changing firmware revisions, but that would be for beta or stable.
Not exactly the same, but we have a MX100/13.36 and as far as I know, we have never had any windows updates issues. We set up new machines constantly and we would notice if windows update was not functional. AMP = enabled and IDS = detection/balanced.
No whitelist.
2 deny layer 7 rules
I'm with @MacuserJim - move to 14.x code. We have a large number of customers using 14.x. It works well.
We have 14.19 and 14.27 on hundreds of MXes. No problems.
I have updated to 14.34 then turned Threat Protection back on. (Enabled AMP & changed IPS to Prevention Mode.)
Windows Update is working properly.
Thanks!
I'm running MX with v14.39 and in Prevention/Security mode.
Can't get sccm to work without Whitelisting the machine being imaged. Added the IP's for the SCCM server but still blocks. Getting mostly MALWARE-Other Executable Control Panel file download.
Anyone have any luck in Security mode?
The only way I was able to get it to work was to upgrade the firewall firmware. 😞 Sorry!!