Have an MX84 with firmware: MX 13.36
Cannot run Windows Update (on either Windows 7 or Win 10) with Threat Protection on. Disabled AMP & changed IPS to Detection Mode and it works.
I attempted to make the following AMP whitelists, but without success:
I can also document the issue from linux with:
That fails with AMP on, and succeeds with AMP off, so I know it is not an issue with any of the Windows workstations.
Solved! Go to Solution.
I know MX13.xx has some issues with AMP, particularly the Whitelist. Meraki has done a lot of work in the MX14.xx firmware revisions to improve this and has worked from my observations. I would suggest trying that out for you. Maybe try updating a test environment first to make sure it doesn't have a bug that might cause an issue for you.
@khowanitz You dont happen to have any content filtering rules blocking Windows updates do you?
@khowanitz I find that Meraki's beta firmware releases to be quite stable. I would highly recommend testing before changing firmware revisions, but that would be for beta or stable.
Not exactly the same, but we have a MX100/13.36 and as far as I know, we have never had any windows updates issues. We set up new machines constantly and we would notice if windows update was not functional. AMP = enabled and IDS = detection/balanced.
2 deny layer 7 rules
I have updated to 14.34 then turned Threat Protection back on. (Enabled AMP & changed IPS to Prevention Mode.)
Windows Update is working properly.
I'm running MX with v14.39 and in Prevention/Security mode.
Can't get sccm to work without Whitelisting the machine being imaged. Added the IP's for the SCCM server but still blocks. Getting mostly MALWARE-Other Executable Control Panel file download.
Anyone have any luck in Security mode?