Meraki

Community

AMP blocking

Solved
khowanitz
Here to help
‎Oct 31 2018 1:00 PM
‎Oct 31 2018 1:00 PM

AMP blocking

Have an MX84 with firmware:  MX 13.36

 

Cannot run Windows Update (on either Windows 7 or Win 10) with Threat Protection on.  Disabled AMP & changed IPS to Detection Mode and it works.

 

I attempted to make the following AMP whitelists, but without success:

*.windowsupdate.com/*

*.microsoft.com/*

 

I can also document the issue from linux with:

wget http://download.windowsupdate.com/c/msdownload/update/others/2018/10/27555021_67b2474502ce5e63e1b326...

 

That fails with AMP on, and succeeds with AMP off, so I know it is not an issue with any of the Windows workstations.

0 Kudos
1 Accepted Solution
In response to PhilipDAth
jdsilva
Kind of a big deal
‎Oct 31 2018 3:49 PM
‎Oct 31 2018 3:49 PM

We have 14.19 and 14.27 on hundreds of MXes. No problems. 

http://blog.brokennetwork.ca | @jdsilva

View solution in original post

10 Replies 10
MacuserJim
A model citizen
‎Oct 31 2018 1:02 PM
‎Oct 31 2018 1:02 PM

I know MX13.xx has some issues with AMP, particularly the Whitelist. Meraki has done a lot of work in the MX14.xx firmware revisions to improve this and has worked from my observations. I would suggest trying that out for you. Maybe try updating a test environment first to make sure it doesn't have a bug that might cause an issue for you.

In response to MacuserJim
khowanitz
Here to help
‎Oct 31 2018 1:08 PM
‎Oct 31 2018 1:08 PM

Any issues I should be concerned about with switching production to a Beta firmware??? I worry even typing that on Halloween....

0 Kudos
In response to khowanitz
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Oct 31 2018 1:14 PM
‎Oct 31 2018 1:14 PM

@khowanitz You dont happen to have any content filtering rules blocking Windows updates do you?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to khowanitz
MacuserJim
A model citizen
‎Oct 31 2018 1:22 PM
‎Oct 31 2018 1:22 PM

@khowanitz I find that Meraki's beta firmware releases to be quite stable. I would highly recommend testing before changing firmware revisions, but that would be for beta or stable.

0 Kudos
Spack
Getting noticed
‎Oct 31 2018 2:20 PM
‎Oct 31 2018 2:20 PM

Not exactly the same, but we have a MX100/13.36 and as far as I know, we have never had any windows updates issues.  We set up new machines constantly and we would notice if windows update was not functional.  AMP = enabled and IDS = detection/balanced.

No whitelist.

2 deny layer 7 rules

 

0 Kudos
In response to Spack
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 31 2018 2:47 PM
‎Oct 31 2018 2:47 PM

I'm with @MacuserJim - move to 14.x code.  We have a large number of customers using 14.x.  It works well.

In response to PhilipDAth
jdsilva
Kind of a big deal
‎Oct 31 2018 3:49 PM
‎Oct 31 2018 3:49 PM

We have 14.19 and 14.27 on hundreds of MXes. No problems. 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
khowanitz
Here to help
‎Nov 2 2018 11:36 AM
‎Nov 2 2018 11:36 AM

I have updated to 14.34 then turned Threat Protection back on. (Enabled AMP & changed IPS to Prevention Mode.)

 

Windows Update is working properly.

 

Thanks!

In response to khowanitz
Mdillender
Comes here often
‎Jun 26 2019 2:16 PM
‎Jun 26 2019 2:16 PM

I'm running MX with v14.39 and in Prevention/Security mode.

 

Can't get sccm to work without Whitelisting the machine being imaged.  Added the IP's for the SCCM server but still blocks.  Getting mostly MALWARE-Other Executable Control Panel file download.

 

Anyone have any luck in Security mode?

0 Kudos
In response to Mdillender
Spack
Getting noticed
‎Sep 23 2019 3:17 PM
‎Sep 23 2019 3:17 PM

The only way I was able to get it to work was to upgrade the firewall firmware. 😞  Sorry!!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.