cancel
Showing results for 
Search instead for 
Did you mean: 

AMP blocking

SOLVED
Here to help

AMP blocking

Have an MX84 with firmware:  MX 13.36

 

Cannot run Windows Update (on either Windows 7 or Win 10) with Threat Protection on.  Disabled AMP & changed IPS to Detection Mode and it works.

 

I attempted to make the following AMP whitelists, but without success:

*.windowsupdate.com/*

*.microsoft.com/*

 

I can also document the issue from linux with:

wget http://download.windowsupdate.com/c/msdownload/update/others/2018/10/27555021_67b2474502ce5e63e1b326...

 

That fails with AMP on, and succeeds with AMP off, so I know it is not an issue with any of the Windows workstations.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: AMP blocking

We have 14.19 and 14.27 on hundreds of MXes. No problems. 

8 REPLIES 8
A model citizen

Re: AMP blocking

I know MX13.xx has some issues with AMP, particularly the Whitelist. Meraki has done a lot of work in the MX14.xx firmware revisions to improve this and has worked from my observations. I would suggest trying that out for you. Maybe try updating a test environment first to make sure it doesn't have a bug that might cause an issue for you.

Here to help

Re: AMP blocking

Any issues I should be concerned about with switching production to a Beta firmware??? I worry even typing that on Halloween....

Kind of a big deal

Re: AMP blocking

@khowanitz You dont happen to have any content filtering rules blocking Windows updates do you?

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
A model citizen

Re: AMP blocking

@khowanitz I find that Meraki's beta firmware releases to be quite stable. I would highly recommend testing before changing firmware revisions, but that would be for beta or stable.

Conversationalist

Re: AMP blocking

Not exactly the same, but we have a MX100/13.36 and as far as I know, we have never had any windows updates issues.  We set up new machines constantly and we would notice if windows update was not functional.  AMP = enabled and IDS = detection/balanced.

No whitelist.

2 deny layer 7 rules

 

Kind of a big deal

Re: AMP blocking

I'm with @MacuserJim - move to 14.x code.  We have a large number of customers using 14.x.  It works well.

Highlighted
Kind of a big deal

Re: AMP blocking

We have 14.19 and 14.27 on hundreds of MXes. No problems. 

Here to help

Re: AMP blocking

I have updated to 14.34 then turned Threat Protection back on. (Enabled AMP & changed IPS to Prevention Mode.)

 

Windows Update is working properly.

 

Thanks!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.