AMP blocking

Solved
khowanitz
Here to help

AMP blocking

Have an MX84 with firmware:  MX 13.36

 

Cannot run Windows Update (on either Windows 7 or Win 10) with Threat Protection on.  Disabled AMP & changed IPS to Detection Mode and it works.

 

I attempted to make the following AMP whitelists, but without success:

*.windowsupdate.com/*

*.microsoft.com/*

 

I can also document the issue from linux with:

wget http://download.windowsupdate.com/c/msdownload/update/others/2018/10/27555021_67b2474502ce5e63e1b326...

 

That fails with AMP on, and succeeds with AMP off, so I know it is not an issue with any of the Windows workstations.

1 Accepted Solution
jdsilva
Kind of a big deal

We have 14.19 and 14.27 on hundreds of MXes. No problems. 

View solution in original post

10 Replies 10
MacuserJim
A model citizen

I know MX13.xx has some issues with AMP, particularly the Whitelist. Meraki has done a lot of work in the MX14.xx firmware revisions to improve this and has worked from my observations. I would suggest trying that out for you. Maybe try updating a test environment first to make sure it doesn't have a bug that might cause an issue for you.

Any issues I should be concerned about with switching production to a Beta firmware??? I worry even typing that on Halloween....

@khowanitz You dont happen to have any content filtering rules blocking Windows updates do you?

@khowanitz I find that Meraki's beta firmware releases to be quite stable. I would highly recommend testing before changing firmware revisions, but that would be for beta or stable.

Spack
Getting noticed

Not exactly the same, but we have a MX100/13.36 and as far as I know, we have never had any windows updates issues.  We set up new machines constantly and we would notice if windows update was not functional.  AMP = enabled and IDS = detection/balanced.

No whitelist.

2 deny layer 7 rules

 

PhilipDAth
Kind of a big deal
Kind of a big deal

I'm with @MacuserJim - move to 14.x code.  We have a large number of customers using 14.x.  It works well.

jdsilva
Kind of a big deal

We have 14.19 and 14.27 on hundreds of MXes. No problems. 

I have updated to 14.34 then turned Threat Protection back on. (Enabled AMP & changed IPS to Prevention Mode.)

 

Windows Update is working properly.

 

Thanks!

I'm running MX with v14.39 and in Prevention/Security mode.

 

Can't get sccm to work without Whitelisting the machine being imaged.  Added the IP's for the SCCM server but still blocks.  Getting mostly MALWARE-Other Executable Control Panel file download.

 

Anyone have any luck in Security mode?

The only way I was able to get it to work was to upgrade the firewall firmware. 😞  Sorry!!

Get notified when there are additional replies to this discussion.