I can confirm the issue.  Looks like a false positive ... a malicious ZIP file from a Microsoft cdn on a lot of windows clients? doesn't sound plausible   Kind regards Nick ... View more

Reply of Meraki support: IPS/SNORT blocking Microsoft traffic   Dear Giacomo, i can't accept this explanation of Meraki. There are even problems with big services like Microsoft Exchange Online and so on. So nobody is able to fix this beside Microsoft themselves.  I understand there is some kind of security issue but it was released hours ago and now breaking traffic for a lot of customers is not the right way to handle it. Does the whitlisting work or is it dropped as there answers already said after 5-10 minutes? Turning off the IDS is NO solution ... View more

I think there is some correlation to latest Exchange-server updates, where Microsoft recommended to activate Extended Protection. This changes a lot in the SSL configuation of the IIS. And maybe someone on snort tried to create a IDS rule to block this kind of attack and finally configured some bad preferences to identify a real attack instead of normal traffic to an IIS with SSL ... View more