XG IPS rule dropping Windows 10 Upgrade assistant packets

PGP,

you cannot edit the built-in IPS profile, so in order to allow that signature, clone the IPS profile and add that signature on top of the other signatures where the action is allow.

Regards

Hi Luk,

Thank you for your reply. Can I add it under custom IPS signature?

PGP,

custom IPS signature should be used only when an IPS signature does not exist.

Proceed as I described previously!

Hi Luk,

If I allow Malware Trojan-Downloader.Win32.Molelash.A Runtime Detection matching signature, isn't that mean I could be allowing anything that matches this same signature rule? not only windows 10 upgrade assistant traffic?

Thank you for your help.

Unfortunately yes, until snorts fixes the issue.

Signature based IPS are subjected to false-positive...Open a ticket with Sophos Support in order to communicate the issue.

In the meanwhile, if you need Windows 10 Upgrade Assistant allowed, create a temporary firewall rule that you enable as needed.

Regards

Unfortunately yes, until snorts fixes the issue.

Signature based IPS are subjected to false-positive...Open a ticket with Sophos Support in order to communicate the issue.

In the meanwhile, if you need Windows 10 Upgrade Assistant allowed, create a temporary firewall rule that you enable as needed.

Regards

Thanks Luk. I have contacted Sophos and awaiting their reply. I have been doing temporary firewall rule option whenever I need to use the windows 10 upgrade. However, just a workaround would be good to have a solution.