We have XG Firewall (SFOS 17.0.3 MR-3)
Some of our users have been reporting an issue where on computer startup Windows notifies the user that it was unable to install the latest update. Windows update gives error 0x80070020. In process of fixing this i also found out that Windows 10 Media creation tool loops back to 0% at 60% and is not able to finish.
I used the media creation tool to troubleshoot this. And finally I found out that if I go to Protect > Firewall > Internet Access Rule and disable these settings the media creation tool finishes successfully. And I was able to upgrade windows 10 on one computer:
- Scan HTTP
- Scan FTP for Malware
Over a year ago we had other issues with XG and Win10 updates. Then it was a problem that computers updating win10 used all of the bandwith and were looping in a manner that they actually were not able to get the updates. This I fixed with exceptions (web > exceptions). I got the list of them from here: https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/77994/office-2016-365-install-failing-with-error-30174-4-1392---possible-range-requests-issue
I won't list all of them here, you can read them from link above. Among others these are included:
- ^([A-Za-z0-9.-]*\.)?microsoft\.com/
- ^([A-Za-z0-9.-]*\.)?windowsupdate\.com/
- officecdn.microsoft.com
- officecdn.microsoft.com.edgesuite.net
All of the exceptions are enabled and all of them have been set to skip:
- HTTPS Decryption
- Malware and Content Scanning
- Sandstorm
- Policy Checks
Could it be that Windows update and/or Media Creation Tool uses some other URL that is not listed? Or did I miss something else and the exceptions are not functioning? Or what is causing this?
This thread was automatically locked due to age.
