Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 45 replies
  • Subscribers 13 subscribers
  • Views 7374 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

bad pattern updates......AGAIN????

PatrickLee

Current pattern updates v208978. Blocking App Store courier.push.apple.com/


sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.50.20" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x8c7e3100" url="">courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="236" aptptime="127" cattime="30401" avscantime="0" fullreqtime="46490" device="0" auth="0" ua="" exceptions="av,sandbox,fileextension" category="105" reputation="trusted" categoryname="Business"

Can anyone confirm we have a bad pattern updates v206808?  Can't connect to App Store blocking url https://courier.push.apple.com

action="block" method="CONNECT" srcip="192.168.50.20" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x9db16e00" url="https://courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="19295" aptptime="125" cattime="156" avscantime="0" fullreqtime="20543" device="0" auth="0" ua="" exceptions="av,sandbox,fileextension" category="105" reputation="trusted" categoryname="Business"
2022:02:26-18:52:38 httpproxy[14863]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked"

Thanks



This thread was automatically locked due to age.

Top Replies

  • in reply to Amodin +3 verified

    The problem with the pattern number incrementing has been identified and is being resolved.

    This issue is completely cosmetic and has not had any impact on the continued download and updating of the various pattern sets.

    The pattern number displayed on the WebAdmin screen is usually incremented each time we publish an update to any of the individual up2date pattern sets. It's part of the update, but it is only used for display. The version number of each pattern set is used to check whether any actual updates are required.

    We have identified the cause and corrected it. It was related to some recent changes in the hosting infrastructure for our up2date publishing services.

    You should see the pattern number start to increment again later today.

    Jump to answer
Parents Reply Children
  • 0 in reply to RDL

    I tried this.  Didn't work. Thing is, I am connecting, and the logs tell me I get an update.  Other patterns appear to be updating, but the pattern version itself (206808) is not updating.

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

  • 0 in reply to Amodin

    It sounds and looks like there is no update to be downloaded and installed,  It may be the situation talked about earlier that the updates on the weekends come from Ukraine Sophos brains and they're having issues right now.  Let's hope for better outcomes Monday.  THanks Amodin

  • 0 in reply to RDL

    I tried a few minutes ago.  I first changed patterns to manual, applied it, then told it to update - nothing.  Leaving it at manual, I turned off IPS and portscan.  Waited a few minutes.  Turned portscan and IPS back on after changing pattern updates back to 15 min:

    2022:02:27-21:03:42 amodin audld[1056]: no HA system or cluster node
2022:02:27-21:03:42 amodin audld[1056]: patch up2date possible
2022:02:27-21:03:42 amodin audld[1056]: Starting Secured Up2Date Package Downloader
2022:02:27-21:03:42 amodin audld[1056]: Secured Up2date Authentication
2022:02:27-21:03:42 amodin audld[1056]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2022:02:27-21:03:45 amodin audld[1056]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="ipsbundle2"
2022:02:27-21:03:45 amodin auisys[1156]: no HA system or cluster node
2022:02:27-21:03:45 amodin auisys[1156]: waiting for db_verify to return (30 seconds max)
2022:02:27-21:03:46 amodin auisys[1156]: not cleaning /var/up2date/sys-install in --nosys mode
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/appctrl43-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/aptp-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/aws-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/cadata-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/geoip-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/geoipxtipv6-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/ipsbundle2-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/man9-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/ohelp9-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/sasi-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/savi-install'
2022:02:27-21:03:46 amodin auisys[1156]: Starting Up2Date Package Installer
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <man9> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <aws> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <appctrl43> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <ohelp9> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <geoipxtipv6> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <aptp> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <cadata> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <geoip> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <sasi> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <savi> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: Install u2d packages <ipsbundle2>
2022:02:27-21:03:46 amodin auisys[1156]: Starting installing up2date packages for type 'ipsbundle2'
2022:02:27-21:03:46 amodin auisys[1156]: no u2d-ipsbundle2 RPM installed
2022:02:27-21:03:46 amodin auisys[1156]: Installing up2date package: /var/up2date/ipsbundle2/u2d-ipsbundle2-9.621.tgz.gpg
2022:02:27-21:03:46 amodin auisys[1156]: Verifying up2date package signature
2022:02:27-21:03:47 amodin auisys[1156]: Unpacking installation instructions
2022:02:27-21:03:47 amodin auisys[1156]: parsing installation instructions
2022:02:27-21:03:47 amodin auisys[1156]: Unpacking up2date package container
2022:02:27-21:03:47 amodin auisys[1156]: Running pre-installation checks
2022:02:27-21:03:47 amodin auisys[1156]: Starting up2date package installation
2022:02:27-21:04:03 amodin auisys[1156]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.621" package="ipsbundle2"
2022:02:27-21:04:03 amodin auisys[1156]: [INFO-306] New Pattern Up2Dates installed
2022:02:27-21:04:04 amodin auisys[1156]: Up2Date Package Installer finished, exiting
2022:02:27-21:04:04 amodin auisys[1156]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
2022:02:27-21:11:01 amodin audld[2441]: no HA system or cluster node
2022:02:27-21:11:01 amodin audld[2441]: patch up2date possible
2022:02:27-21:11:01 amodin audld[2441]: Starting Secured Up2Date Package Downloader
2022:02:27-21:11:02 amodin audld[2441]: Secured Up2date Authentication
2022:02:27-21:11:02 amodin audld[2441]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"

    So the IPS bundles are updating because the last version I saw was 9.50-something, and here it's 9.6.  SAVI is also appearing to update its version.  

    I can also ping us1 and us2 Sophos up2d sites from the UTM and get the AWS responses from them, so they are responding to ICMP at least, lol.

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

  • 0 in reply to Amodin

    Thank you Amodin, that's good news, hopefully the day will be calmer in Europe and someone will address this.  Hope you have a good day and week.

  • 0 in reply to RDL

    2022:02:28-09:22:31 isecsolutions httpproxy[14863]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.50.31" dstip="209.197.3.8" user="" group="" ad_domain="" statuscode="504" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x95845100" url="ctldl.windowsupdate.com/.../pinrulesstl.cab" referer="" error="Connection to server timed out" authtime="0" dnstime="1133" aptptime="50922" cattime="566095" avscantime="0" fullreqtime="122250814" device="0" auth="0" ua="Microsoft-CryptoAPI/10.0" exceptions="av,sandbox,fileextension" category="175" reputation="trusted" categoryname="Software/Hardware" country="United States" country="United States" application="winupdat" app-id="596"
    2022:02:28-09:22:55

    now Windows Update being blocked as well.