This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

bad pattern updates......AGAIN????

Current pattern updates v208978. Blocking App Store courier.push.apple.com/


sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.50.20" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x8c7e3100" url="">courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="236" aptptime="127" cattime="30401" avscantime="0" fullreqtime="46490" device="0" auth="0" ua="" exceptions="av,sandbox,fileextension" category="105" reputation="trusted" categoryname="Business"

Can anyone confirm we have a bad pattern updates v206808?  Can't connect to App Store blocking url https://courier.push.apple.com

action="block" method="CONNECT" srcip="192.168.50.20" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x9db16e00" url="https://courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="19295" aptptime="125" cattime="156" avscantime="0" fullreqtime="20543" device="0" auth="0" ua="" exceptions="av,sandbox,fileextension" category="105" reputation="trusted" categoryname="Business"
2022:02:26-18:52:38 httpproxy[14863]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked"

Thanks



This thread was automatically locked due to age.
Parents Reply
  • I tried this.  Didn't work. Thing is, I am connecting, and the logs tell me I get an update.  Other patterns appear to be updating, but the pattern version itself (206808) is not updating.

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

Children
  • It sounds and looks like there is no update to be downloaded and installed,  It may be the situation talked about earlier that the updates on the weekends come from Ukraine Sophos brains and they're having issues right now.  Let's hope for better outcomes Monday.  THanks Amodin

  • I tried a few minutes ago.  I first changed patterns to manual, applied it, then told it to update - nothing.  Leaving it at manual, I turned off IPS and portscan.  Waited a few minutes.  Turned portscan and IPS back on after changing pattern updates back to 15 min:

    2022:02:27-21:03:42 amodin audld[1056]: no HA system or cluster node
    2022:02:27-21:03:42 amodin audld[1056]: patch up2date possible
    2022:02:27-21:03:42 amodin audld[1056]: Starting Secured Up2Date Package Downloader
    2022:02:27-21:03:42 amodin audld[1056]: Secured Up2date Authentication
    2022:02:27-21:03:42 amodin audld[1056]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:02:27-21:03:45 amodin audld[1056]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="ipsbundle2"
    2022:02:27-21:03:45 amodin auisys[1156]: no HA system or cluster node
    2022:02:27-21:03:45 amodin auisys[1156]: waiting for db_verify to return (30 seconds max)
    2022:02:27-21:03:46 amodin auisys[1156]: not cleaning /var/up2date/sys-install in --nosys mode
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/appctrl43-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/aptp-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/aws-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/cadata-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/geoip-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/geoipxtipv6-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/ipsbundle2-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/man9-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/ohelp9-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/sasi-install'
    2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/savi-install'
    2022:02:27-21:03:46 amodin auisys[1156]: Starting Up2Date Package Installer
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <man9> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <aws> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <appctrl43> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <ohelp9> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <geoipxtipv6> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <aptp> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <cadata> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <geoip> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <sasi> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <savi> found, skipping
    2022:02:27-21:03:46 amodin auisys[1156]: Install u2d packages <ipsbundle2>
    2022:02:27-21:03:46 amodin auisys[1156]: Starting installing up2date packages for type 'ipsbundle2'
    2022:02:27-21:03:46 amodin auisys[1156]: no u2d-ipsbundle2 RPM installed
    2022:02:27-21:03:46 amodin auisys[1156]: Installing up2date package: /var/up2date/ipsbundle2/u2d-ipsbundle2-9.621.tgz.gpg
    2022:02:27-21:03:46 amodin auisys[1156]: Verifying up2date package signature
    2022:02:27-21:03:47 amodin auisys[1156]: Unpacking installation instructions
    2022:02:27-21:03:47 amodin auisys[1156]: parsing installation instructions
    2022:02:27-21:03:47 amodin auisys[1156]: Unpacking up2date package container
    2022:02:27-21:03:47 amodin auisys[1156]: Running pre-installation checks
    2022:02:27-21:03:47 amodin auisys[1156]: Starting up2date package installation
    2022:02:27-21:04:03 amodin auisys[1156]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.621" package="ipsbundle2"
    2022:02:27-21:04:03 amodin auisys[1156]: [INFO-306] New Pattern Up2Dates installed
    2022:02:27-21:04:04 amodin auisys[1156]: Up2Date Package Installer finished, exiting
    2022:02:27-21:04:04 amodin auisys[1156]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
    2022:02:27-21:11:01 amodin audld[2441]: no HA system or cluster node
    2022:02:27-21:11:01 amodin audld[2441]: patch up2date possible
    2022:02:27-21:11:01 amodin audld[2441]: Starting Secured Up2Date Package Downloader
    2022:02:27-21:11:02 amodin audld[2441]: Secured Up2date Authentication
    2022:02:27-21:11:02 amodin audld[2441]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"

    So the IPS bundles are updating because the last version I saw was 9.50-something, and here it's 9.6.  SAVI is also appearing to update its version.  

    I can also ping us1 and us2 Sophos up2d sites from the UTM and get the AWS responses from them, so they are responding to ICMP at least, lol.

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

  • Thank you Amodin, that's good news, hopefully the day will be calmer in Europe and someone will address this.  Hope you have a good day and week.

  • 2022:02:28-09:22:31 isecsolutions httpproxy[14863]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.50.31" dstip="209.197.3.8" user="" group="" ad_domain="" statuscode="504" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x95845100" url="ctldl.windowsupdate.com/.../pinrulesstl.cab" referer="" error="Connection to server timed out" authtime="0" dnstime="1133" aptptime="50922" cattime="566095" avscantime="0" fullreqtime="122250814" device="0" auth="0" ua="Microsoft-CryptoAPI/10.0" exceptions="av,sandbox,fileextension" category="175" reputation="trusted" categoryname="Software/Hardware" country="United States" country="United States" application="winupdat" app-id="596"
    2022:02:28-09:22:55

    now Windows Update being blocked as well.