This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is this magically an issue all of a sudden with Windows Updates?

Trying to get my Windows Updates, and today I guess the sun isn't hot enough today for it to work?  I've changed nothing, and all of a sudden, things are being blocked.

This has gotten beyond annoying.

2022:07:15-11:04:57 amodin httpproxy[5613]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.18.0.98" dstip="72.21.81.200" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdaf9f100" url="http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b93a4287-ff09-40d2-a7fc-e1f80d4f1044?P1=1658432184&P2=404&P3=2&P4=RwaJHzTwTJ9BDw2gGWPYwQnsS8amfmWYzYy2MGX3HsIkjZedMYOe6U%2bHVE9hZoKAzZZ6dZf8xXtXicG20tHcjA%3d%3d" referer="" error="" authtime="0" dnstime="0" aptptime="0" cattime="176" avscantime="0" fullreqtime="37044" device="0" auth="0" ua="Microsoft BITS/7.8" exceptions="av,sandbox,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business" content-type="application/x-chrome-extension" reason="range"
2022:07:15-11:04:58 amodin httpproxy[5613]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="172.18.0.98" dstip="72.21.81.200" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdaf9f100" url="http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b93a4287-ff09-40d2-a7fc-e1f80d4f1044?P1=1658432184&P2=404&P3=2&P4=RwaJHzTwTJ9BDw2gGWPYwQnsS8amfmWYzYy2MGX3HsIkjZedMYOe6U%2bHVE9hZoKAzZZ6dZf8xXtXicG20tHcjA%3d%3d" referer="" error="" authtime="0" dnstime="419" aptptime="0" cattime="144" avscantime="0" fullreqtime="39963" device="0" auth="0" ua="Microsoft BITS/7.8" exceptions="av,sandbox,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business" country="United States" content-type="application/x-chrome-extension"
2022:07:15-11:04:58 amodin httpproxy[5613]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.18.0.98" dstip="72.21.81.200" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdaf9f100" url="http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b93a4287-ff09-40d2-a7fc-e1f80d4f1044?P1=1658432184&P2=404&P3=2&P4=RwaJHzTwTJ9BDw2gGWPYwQnsS8amfmWYzYy2MGX3HsIkjZedMYOe6U%2bHVE9hZoKAzZZ6dZf8xXtXicG20tHcjA%3d%3d" referer="" error="" authtime="0" dnstime="0" aptptime="0" cattime="151" avscantime="0" fullreqtime="38305" device="0" auth="0" ua="Microsoft BITS/7.8" exceptions="av,sandbox,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business" content-type="application/x-chrome-extension" reason="range"
2022:07:15-11:04:58 amodin httpproxy[5613]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="172.18.0.98" dstip="72.21.81.200" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdaf9f100" url="http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b93a4287-ff09-40d2-a7fc-e1f80d4f1044?P1=1658432184&P2=404&P3=2&P4=RwaJHzTwTJ9BDw2gGWPYwQnsS8amfmWYzYy2MGX3HsIkjZedMYOe6U%2bHVE9hZoKAzZZ6dZf8xXtXicG20tHcjA%3d%3d" referer="" error="" authtime="0" dnstime="448" aptptime="0" cattime="178" avscantime="0" fullreqtime="41235" device="0" auth="0" ua="Microsoft BITS/7.8" exceptions="av,sandbox,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business" country="United States" content-type="application/x-chrome-extension"



This thread was automatically locked due to age.
Parents
  • __________________________________________________________________________________________________________________

  • Honestly, sorry - I'd have to reply with 'That's BS'.  

    Why is this just today an issue, after running fine after all this time?

    Why would my UTM just decide after so long to just start screwing it up now?

    Oh, by the way:

    A screenshot from my UTM, showing the exact thing your old issue told me to do, which has been there since I reimaged my UTM. Content removal was checked already, I unchecked it trying to fix this problem. This is actually created when you install UTM, so I don't see why we are back at asking:  "Why is this STILL an issue?"

    And if it's been such a problem for all these versions - why not fix it?  Why drag this crap out over three versions of being the same issue?  Is this just another attempt to push XG on people so you don't have to fix UTM problems?

    Just EoL UTM already and get it over with if that's the case.

    I am so over boxing with this.

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

  • You see the reason Range in your Log entry. Check the past logs if Windows Updates worked differently. Essentially this is not a change of UTM / Sophos, instead something happend in your setup or Windows changed the method to update. The Range blocking was in the product for quite a while. 

    And to fix this, would mean to give UTM a DPI engine like SFOS has. Which means years of development and new architecture, which the UTM is not capable of doing. As the httpproxy is simply a proxy within the system, you cannot "simply give it a DPI Engine". You would have to bring firewalling and other systems into the system to get to the point, where SFOS is right now - having a full scale DPI engine using TLS 1.3 on all ports. Because this is how you can deal with Range downloads. See: https://en.wikipedia.org/wiki/Byte_serving

    And you should adjust the Exception based on the KB. 

    __________________________________________________________________________________________________________________

Reply
  • You see the reason Range in your Log entry. Check the past logs if Windows Updates worked differently. Essentially this is not a change of UTM / Sophos, instead something happend in your setup or Windows changed the method to update. The Range blocking was in the product for quite a while. 

    And to fix this, would mean to give UTM a DPI engine like SFOS has. Which means years of development and new architecture, which the UTM is not capable of doing. As the httpproxy is simply a proxy within the system, you cannot "simply give it a DPI Engine". You would have to bring firewalling and other systems into the system to get to the point, where SFOS is right now - having a full scale DPI engine using TLS 1.3 on all ports. Because this is how you can deal with Range downloads. See: https://en.wikipedia.org/wiki/Byte_serving

    And you should adjust the Exception based on the KB. 

    __________________________________________________________________________________________________________________

Children