Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 8800 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems downloading after latest updates applied to UTM. Can download fine directly connected to modem.

MisterKing

Having a problem downloading files through UTM but works fine if I connect directly to modem. I was trying to download a file from MSDN, and it stopped at 19% every single time I tried it on every single computer I tried it on. Switched up my network cables so my laptop was directly connected to the cable modem, and the file downloaded fine. I then went to another computer and tried again, and it failed at 19%. Other files fail in a similar fashion, always stopping at the same percent (for that file), if the file is larger than a couple megabytes. The weirdest part apart from it stopping at the same exact percentage every single time is that the download doesn't "fail"... At least, not for a long time. It just sits there at 19% like it's still working, except no data is actually transferred.

It started happening after the latest updates I applied to the UTM, but unfortunately I hadn't updated in a bit, so it installed like 4 at once. I only noticed something was wrong when I tried to download that file from MSDN, because I tried every hour or so, thinking maybe MSDN was having an issue.  I have no idea where to even start looking to figure out what's wrong. This setup has been working for at least 4 years, so I'm really stumped.

EDIT:
I have UTM 9.355 on a Sophos UTM 320.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Ben

    Awesome. It hasn't completed yet, but it's at 70%! I wonder what the actual problem is, kind of hate to leave IPS turned off... Oh well, people have to be able to download stuff. Thanks a million!

  • 0 in reply to MisterKing

    - you should only activate IPS for software you use

    - if you keep your servers up2date set the time for <6 Month on the patterns, i guess you probably set it to default (24 month)

  • 0 in reply to Ben

    Same problem here. I noticed that the IPS is dropping the connection with the reason "MALWARE-OTHER Executable control panel file download request". But that's stupid, of course Microsoft ISO-files and executables from Acronis are no Malware. So it's false alarm. But disabling the whole IPS can't be the solution ... It seems that there are a lot of other people having the same problem, so what to do now?

    EDIT: You can the problem temporary by creating an exception list like I did for the Acronis-Download-Server-IP in the screenshot (klick for larger image):

    You'll get the IP if you take a look in the log of the IPS. But there could be situations where you'll get another download server everytime you click on the download-button. Here you'll maybe need to work with Networks or DNS-Names if possible.


    But long story short: why is Sophos detecting so much false positives in the near past? That NEVER happend before, I experienced this problem a few weeks ago for the first time but on popular websites and files (Microsoft > ISO image of Server 2012, Acronis default installation file ...).

  • 0 in reply to Snaker

    well, thats the current state, small bugs seem to be acceptable, large bugs can take some. 

    We are currently looking at other solutions because IPS does not make a good impression right now.

  • 0 in reply to Ben

    Another solution is to disable the rule in the advanced tab. Maybe this helps someone. You can find the responsible SID in the IPS Log-File.