Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 6 subscribers
  • Views 1715 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Microsoft updates blocked despite being excluded from web filtering - am I fixing this right?

Jean Thibodeau

I've added every manner of exclusion for everything from microsoft.com and sub-domains as well as windowsupdate.com and subdomains but it wasn't prevent blocking updates.

After reading posts that seem to suggest this is an "undocumented feature" introduced in 9.6 I think (I'm on 9.7) and saying a Transparent Mode Skiplist had to be added, I did that.

Problem is I had to put my internal network on the source hosts/net skip list for it to work. Does that not mean I've effectively turned off web filtering for my internal network? If so, that seems to defeat the purpose. Is there a better way to do this? 



This thread was automatically locked due to age.
Parents
  • 0

    You should have an exception already in place by default for UTM under Web Protection > Filtering Options.  

    You might have a problem with downloading if you have Country Blocking enabled, I've run into that before.  I even have a block list for the telemetry in my UTM, and I am not having any issues:

    vortex.data.microsoft.com
    vortex-win.data.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    watson.telemetry.microsoft.com
    watson.telemetry.microsoft.com.nsatc.net
    redir.metaservices.microsoft.com
    choice.microsoft.com
    choice.microsoft.com.nsatc.net
    df.telemetry.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    wes.df.telemetry.microsoft.com
    services.wes.df.telemetry.microsoft.com
    sqm.df.telemetry.microsoft.com
    telemetry.microsoft.com
    watson.ppe.telemetry.microsoft.com
    telemetry.appex.bing.net
    telemetry.urs.microsoft.com
    telemetry.appex.bing.net:443
    settings-sandbox.data.microsoft.com
    vortex-sandbox.data.microsoft.com
    survey.watson.microsoft.com
    watson.live.com
    watson.microsoft.com
    statsfe2.ws.microsoft.com
    corpext.msitadfs.glbdns2.microsoft.com
    compatexchange.cloudapp.net
    cs1.wpc.v0cdn.net
    a-0001.a-msedge.net
    statsfe2.update.microsoft.com.akadns.net
    sls.update.microsoft.com.akadns.net
    fe2.update.microsoft.com.akadns.net
    diagnostics.support.microsoft.com
    corp.sts.microsoft.com
    statsfe1.ws.microsoft.com
    pre.footprintpredict.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    feedback.windows.com
    feedback.microsoft-hohm.com
    feedback.search.microsoft.com
    rad.msn.com
    preview.msn.com
    ad.doubleclick.net
    ads.msn.com
    ads1.msads.net
    ads1.msn.com
    a.ads1.msn.com
    a.ads2.msn.com
    adnexus.net
    adnxs.com
    aidps.atdmt.com
    apps.skype.com
    az361816.vo.msecnd.net
    az512334.vo.msecnd.net
    a.rad.msn.com
    a.ads2.msads.net
    ac3.msn.com
    aka-cdn-ns.adtech.de
    b.rad.msn.com
    b.ads2.msads.net
    b.ads1.msn.com
    bs.serving-sys.com
    c.msn.com
    cdn.atdmt.com
    cds26.ams9.msecn.net
    c.atdmt.com
    db3aqu.atdmt.com
    ec.atdmt.com
    flex.msn.com
    g.msn.com
    h1.msn.com
    live.rads.msn.com
    msntest.serving-sys.com
    m.adnxs.com
    m.hotmail.com
    pricelist.skype.com
    rad.live.com
    secure.flashtalking.com
    static.2mdn.net
    s.gateway.messenger.live.com
    secure.adnxs.com
    so.2mdn.net
    ui.skype.com
    www.msftncsi.com
    msftncsi.com
    view.atdmt.com
    msnbot-65-55-108-23.search.msn.com
    schemas.microsoft.akadns.net
    a-0002.a-msedge.net
    a-0003.a-msedge.net
    a-0004.a-msedge.net
    a-0005.a-msedge.net
    a-0006.a-msedge.net
    a-0007.a-msedge.net
    a-0008.a-msedge.net
    a-0009.a-msedge.net
    msedge.net
    a-msedge.net
    lb1.www.ms.akadns.net
    vortex-bn2.metron.live.com.nsatc.net
    vortex-cy2.metron.live.com.nsatc.net
    ssw.live.com

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

Reply
  • 0

    You should have an exception already in place by default for UTM under Web Protection > Filtering Options.  

    You might have a problem with downloading if you have Country Blocking enabled, I've run into that before.  I even have a block list for the telemetry in my UTM, and I am not having any issues:

    vortex.data.microsoft.com
    vortex-win.data.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    watson.telemetry.microsoft.com
    watson.telemetry.microsoft.com.nsatc.net
    redir.metaservices.microsoft.com
    choice.microsoft.com
    choice.microsoft.com.nsatc.net
    df.telemetry.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    wes.df.telemetry.microsoft.com
    services.wes.df.telemetry.microsoft.com
    sqm.df.telemetry.microsoft.com
    telemetry.microsoft.com
    watson.ppe.telemetry.microsoft.com
    telemetry.appex.bing.net
    telemetry.urs.microsoft.com
    telemetry.appex.bing.net:443
    settings-sandbox.data.microsoft.com
    vortex-sandbox.data.microsoft.com
    survey.watson.microsoft.com
    watson.live.com
    watson.microsoft.com
    statsfe2.ws.microsoft.com
    corpext.msitadfs.glbdns2.microsoft.com
    compatexchange.cloudapp.net
    cs1.wpc.v0cdn.net
    a-0001.a-msedge.net
    statsfe2.update.microsoft.com.akadns.net
    sls.update.microsoft.com.akadns.net
    fe2.update.microsoft.com.akadns.net
    diagnostics.support.microsoft.com
    corp.sts.microsoft.com
    statsfe1.ws.microsoft.com
    pre.footprintpredict.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    feedback.windows.com
    feedback.microsoft-hohm.com
    feedback.search.microsoft.com
    rad.msn.com
    preview.msn.com
    ad.doubleclick.net
    ads.msn.com
    ads1.msads.net
    ads1.msn.com
    a.ads1.msn.com
    a.ads2.msn.com
    adnexus.net
    adnxs.com
    aidps.atdmt.com
    apps.skype.com
    az361816.vo.msecnd.net
    az512334.vo.msecnd.net
    a.rad.msn.com
    a.ads2.msads.net
    ac3.msn.com
    aka-cdn-ns.adtech.de
    b.rad.msn.com
    b.ads2.msads.net
    b.ads1.msn.com
    bs.serving-sys.com
    c.msn.com
    cdn.atdmt.com
    cds26.ams9.msecn.net
    c.atdmt.com
    db3aqu.atdmt.com
    ec.atdmt.com
    flex.msn.com
    g.msn.com
    h1.msn.com
    live.rads.msn.com
    msntest.serving-sys.com
    m.adnxs.com
    m.hotmail.com
    pricelist.skype.com
    rad.live.com
    secure.flashtalking.com
    static.2mdn.net
    s.gateway.messenger.live.com
    secure.adnxs.com
    so.2mdn.net
    ui.skype.com
    www.msftncsi.com
    msftncsi.com
    view.atdmt.com
    msnbot-65-55-108-23.search.msn.com
    schemas.microsoft.akadns.net
    a-0002.a-msedge.net
    a-0003.a-msedge.net
    a-0004.a-msedge.net
    a-0005.a-msedge.net
    a-0006.a-msedge.net
    a-0007.a-msedge.net
    a-0008.a-msedge.net
    a-0009.a-msedge.net
    msedge.net
    a-msedge.net
    lb1.www.ms.akadns.net
    vortex-bn2.metron.live.com.nsatc.net
    vortex-cy2.metron.live.com.nsatc.net
    ssw.live.com

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

Children
No Data
Unfiltered HTML