Failed to update. Please check your internet connection

Hello och_nee,

the tool is not able to use a proxy connection

unless this has changed with the latest versions it uses the system (WinHTTP) proxy.

the update target (BTW: source is arguably the better term) isn't dokumented anywhere

as long as it works (and this is apparently in most cases) it's not necessary; do you know the update sources (or where they are documented) for all your software?

the update target [...] is a variable endpoint in a CDN

and this is uncommon? Come on!

the update worked unencrypted via http

and the problem with this is?

Thanks anyway for your commiseration :smileyhappy: - question is, do you need assistance?

Christian

hi Christian,

the tool is not able to use a proxy connection

unless this has changed with the latest versions it uses the system (WinHTTP) proxy.

we use the latest version, but it's not working...possible it's not working with user auth?

the update target (BTW: source is arguably the better term) isn't dokumented anywhere

as long as it works (and this is apparently in most cases) it's not necessary; do you know the update sources (or where they are documented) for all your software?

on a system with restricted access - yes of course!  

And SOPHOS is a security company, and i expect transparent and well documented processes from a security company - even if a tool is for free!

the update target [...] is a variable endpoint in a CDN

and this is uncommon? Come on!

Yes it's common for startups and - sadly - for some big players!   

In my point of view this is crap! some people do this without the knnowledge of the background need to do their  job.

the update worked unencrypted via http

and the problem with this is?

is that serious? the problem is, that the target,endpoint or in your words the "source" is more trustable!
How can i know who or what is behind a IP adress? How can io thust this without handshake with a valid signed certifiact!?  

Thanks anyway for your commiseration - question is, do you need assistance?

i don't need assistance, as you can read...i helped myself.

Hello och_nee,

the latest version, but it's not working

hm, I don't need SVRT but I've checked today - from the Update progress: proxy server line in the log it seems to tell WinHTTP to use the IE settings but then I don't see a connection attempt at all. I wanted to return a 407 to see what it does (but I assume it won't prompt for credentials) but didn't get that far. Guess I'll have to test on another machine to be sure.

CDN, CNAMEs

I can't quite follow you - d1.sophosupd.com is one of the update locations, this is a CNAME and resolve to a name on the CDN and one or more addresses there. The reverse lookup of the CDN address doesn't necessarily return something telling though (except in your case that the server on the CDN is probably located in Frankfurt).

trustable

Ok, you feel better with an SSL handshake. But then, it's SVRT which does the handshake so you have to trust the application, right? SVRT does verify the update location and contents with an equivalent mechanism - neither can you make it download from some arbitrary (rogue) source nor intercept the connection and feed it compromised data, it won't accept it.

Christian

I have to agree to a certain extent with the OP that there is room for improvement in the documentation/UX for the free scan tool.  Especially when they mention about enterprise wonder marketing hype non-sense. 

I found it less than transparently documented about how it works with proxies and likely issues with user authenticated proxies which are still very common in the education sector.  

A helpful little FAQ that was easy to find on getting the update tool to work behind proxies which require user auth would be nice, and maybe a little button on the GUI saying click here to option log files location would do it for me. 

When you are up against it, which is normally when you are reaching for these tools your cool has long since left and you're not often operating at peak skill level ; ) Anything to make you remember to do the proper things is helpful.  I wasted a good hour trying to figure out why the free tool would not pickup the internet updates.  Unhelpful error messages about checking my internet just make me cross. 

However once I found the URL it was failing due to user auth issues on our proxy I was quickly able to create exceptions and get it working.  

Thanks to both of you for this thread as it helped me get back on track with sorting out the update annoyance.  

Cheers

I can confirm that the tool CAN use a http/https proxy, when the proxy is set in Internet Explorer Settings.

However the tool is unable to interpret a proxy pac file.

You have to set the proxy to IP Address and Port in IE and then it works.

So, still room for improvement.