This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to allow certain Services (Antivirus, Udateservers)

Hello, the UTM has started to block an Kaspersky Antivirus updates or signuature renewals (this started a month ago after some UTM upgrades. The same happens to other update Services for some garphics Adapters (Geforce), O&O Imanging Software etc.

BTW, Kaspersky has lots of update Servers. The download of the new files start but end up in freeze at 65 - 83% (it varies). Switching off the UTM an bringing the PCs directly to the Internet Show that the UTM configuration is stopping the process. Any ideas?

This thread was automatically locked due to age.

0 BAlfson over 8 years ago

Start the Web Filtering Live Log and then launch a Kaspersky update. Show one or two lines where the update was blocked.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 6 years ago in reply to BAlfson

Similar problem...

I have created and activated a filter option for the domain ^ https?: // ([A-Za-z0-9.-] + \.)? Kaspersky \ .com /. The check is omitted for authentication, antivirus, file extensions, redirect to sandstorm, URL filter, content removal.Unfortunately, Kaspersky does not update. But if I trigger it manually, then already......
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to FormerMember

Please show a picture of your Exception and the line in the Web Filtering log where the access is blocked.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Mihira Fernando over 6 years ago

I found a similar problem with Sophos XG firewalls where the same symptoms were appearing and Kaspersky updates fails halfway through. A bit of digging around showed that the firewall was blocking virus definition files ending with .dat extension as these are categorized as video files and the firewall policy is to block videos.

Creating exceptions for web filtering in the following manner :

^[A-Za-z0-9.-]*\.kaspersky-labs.com\.?/

^[A-Za-z0-9.-]*\.kaspersky.com\.?/

solved the issue for me.

You maybe experiencing a similar issue.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to Mihira Fernando

Hi, Mihira, and welcome to the UTM Community!

Not many that join us here start with an answer - good for you!

You did what I was trying to get the others in this thread to do - you looked at the log.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 6 years ago in reply to Mihira Fernando

Hi Mihira,

what exams do you leave in your exception? It still does not work :-(

First I had

^https?://([A-Za-z0-9.-]+\.)?kaspersky\.com/

maintained. Then I had read your post and changed to

^[A-Za-z0-9.-]*\.kaspersky-labs.com\.?/
^[A-Za-z0-9.-]*\.kaspersky.com\.?/
Cancel
Vote Up 0 Vote Down

Cancel
0 Mihira Fernando over 6 years ago in reply to FormerMember

Please note that my exception rules were for Sophos XG firewalls which uses the SFOS v16
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 6 years ago in reply to Mihira Fernando

Hi,

enclosed an extract of the web filter protocol - i see no "denied"....

2017:05:29-12:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="193.45.6.13" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="265" request="0xd468c600" url="dnl-12.geo.kaspersky.com/.../updater.xml.dif" referer="" error="" authtime="0" dnstime="1735" cattime="59079" avscantime="2727" fullreqtime="108694" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="" category="105" reputation="neutral" categoryname="Business" application="kasprsky" app-id="250" sandbox="-" content-type="application/octet-stream"
2017:05:29-12:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="193.45.6.13" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="403" request="0xdd8c0c00" url="dnl-12.geo.kaspersky.com/.../u1313g.xml.dif" referer="" error="" authtime="0" dnstime="10998" cattime="57711" avscantime="2967" fullreqtime="116238" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="" category="105" reputation="neutral" categoryname="Business" application="kasprsky" app-id="250" sandbox="-" content-type="application/octet-stream"
2017:05:29-12:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="193.45.6.13" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1786" request="0xdd8c0c00" url="dnl-12.geo.kaspersky.com/.../u1313g.xml.klz" referer="" error="" authtime="0" dnstime="0" cattime="68877" avscantime="3644" fullreqtime="102446" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="" category="105" reputation="neutral" categoryname="Business" application="kasprsky" app-id="250" sandbox="-" content-type="application/octet-stream"
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to FormerMember

^https?://([A-Za-z0-9.-]+\.)?kaspersky\.com/ would be one correct form in the UTM. You see in the log lines that your Kaspersky accesses did not qualify for your Exception.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 6 years ago in reply to BAlfson

Hi,

i changed the form but it still does not work :-(
Still an error from Kaspersky update....

2017:05:30-13:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="212.73.221.199" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="885" request="0xe0177800" url="dnl-04.geo.kaspersky.com/.../updater.xml.dif" referer="" error="" authtime="0" dnstime="1541" cattime="0" avscantime="0" fullreqtime="44312" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"
2017:05:30-13:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="212.73.221.199" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="257" request="0xdeab0400" url="dnl-04.geo.kaspersky.com/.../u1313g.xml.dif" referer="" error="" authtime="0" dnstime="133" cattime="0" avscantime="0" fullreqtime="42367" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"
2017:05:30-13:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="212.73.221.199" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1788" request="0xdeab0400" url="dnl-04.geo.kaspersky.com/.../u1313g.xml.klz" referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="25574" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"
2017:05:30-13:00:02 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="212.73.221.199" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4057" request="0xdeab0400" url="dnl-04.geo.kaspersky.com/.../hips-1313g.xml.dif" referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="2084569" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"
Cancel
Vote Up 0 Vote Down

Cancel