Can not Download Apps from Windows Store

Hello together!

 

When i want to Download Apps from the Windows 10 Store, only a few MB are downloaded and then the download stops..

In the IPS Log i always found "MALWARE-OTHER Executable control panel file download request" (SID=33942) this Event!

And also with some larger files I have partial problems with downloading, so that they usually get stuck at 90%!

 

What is this?

I do not want to disable the rule, but I think it's a false postive!
Or what do you mean?
Does anyone have similar problems?

 

Best Regards

Mark

  • Hallo Mark - long time no see!

    I bet you're right that it's a false positive.  Rather than disabling the rule, make an Exception for the Windows 10 Store.  On the large files, that also can be caused by antivirus checking in Web Filtering.

    Cheers - Bob

  • In reply to BAlfson:

    Hello,

     

    Thanks for the Answer!

    How or where can i add an Exception for the Windows 10 Store?

    AntiVirus could not block anything because i dont use the WebFiltering function ;)

    Best Regards

    Mark

  • In reply to xenon2008:

    Can you show us an example of the message you get?

    Cheers - Bob

  • In reply to BAlfson:

    In the IPS Log i only can see this:

    MALWARE-OTHER Executable control panel file download request with SID 33942

     

    And in the Windows Store the Downloads hangs... 

    And if i stop & resume the Download only 1-2MB will be downloaded, and then it stops / hangs again...

     

  • In reply to xenon2008:

    Doesn't the Intrusion Prevention log show the IP, Mark?

    Cheers - Bob

  • In reply to BAlfson:

    Good Morning Balfson,

    Oh that's right, sorry my mistake!
    So you mean an exception to the IP address. Why did not I come on my own ....

     

    I'll check it out tonight!
    YOU are as always my rescue!
    THANK YOU

     

     
    Friendly greetings from Upper Austria and Have a nice Day ;)
    Mark
  • Hi Mark, 

    Are you still experiencing this problem? 

    We want to understand why our IPS is FPing on Microsoft downloads, is there a chance we can get a packet capture from you (preferably captured from the UTM so we can see both sides of the traffic) when the download from Microsoft Store is not working? This will allow us to narrow down what's our IPS engine is false-positive on. 

    Thanks!

    Bobby

  • In reply to bobbylam:

    Good Morning Bobby,

     

    I think the problem still exists, but I can not say exactly because I have created an exception for this IPS rule with only warnings.

    The problem sometimes occurs when downloading larger ISO files.

    I will test it at opportunity and report!

     

    With Capture do you mean the log files of the UTM of the IPS Log?

    But why are you reporting now to "investigate" the problem?

     

    Best Regards

    Mark

     

     

    EDIT:

    I just searched the IPS logfile for the last 30 days and copied all the entries into a text file with the warnings!
    Does that help you?
    How can I let you have this?

     

    Sorry for my bad English. I am a German User with really terrible English Skills ;)

  • In reply to xenon2008:

    Hi Mark, 

    Thank you very much for your response. 

    Recently we have heard some reports that customers are failing to download the 'Local Experience Packs' from the Windows Store when IPS is enabled on the UTM, so I'm just following up on this. I found this thread, so thought I would reach out to see if you're encountering the same problem. 

    Is it possible for you to disable your IPS exception temporarily, and see if you have a problem downloading from Windows Store? 

    If re-enabling the rule does indeed cause a failure to download, it would be great to get a packet capture (i.e. tcpdump on the UTM) of the traffic, so we can see exactly what's being transferred over the wire and what is triggering the IPS rule. 

    Again, thank you for your quick response, and helping us get to the bottom of this issue! 

    Bobby 

  • In reply to bobbylam:

    Hello Bobby!

     

    I now have removed the Exception for this Rule, and installed on a Windows 10 x64 PC the English Local Experience Pack, without any Errors!

    Although I always had the error while downloading the German Local Experience Pack, but that is now installed on all my Windows 10 clients, so I could not download this again. And that's why I tried English!

    A similar error occurred again and again when I tried to download large ISO files. Partial white z.b. from VMware.


    Unfortunately, not all ISO files ... and since I just do not remember which error has certainly occurred, I can unfortunately not test this right now!


    At the moment it seems to work without this rule. At least I was able to successfully download & install the English Local Experience Pack!
    Have you changed anything?


    I'll put that rule on disabled again, and watch it all. If I have problems with a download again, I will contact you again!

     

    I hope you could understand & follow my bad English (Google Translator *lol* )

     

    Best Regards

    Mark

  • In reply to xenon2008:

    Hi Mark, 

    Thank you very much for testing this for us. We do release regular IPS signatures updates, but nothing specific to the Windows App store recently. I am glad that everything seems to be working for you now. We will continue to try and reproduce the problem internally, and see if we can figure out why it wasn't working before (just to confirm the problem is truly resolved). 

    Thanks again for your time Mark! 

    Bobby