Thread Info
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 3522 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Microsoft BITS attempts to use HTTP, not HTTPS, should these range requests be bypassed in the web filter?

alan weir

Sophos UTM 9.603-1

The webfilter is blocking hundreds of ua="Microsoft BITS/7.8" requests per minute and I have added every possible combination of Microsoft BITS/7.8 to the PUA bypass. Apparently this is not a PUA but is categorized as UA which means unwanted application? This is confusing. 

The BITS requests are attempting to be transferred under HTTP protocol and not securely through HTTPS. This happens every now and then and lasts for hours, even longer.

2019:06:22-12:39:49 mysophosutm httpproxy[5389]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.3" dstip="172.217.11.46" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xa352a00" url="redirector.gvt1.com/.../1160_all_sthset.crx3" referer="" error="" authtime="0" dnstime="0" aptptime="256" cattime="271" avscantime="0" fullreqtime="96867" device="0" auth="0" ua="Microsoft BITS/7.8" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" content-type="text/html" application="googplay" app-id="816" reason="range"
 
After it attempts to use http://redirector.gvt1.com, it switches to 
2019:06:22-12:36:06 mysophosutm httpproxy[5389]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.3" dstip="172.217.10.46" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xddea000" url="dl.google.com/.../5229_all_crl-set-14912426705758796165.data.crx3" referer="" error="" authtime="0" dnstime="0" aptptime="272" cattime="234" avscantime="0" fullreqtime="109234" device="0" auth="0" ua="Microsoft BITS/7.8" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" content-type="application/octet-stream" application="google" app-id="182" reason="range"
 

 

 

 

 

 

 



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML