Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 13081 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

chrome update to gvt1.com creating lots of traffic

LeeWagner

9.603-1 : SG310

I am seeing a lot of traffic to gvt1.com (both blocked and allowed) and I believe it is something to do with chrome updates.

I have tried a suggested solutions of adding : ^https?://([A-Za-z0-9.-]+\.gvt1\.com\/)(([A-Za-z0-9.-\/_]+)?)[0-9._]*chrome_(updater|installer)\.exe to the exceptions but nothing changes.  

Does anyone have any suggestions/worksarounds/updates?

the logs read:

2019:07:09-08:50:15 gw1 httpproxy[6010]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="10.1.1.97" dstip="173.194.129.201" user="a.dinsdale" group="" ad_domain="DH" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (DHH_ICT)" size="0" request="0xd20f5100" url="r4---sn-aigzrn7s.gvt1.com/.../32.0.0.207_win64_PepperFlashPlayer.crx3 referer="" error="" authtime="0" dnstime="0" aptptime="89" cattime="0" avscantime="0" fullreqtime="101372" device="1" auth="2" ua="Microsoft BITS/7.8" exceptions="url" content-type="application/octet-stream" application="googplay" app-id="816"

2019:07:09-08:50:15 gw1 httpproxy[6010]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.1.1.97" dstip="216.58.198.174" user="a.dinsdale" group="" ad_domain="DH" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (DHH_ICT)" size="0" request="0xda15a700" url="redirector.gvt1.com/.../32.0.0.207_win64_PepperFlashPlayer.crx3" referer="" error="" authtime="0" dnstime="0" aptptime="167" cattime="0" avscantime="0" fullreqtime="76435" device="1" auth="2" ua="Microsoft BITS/7.8" exceptions="url" content-type="text/html" application="googplay" app-id="816" reason="range"

2019:07:09-08:50:15 gw1 httpproxy[6010]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="10.1.1.97" dstip="216.58.198.174" user="a.dinsdale" group="" ad_domain="DH" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (DHH_ICT)" size="0" request="0xda15a700" url="redirector.gvt1.com/.../32.0.0.207_win64_PepperFlashPlayer.crx3" referer="" error="" authtime="0" dnstime="144" aptptime="163" cattime="0" avscantime="0" fullreqtime="25512" device="1" auth="2" ua="Microsoft BITS/7.8" exceptions="url" content-type="text/html" application="googplay" app-id="816"

2019:07:09-08:50:15 gw1 httpproxy[6010]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="10.1.1.97" dstip="173.194.129.201" user="a.dinsdale" group="" ad_domain="DH" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (DHH_ICT)" size="0" request="0xd20f5100" url="r4---sn-aigzrn7s.gvt1.com/.../32.0.0.207_win64_PepperFlashPlayer.crx3 referer="" error="" authtime="0" dnstime="0" aptptime="148" cattime="0" avscantime="0" fullreqtime="102507" device="1" auth="2" ua="Microsoft BITS/7.8" exceptions="url" content-type="application/octet-stream" application="googplay" app-id="816"



This thread was automatically locked due to age.
  • 0

    reason="range" is your problem.

    As I understand it, "range" is a web technique used to send a large binary object in small pieces.   This makes the traffic impossible to evaluate for safety.   9.6.x decided that the risks of range traffic were too high to ignore, so the technique is blocked.

    I don't think here is an exception option for range checking, instead, it is included in antivirus checking.   To be sure, check some of the earlier posts about range checking in this community.

  • +2

    This is what I am using to allow exceptions for Google properties with "reason=range" errors. It's not ideal to bypass antivirus, but there seems to be no other choice.

     

    Under Web Protection > Filtering Options > Exceptions

    Add a New Exception List

    Skip these checks:

    •    Antivirus

    For all requests

    • Matching these URLs
      • ^https?://([A-Za-z0-9.-]*\.)gvt1\.com
      • ^https?://storage\.googleapis\.com
Unfiltered HTML