How to allow certain Services (Antivirus, Udateservers)

I found a similar problem with Sophos XG firewalls where the same symptoms were appearing and Kaspersky updates fails halfway through. A bit of digging around showed that the firewall was blocking virus definition files ending with .dat extension as these are categorized as video files and the firewall policy is to block videos.

Creating exceptions for web filtering in the following manner :

I found a similar problem with Sophos XG firewalls where the same symptoms were appearing and Kaspersky updates fails halfway through. A bit of digging around showed that the firewall was blocking virus definition files ending with .dat extension as these are categorized as video files and the firewall policy is to block videos.

Creating exceptions for web filtering in the following manner :

Hi, Mihira, and welcome to the UTM Community!

Not many that join us here start with an answer - good for you!

You did what I was trying to get the others in this thread to do - you looked at the log.

Cheers - Bob

Hi Mihira,

what exams do you leave in your exception? It still does not work :-(

First I had

^https?://([A-Za-z0-9.-]+\.)?kaspersky\.com/

maintained. Then I had read your post and changed to

^[A-Za-z0-9.-]*\.kaspersky-labs.com\.?/
^[A-Za-z0-9.-]*\.kaspersky.com\.?/

Please note that my exception rules were for Sophos XG firewalls which uses the SFOS v16

Hi,

enclosed an extract of the web filter protocol - i see no "denied"....

2017:05:29-12:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="193.45.6.13" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="265" request="0xd468c600" url="dnl-12.geo.kaspersky.com/.../updater.xml.dif" referer="" error="" authtime="0" dnstime="1735" cattime="59079" avscantime="2727" fullreqtime="108694" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="" category="105" reputation="neutral" categoryname="Business" application="kasprsky" app-id="250" sandbox="-" content-type="application/octet-stream"
2017:05:29-12:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="193.45.6.13" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="403" request="0xdd8c0c00" url="dnl-12.geo.kaspersky.com/.../u1313g.xml.dif" referer="" error="" authtime="0" dnstime="10998" cattime="57711" avscantime="2967" fullreqtime="116238" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="" category="105" reputation="neutral" categoryname="Business" application="kasprsky" app-id="250" sandbox="-" content-type="application/octet-stream"
2017:05:29-12:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="193.45.6.13" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1786" request="0xdd8c0c00" url="dnl-12.geo.kaspersky.com/.../u1313g.xml.klz" referer="" error="" authtime="0" dnstime="0" cattime="68877" avscantime="3644" fullreqtime="102446" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="" category="105" reputation="neutral" categoryname="Business" application="kasprsky" app-id="250" sandbox="-" content-type="application/octet-stream"

^https?://([A-Za-z0-9.-]+\.)?kaspersky\.com/ would be one correct form in the UTM.  You see in the log lines that your Kaspersky accesses did not qualify for your Exception.

Cheers - Bob

Hi,

i changed the form but it still does not work :-(
Still an error from Kaspersky update....

2017:05:30-13:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="212.73.221.199" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="885" request="0xe0177800" url="dnl-04.geo.kaspersky.com/.../updater.xml.dif" referer="" error="" authtime="0" dnstime="1541" cattime="0" avscantime="0" fullreqtime="44312" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"
2017:05:30-13:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="212.73.221.199" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="257" request="0xdeab0400" url="dnl-04.geo.kaspersky.com/.../u1313g.xml.dif" referer="" error="" authtime="0" dnstime="133" cattime="0" avscantime="0" fullreqtime="42367" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"
2017:05:30-13:00:00 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="212.73.221.199" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1788" request="0xdeab0400" url="dnl-04.geo.kaspersky.com/.../u1313g.xml.klz" referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="25574" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"
2017:05:30-13:00:02 mx01 httpproxy[6214]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.45.11" dstip="212.73.221.199" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4057" request="0xdeab0400" url="dnl-04.geo.kaspersky.com/.../hips-1313g.xml.dif" referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="2084569" device="0" auth="0" ua="*BUEBAAAA8WAAAk_AAAQB6xJVjxK3BN6WFGJpMxeSId5rQAAAAAwlBMAAKAA=" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

Do you have any better luck with the form I prefer?

^https?://[A-Za-z0-9.-]*kaspersky\.com/

Cheers - Bob

I will try it and feedback...

But you see in the log lines that my Kaspersky accesses did qualify my Exception - or have I got that wrong?

Hi Bob,

I think the problem is an other...
I have disabled the exception and at the transparency mode exceptions i add the source host of my Kaspersky Update Server. Now it works :-)

So the problem is the transparent proxy, right?

hi this a solution but files .dat are denied they are identified as video files 

how to do exception ? for more days ago a search about this issue i found that I enable to download files .dat 

is there any solution ?