This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to allow certain Services (Antivirus, Udateservers)

Hello, the UTM has started to block an Kaspersky Antivirus updates or signuature renewals (this started a month ago after some UTM upgrades. The same happens to other update Services for some garphics Adapters (Geforce), O&O Imanging Software etc.

BTW, Kaspersky has lots of update Servers. The download of the new files start but end up in freeze at 65 - 83% (it varies). Switching off the UTM an bringing the PCs directly to the Internet Show that the UTM configuration is stopping the process. Any ideas?



This thread was automatically locked due to age.
  • Do you have any better luck with the form I prefer?

    ^https?://[A-Za-z0-9.-]*kaspersky\.com/

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • FormerMember
    0 FormerMember in reply to BAlfson

    I will try it and feedback...

    But you see in the log lines that my Kaspersky accesses did qualify my Exception - or have I got that wrong?

  • FormerMember
    0 FormerMember in reply to BAlfson

    Hi Bob,

    I think the problem is an other...
    I have disabled the exception and at the transparency mode exceptions i add the source host of my Kaspersky Update Server. Now it works :-)

    So the problem is the transparent proxy, right?

  • hi this a solution but files .dat are denied they are identified as video files 

    how to do exception ? for more days ago a search about this issue i found that I enable to download files .dat 

    is there any solution ?

  • Are you checking all entries from a source machine in the same time period?  Your supplied log entries indicate that everything is working perfectly, so I doubt that you have found the right data.  Somewhere there must be an entry with something other than statuscode="200" and error=""

    I have seen several auto-update products that use HTTPS with an IP address rather than an host name.   When used with key pinning, it can still be secure.   I do not know if this is done to reduce risks of DNS poisoning or for more mundane reasons, but this technique complicates log analysis.

  • Salut Rafik and welcome to the UTM Community!

    Please show a picture of the message you see.  Also, a log line or two where this occurred.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA