Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

EndPoint Protection Blocks Windows Update

Created: 12 May 2013 | 7 comments

Installed is EndPoint Protection v12.1.1000.157  RU1

It blocks windows update, I verified that Stealth Browsing in OFF. I looked at the logs and Identified

the IP addresses that were microsoft and blocked and created Firewall rules that allowed that traffic.

Why I am having to do this to get the MS security updates has me a bit confused, Doesn't MS provide

a list of what addresses they are going to be using for this function?

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

Microsoft uses dynamic DNS so the IP address can change. You can add by hostname, update.microsoft.com

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

W007's picture

hello,

look this artical

Symantec Endpoint Protection: Tamper Protection appears to be blocking Windows Update

Article:TECH161109  |  Created: 2011-05-27  |  Updated: 2011-06-29  |  Article URL http://www.symantec.com/docs/TECH161109

Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages

Article:TECH161646  |  Created: 2011-06-06  |  Updated: 2011-06-28  |  Article URL http://www.symantec.com/docs/TECH161646

 

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mithun Sanghavi's picture

Hello,

It would be helpful to know what version of SEP you're using, what's installed (SEPM? SEP client?), but more importantly, what the exact error is that you are seeing. 

Check these Threads:

https://www-secure.symantec.com/connect/forums/sep-blocking-windows-update

https://www-secure.symantec.com/connect/forums/cwindowssystem32svchostexe

Secondly, check these Articles:

Symantec Endpoint Protection: Tamper Protection appears to be blocking Windows Update

http://www.symantec.com/docs/TECH161109

Error: "Security Risk Found! Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan"

http://www.symantec.com/docs/TECH164391

Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages

http://www.symantec.com/docs/TECH161646

Creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above.

https://www-secure.symantec.com/connect/articles/creating-dns-or-host-file-change-exception-symantec-endpoint-protection-manager-121-ru1-mp1

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

Ideally SEP should not block MS updates.You should use hostname instead of IP addresses.

Even Symantec does not use static IP for liveupdate servers.

Tamper Protection blocks this action on Symantec keys and processes as these are Symantec-protected resources. Users may have the impression that this is causing the Windows Update to fail, but it is not.

For further information, see the following article for information on related Windows Update difficulties:

InfoWorld article

http://support.microsoft.com/kb/914450

http://support.microsoft.com/kb/893249

Symantec Endpoint Protection: Tamper Protection appears to be blocking Windows Update

http://www.symantec.com/docs/TECH161109

Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages

http://www.symantec.com/docs/TECH161646

 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Semuser's picture

Hi !

I reinstall LiveUpadate .

All working correct

Thank all for HELP .

Chetan Savade's picture

Hi,

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<