Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

SEP blocking windows update

Created: 17 Jun 2010 | 6 comments

Hi

Im testing the firewall within SEP 11.5002, but i;ve hit a problem. With Stealth mode browsing enabled I can no longer access windows updates, is there a way around this ? As I would like to keep this setting enabled to better protect my network.

Comments 6 CommentsJump to latest comment

Thomas K's picture

Stealth mode removes the browser name and version number, the operating system, and the reference Web page. It stops Web sites from detecting which operating system and browser the computer uses.

 Stealth mode Web browsing may cause some Web sites to not function properly. Some Web servers build a Web page that is based on information about the Web browser. Because this option removes the browser information, some Web pages may not appear properly or at all. Stealth mode Web browsing removes the browser signature, called the HTTP_USER_AGENT, from the HTTP request header and replaces it with a generic signature.

Without the browser version, Windows update will not function.

Ooyala - Check us out!

P_K_'s picture

Stealth mode browsing changes the information passed by the browser, when requested, to non-Windows responses. The Windows Updates website uses this information to determine, in part, what updates to display. Since it's being misled to believe that you're browsing from a non-Windows OS, it cannot display updates.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c4055eb9cc2f1708882574b4007a6689?OpenDocument

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

milbank's picture

Hi Guys

Thanks for the prompt response, I already understand what stealth mode does. I wanted a way around the problem without disabling it.

But I take it from the article linked above this is not possible ?

P_K_'s picture

What i understand that for Windows update to work we need to disable stealth mode.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Thomas K's picture

Microsoft needs to know your OS version before installing updates. The only way for this to work is to disable SMB.

Ooyala - Check us out!

Rafeeq's picture

Correct !
stealth mode is hiding your OS from others so that they dont exploit any vulnerabiltiy
once you get in to the windows update site; it has to decide what is your OS, service packs and so many other stuffs; if it does not know that ; it wont install.
stealth mode is designed for that; if u dont need it disable it; thats the only option no workaround