Video Screencast Help

SEP blocking windows update

Created: 17 Jun 2010 | 6 comments


Im testing the firewall within SEP 11.5002, but i;ve hit a problem. With Stealth mode browsing enabled I can no longer access windows updates, is there a way around this ? As I would like to keep this setting enabled to better protect my network.

Comments 6 CommentsJump to latest comment

Thomas K's picture

Stealth mode removes the browser name and version number, the operating system, and the reference Web page. It stops Web sites from detecting which operating system and browser the computer uses.

 Stealth mode Web browsing may cause some Web sites to not function properly. Some Web servers build a Web page that is based on information about the Web browser. Because this option removes the browser information, some Web pages may not appear properly or at all. Stealth mode Web browsing removes the browser signature, called the HTTP_USER_AGENT, from the HTTP request header and replaces it with a generic signature.

Without the browser version, Windows update will not function.

P_K_'s picture

Stealth mode browsing changes the information passed by the browser, when requested, to non-Windows responses. The Windows Updates website uses this information to determine, in part, what updates to display. Since it's being misled to believe that you're browsing from a non-Windows OS, it cannot display updates.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

milbank's picture

Hi Guys

Thanks for the prompt response, I already understand what stealth mode does. I wanted a way around the problem without disabling it.

But I take it from the article linked above this is not possible ?

P_K_'s picture

What i understand that for Windows update to work we need to disable stealth mode.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Thomas K's picture

Microsoft needs to know your OS version before installing updates. The only way for this to work is to disable SMB.

Rafeeq's picture

Correct !
stealth mode is hiding your OS from others so that they dont exploit any vulnerabiltiy
once you get in to the windows update site; it has to decide what is your OS, service packs and so many other stuffs; if it does not know that ; it wont install.
stealth mode is designed for that; if u dont need it disable it; thats the only option no workaround