Vidéos d'aide de Screencast

EndPoint Protection Blocks Windows Update

Created: 12 Mai 2013 | 7 comments

Installed is EndPoint Protection v12.1.1000.157  RU1

It blocks windows update, I verified that Stealth Browsing in OFF. I looked at the logs and Identified

the IP addresses that were microsoft and blocked and created Firewall rules that allowed that traffic.

Why I am having to do this to get the MS security updates has me a bit confused, Doesn't MS provide

a list of what addresses they are going to be using for this function?

Operating Systems:

Commentaires CommentairesAccéder au dernier commentaire

l'image des Brɨan

Microsoft uses dynamic DNS so the IP address can change. You can add by hostname, update.microsoft.com

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des W007

hello,

look this artical

Symantec Endpoint Protection: Tamper Protection appears to be blocking Windows Update
padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH161109 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2011-05-27 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2011-06-29 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH161109
Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages
padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH161646 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2011-06-06 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2011-06-28 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH161646

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

l'image des Mithun Sanghavi

Hello,

It would be helpful to know what version of SEP you're using, what's installed (SEPM? SEP client?), but more importantly, what the exact error is that you are seeing. 

Check these Threads:

https://www-secure.symantec.com/connect/forums/sep-blocking-windows-update

https://www-secure.symantec.com/connect/forums/cwindowssystem32svchostexe

Secondly, check these Articles:

Symantec Endpoint Protection: Tamper Protection appears to be blocking Windows Update

http://www.symantec.com/docs/TECH161109

Error: "Security Risk Found! Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan"

http://www.symantec.com/docs/TECH164391

Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages

http://www.symantec.com/docs/TECH161646

Creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above.

https://www-secure.symantec.com/connect/articles/creating-dns-or-host-file-change-exception-symantec-endpoint-protection-manager-121-ru1-mp1

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

l'image des Chetan Savade

Hi,

Ideally SEP should not block MS updates.You should use hostname instead of IP addresses.

Even Symantec does not use static IP for liveupdate servers.

Tamper Protection blocks this action on Symantec keys and processes as these are Symantec-protected resources. Users may have the impression that this is causing the Windows Update to fail, but it is not.

For further information, see the following article for information on related Windows Update difficulties:

InfoWorld article

http://support.microsoft.com/kb/914450

http://support.microsoft.com/kb/893249

Symantec Endpoint Protection: Tamper Protection appears to be blocking Windows Update

http://www.symantec.com/docs/TECH161109

Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages

http://www.symantec.com/docs/TECH161646

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

l'image des Semuser

Hi !

I reinstall LiveUpadate .

All working correct

Thank all for HELP .

l'image des Chetan Savade

Hi,

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<