WG-Signature-Updates blocks Microsoft Office Updates?

Since last month we have the issue that no Microsoft Office Updates can be downloaded and installed.

We have a third-party company that manages our network/Watchguard FW.
They told us
1. there are Watchguard Firmware-Updates and
2. there are Watchguards Signature Updates and last are the issue!
So they tried to set a test-rule for one client in our company and then the MS Office updates could be downloaded and installed on that.
With this result they set a final-rule for MS Office Updates for our complete company.
This has now cost us money again unnecessarily.

Now i'm asking you:
Is this true?
WG-Signature Updates blocks MS Office Updates?
Thern can it be fixed (with your sig-Updates)?
Or was it a lie?

Comments

  • I have never had this issue with GAV or IPS signatures.

    GAV signature sets are often updated multiple times per day.
    IPS signature sets are updated much less frequently - my last update was on Aug 5th.
    Normally when there is a "bad" signature, if affects many sites and WG quickly identifies the problem signature and either removes it or updates it.
    It is recommended to set automatic signature updates to multiple times per day, such as for every 2 hours.

    There are 3 IPS signature sets - 1 for smaller firewall models, such as mine, and 1 for large firewall models.
    I have no idea where the Standard set is used.

    Intrusion Prevention Service and Application Control signature sets size
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3E5SAI&lang=en_US

    If there was a signature which actually prevented MS updates to work, it would affect a huge number of WG sites, and I would expect to have seen a number of posts about it. I have seen no such posts.

    I would ask for actual details of what is changed on your firewall which allowed the MS updates to work. If it was a specific signature that was excluded, which signature number.
    You can look up specific signature number here:
    https://securityportal.watchguard.com/Threats

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @SMAedoc

    I have no recently reported issues of a signature update causing MS Office to not be able to update. On the current 12.x firmwares there are even built in exceptions in the HTTPS proxy that can be enabled to make administering them easier.

    I suspect that your IT admin may be trying to simplify the issue -- if they're having trouble ensuring that Office is able to update -- I'd suggest that they open a case with our support team so we can help identify what's going wrong and help to find them a long-term fix.

    -James Carson
    WatchGuard Customer Support

  • @Bruce_Briggs
    As far as i know they change the HTTP/S-Proxy rule/s for MS Office Updates.
    Normal windows 10 Updates does not concern it!
    That made me wonder.
    I'm not so familiar with WG, so i've access but i don't find exact MS rules in HTTP/S-Proxy rule/s.

    After they change it it works, so it's fine!
    So you think it was a lie from them? - I agree.

    @james.carson
    Since I cannot understand what exactly has been changed and it is running, we can tick off the topic for now.

  • I have never had an issue with MS Office or Windows updates with the HTTPS proxy.
    I think that is is something that they are not accurately telling you.
    Yes, one can make the HTTPS proxy deny MS updates, but the default settings include the Predefined Content Inspection Exceptions list, which allows MS update sites.

  • The problem was that it just stopped working last month.
    All the years before we had no problem with the MS Office updates!

    I know they had changed rules (for security), but (actually) none that have to do with the MS Office updates.
    Since then, the problem probably occurred.
    I only noticed it later.
    That's why I was surprised by the statement.

  • I can verify this as I have two client environments with the same issue. After some troubleshooting it appears to be the proxy blocking the update so I assume Microsoft has added new servers/IP ranges. We are still running this down.

  • Thank you @Larry for your verifying posting.

  • I still have no issues with MS Office updates.

    Could this possibly be a Geo block issue?
    MS updates can come from IP addrs associated from many countries.

Sign In to comment.