https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244624#M47603 <P>I don't fully understand the issue, but here is what I can see</P> <P>screenshot 1, I would the recommended bypass object listed in this SK:</P> <P><A href="https://support.checkpoint.com/results/sk/sk163595" target="_blank">https://support.checkpoint.com/results/sk/sk163595</A></P> <P>Screenshot 7 rule 1 this rule will not match the traffic becuase it is set to N/A.<BR />Therefore it will not hit the blades. I would recommend to right click it and add the blades you want to exclude(in this case AV)</P> Mon, 24 Mar 2025 21:27:56 GMT Lesley 2025-03-24T21:27:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244464#M47580 <P>Hey guys,</P> <P>Figured would share this, since customer and I had been working with TAC escalation guy for couple weeks and he told us would probably open a task with R&amp;D to see if there is a way to make block page come up every time when specific file types are blocked (in our case msi and exe). Its somewhat inconsistent at this point, since random sites dont show block pages when msi file is blocked and some are even allowed. I will update once we have fully working solution, but in the meantime, figured would share some screenshos that can hopefully help others if you find yourself in similar situation.</P> <P>Andy</P> Sun, 23 Mar 2025 00:17:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244464#M47580 the_rock 2025-03-23T00:17:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244624#M47603 <P>I don't fully understand the issue, but here is what I can see</P> <P>screenshot 1, I would the recommended bypass object listed in this SK:</P> <P><A href="https://support.checkpoint.com/results/sk/sk163595" target="_blank">https://support.checkpoint.com/results/sk/sk163595</A></P> <P>Screenshot 7 rule 1 this rule will not match the traffic becuase it is set to N/A.<BR />Therefore it will not hit the blades. I would recommend to right click it and add the blades you want to exclude(in this case AV)</P> Mon, 24 Mar 2025 21:27:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244624#M47603 Lesley 2025-03-24T21:27:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244625#M47604 <P>Hey Lesley,</P> <P>We had problem where windows updates were not working when msi and exe files were blocked through AV blade.</P> <P>Andy</P> Mon, 24 Mar 2025 21:30:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244625#M47604 the_rock 2025-03-24T21:30:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244632#M47608 <P>Hi Andy,</P><P>maybe you could try to add in DST Updateble Object of recommended by CP HTTPS inspection bypass for Microsoft updates? It seems to be quite accurate in my use cases. Of course it might be sometimes to wide, but MS seems to be unpredictable in some ways <span class="lia-unicode-emoji" title=":winking_face_with_tongue:">😜</span> Maybe good old manually defined URLs would do the job?</P> Mon, 24 Mar 2025 22:10:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244632#M47608 JaAnd 2025-03-24T22:10:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244634#M47610 <P>Hey&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/79692">@JaAnd</a>&nbsp; <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Yes, thats what we did, just added microsoft defender and it worked. Regardless, blocking files and showing block page is absolutely needed and it has to work CONSTANTLY, which sadly, is far from what happens now.</P> <P>Andy</P> Mon, 24 Mar 2025 22:17:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244634#M47610 the_rock 2025-03-24T22:17:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244641#M47614 <P>For what its worth, TAC guy originally had us add akamai, cloudflare and github to bypass, but though that fixed windows updates, it broke few sites for ssl inspection.</P> <P>Andy</P> Mon, 24 Mar 2025 23:24:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/AV-blade-user-check-windows-updates/m-p/244641#M47614 the_rock 2025-03-24T23:24:47Z