This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StevePearson
Contributor
‎2022-01-28 10:07 AM

Unable to update malware definitions from LAN

Hi all,

I'm starting to roll out new laptop endpoints from the Infinity Portal. The problem is, while they update correctly when at home on broadband, they do not update whilst in the office behind the corporate firewall.

The firewall is a clustered pair of 5800's running R80.20.

The logs report "untrusted certificate detected" and refers to Kaspersy url's

I've tried whitelisting these url's in the https  inspection policy but that doesn't help, but if I whitelist everything for a test machine, so it effectively doesn't do any inspection, then it works correctly, so it's definitely related to https inspection.

I was wondering if anyone else has come across this issue, or has any suggestions how to resolve this?

Thanks in advance!

0 Kudos
6 Replies
Swiftyyyy
Advisor
‎2022-01-29 01:18 AM

Correct me if I'm wrong, but arn't the kav8.zonealarm.com links running over http?
If you're forcing traffic over HTTPS, that would explain the lack of a valid certificate.

0 Kudos
StevePearson
Contributor
‎2022-01-29 06:21 AM
In response to Swiftyyyy

the links its having problems with are dc1.ksn.kaspersky-labs.com, and da.kaspersky.com 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-01-29 03:24 AM

Are you seeing non-HTTP URLs different to those in sk116590?

One alternative is the Supernode approach, refer: sk171703

CCSM R77/R80/ELITE
0 Kudos
StevePearson
Contributor
‎2022-01-29 06:57 AM
In response to Chris_Atkinson

I'm seeing urls that are not listed in sk116590 yes, but I have to assume they should be https as they are using certificates.

dc1.ksn.kaspersky-labs.com

da.kaspersky.com

It sort of suggests that the sk may be out of date,.

I am seeing the same issue with the E85.40 as well the latest E86.20 clients.

I've attached the 2 log entries below

Log1.png
Preview file
59 KB
Log2.png
Preview file
57 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2022-01-29 07:51 AM

What precise JHF version?
Seems to me you would benefit from updating to a later release where SNI support would help you create the necessary exclusions.
Plenty of other reasons to upgrade from R80.20 as well,

0 Kudos
StevePearson
Contributor
‎2022-01-29 08:41 AM
In response to PhoneBoy

The gateway is running Take 202 (205 planned for this coming week!)

We've white listed the urls but it makes no difference, do you think that this could be due to SNI?

There are plans in motion to upgrade, the target was R80.40, but wheels move so slowly we'll go with the recommended version once we get the go ahead to do it (R81.10 now I believe)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top