This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StephS
Participant
‎2026-02-04 10:47 AM
Jump to solution

Difference between "Well-known Update Services" and "HTTPS services - recommended bypass"

Does somebody know what the difference between these 2 options is:

HTTPS Inspection Advanced Settings - Bypass Allow List - Well-known Update Services:

Screenshot 2026-02-04 194412.png

Updatable Objects - HTTPS services - recommended bypass:

Screenshot 2026-02-04 194419.png

Is it recommended to use both the setting and the Updatable Object? Are they equivalent to each other? sk98655 shows the same list of update services as in the Updatable Object, apart from VMware updates. So is that the only difference?

We're on R82, both MGMT and gateways. 

Labels
0 Kudos
2 Solutions

Accepted Solutions
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-04 11:32 AM
Jump to solution

It has been a long time since I used HTTPS inspection intensively, but in my youthful recklessness, I would argue that the former applies globally and the latter can be applied granularly in policies.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

View solution in original post

the_rock
MVP Diamond
MVP Diamond
‎2026-02-05 12:58 PM
Jump to solution

Just did some more lab checks and I see one that you mentioned for https bypass, seems more related to windows updates.

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

0 Kudos
9 Replies
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-04 11:32 AM
Jump to solution

It has been a long time since I used HTTPS inspection intensively, but in my youthful recklessness, I would argue that the former applies globally and the latter can be applied granularly in policies.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
StephS
Participant
‎2026-02-06 12:33 PM
In response to Vincent_Bacher
Jump to solution

Ah, that makes sense. Thank you!

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-04 02:45 PM
Jump to solution

This is what sk shows, more less what you posted. I use inspection in the lab, so happy to test whatever you need.

Screenshot_1.png

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-05 12:58 PM
Jump to solution

Just did some more lab checks and I see one that you mentioned for https bypass, seems more related to windows updates.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
StephS
Participant
‎2026-02-06 12:40 PM
In response to the_rock
Jump to solution

Hi Andy,

Thanks for testing. We're having a few small problems with updates and downloads from the MS Store after enabling HTTPS Inspection. We are not using the Updatable Object currently, so I'll try that next week, maybe it'll fix these problems 😀

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-06 12:48 PM
In response to StephS
Jump to solution

Sounds good, keep us posted!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
StephS
Participant
‎2026-02-27 02:03 PM
In response to the_rock
Jump to solution

Just wanted to update the thread. We tried the Updatable object, but it still didn't bypass the MS store traffic so we created a custom application with the MS domains seen in the log during the failed MS store update and that worked for us. So I guess, there's no difference content-wise between the Bypass Allow List in the Global Settings and the Updatable Object, just the possibility to set it granularly via the Updatable Object instead of being applied globally, as @Vincent_Bacher said.

the_rock
MVP Diamond
MVP Diamond
‎2026-02-27 02:07 PM
In response to StephS
Jump to solution

Thanks for the update. Yes, that makes sense.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-08 03:17 PM
Jump to solution

@StephS I did some lab tests today, since I have windows 11 PC behind R81.20 cluster with https inspection on. I disabled that option to bypass traffic to update services and after installing policy, windows update failed. Did not try mozilla one, but Im sure that would have failed too.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events