This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Luis_Esteban
Participant
‎2025-04-23 06:51 AM

Content Awareness blocking windows 11 upgrade download - "Failed to extract text (2)"

Hi,

We are having problems when upgrading our computers to Windows 11. The upgrade process fails and the Check Point Firewall logs show the alert  "Content Awareness - Error while processing '3c69a88c-6bc4-40f9-beb8-b09ad2db5c58': Failed to extract text (2)" when connecting to Microsoft in this URL "tlu.dl.delivery.mp.microsoft.com". When the computer tries the upgrade in a different network with no Check Point Fw, the upgrade works correctly.

I have a case open with Check Point through a Partner, but it has been opened since March, and they are not able to find any solution so far. I suppose we are not the first Organisation affected by this and maybe someone can give us some ideas about how to solve it.

Thank you in advance

Preview file
7 KB
0 Kudos
7 Replies
the_rock
MVP Gold
MVP Gold
‎2025-04-23 09:00 AM

I am working with a customer for probably 2 months now trying to have similar issue fixed, except with AV. We totally gave up on content awareness, since we spent a month trying to figure it out, so working currently with senior T3 guy from Dallas TAC on av issue.

I find it super odd that even in my lab, which is on mgmt R82 and cluster R81.20 jumbo 99 , windows update keeps failing because of AV, but no matter what I bypass for ssl inspection, still does not work.

Once we do another remote with TAC, will update on results.

Andy

the_rock
MVP Gold
MVP Gold
‎2025-04-23 09:05 AM

Also, the only thing I found on support site about this is back from R80.10 stating its fixed in R80.20

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-23 04:25 PM

After remote with TAC, I ended up doing below sk in the lab:

https://support.checkpoint.com/results/sk/sk116022

It did help (somewhat), considering that approximately 1/3 of world websites use http2. They will open a task with R&D to get proper fix, so will need to wait for that.

Andy

0 Kudos
Luis_Esteban
Participant
‎2025-04-24 06:54 AM

Just to add the traffic is "http", not "https"

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-24 06:58 AM
In response to Luis_Esteban

Not sure if thats 100% relevant, though in our case, behavior is more less the same.

Andy

0 Kudos
Luis_Esteban
Participant
‎2025-04-24 07:42 AM
In response to the_rock

I found the security knowledge article sk114954 which explains how to configure actions for a specific file type in Content Awareness blade, including ignore some files. Maybe I could explore this option and ignore the w11 update file from content awareness. However, I don’t know which type/extension the file is as the log doesn’t specify it, I will check with our Support Partnert/Checkpoint if they can identify it in the packet capture that we sent them when replicating the problem. I will keep you inform.

 

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-24 08:04 AM
In response to Luis_Esteban

Not sure if that sk would apply to newer versions, since it says R80.10...

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events