- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Re: Exclude files from emulation
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exclude files from emulation
We have 1000s of pcs going to a windows update site to download a .cab file. It crashed our Threat Emulation blade. We would like to exclude windows updates from threat emulation. I tried making an exclusion rule set to detect only but can not get the rule to match with the traffic. What would be the correct url string in our application /Site group to bypass all windowsupdate.com files? We have 77.30 take 302
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm.. why on earth do you have 1000s of PCs using Windows Update site instead of a single WSUS?
Could it be a campus environment where you do not control the endpoints? If that's the case, perhaps caching proxy would be a better solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree with you on that one. For whatever reason the Microsoft team is allowing this traffic to go out to the internet. I just need a way to exclude all the threat emulation hits. The source in the emulation log says "Trusted Source" so I do not think we are actually sending the file out to the cloud for emulation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep:
