Windows desktops and server are not able to perform ms-update

Windows desktops and server are not able to perform ms-update

21668
Created On 07/24/19 10:29 AM - Last Modified 05/04/23 14:50 PM


Symptom


  • Security policy is already configured to allow the ms-update application but still, it is detected as a threat
  • Multiple file-blocking rules are defined in the File Blocking profile
  • The ms-update application is failing on Windows desktop
  • The issue can be seen on Windows Servers as well

Environment


  • PAN-OS 
  • Windows Desktop with ms-updates running

Cause


File blocking profile applied to the security policy which is blocking file type 'cab'. In addition, there can be multiple file-blocking rules defined within a File Blocking profile with contradicting 'block' and 'alert' actions as the "block' action will supersede the 'alert' action (screenshot below). 

image.png

Resolution


In the file blocking profile, change the action for cab file type from 'block' to 'alert' and remove any conflicting file blocking rules that are set to 'block'.

GUI: Objects > Security Profiles > File Blocking
User-added image
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMRRCA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language