cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

4880
Views
0
Helpful
1
Replies
Highlighted
Beginner

WindowsUpdate - Root Certificates

We currently receive thousands of events in each workstation's event viewer because we are blocking file downloads for our end users. We would like to add a Policy to allow the following files to be downloaded from Microsoft to ensure the Root Certificate downloads are being allowed:

www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt

ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab

ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Without allowing everything to windowsupdate.com; how we would allow the specific files to be downloaded? If I add the domain to our Whitelist then the Regular Expressions field gets bypassed (unless I am misinterpreting something).

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

WindowsUpdate - Root Certificates

Hi Jake,

You may add those URLs into the Regular Expressions field without having to add the domain into the whitelist.  Just remember the WSA generally looks from the top-to-bottom.  If you add windowsupdate.com to the whitelist AND have a Regular Expression, the whitelist will take effect since it is above the Regular Expression.

-Vance

View solution in original post

1 REPLY 1
Cisco Employee

WindowsUpdate - Root Certificates

Hi Jake,

You may add those URLs into the Regular Expressions field without having to add the domain into the whitelist.  Just remember the WSA generally looks from the top-to-bottom.  If you add windowsupdate.com to the whitelist AND have a Regular Expression, the whitelist will take effect since it is above the Regular Expression.

-Vance

View solution in original post

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here