11-05-2013 08:09 AM
We currently receive thousands of events in each workstation's event viewer because we are blocking file downloads for our end users. We would like to add a Policy to allow the following files to be downloaded from Microsoft to ensure the Root Certificate downloads are being allowed:
www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Without allowing everything to windowsupdate.com; how we would allow the specific files to be downloaded? If I add the domain to our Whitelist then the Regular Expressions field gets bypassed (unless I am misinterpreting something).
Solved! Go to Solution.
11-05-2013 10:34 PM
Hi Jake,
You may add those URLs into the Regular Expressions field without having to add the domain into the whitelist. Just remember the WSA generally looks from the top-to-bottom. If you add windowsupdate.com to the whitelist AND have a Regular Expression, the whitelist will take effect since it is above the Regular Expression.
-Vance
11-05-2013 10:34 PM
Hi Jake,
You may add those URLs into the Regular Expressions field without having to add the domain into the whitelist. Just remember the WSA generally looks from the top-to-bottom. If you add windowsupdate.com to the whitelist AND have a Regular Expression, the whitelist will take effect since it is above the Regular Expression.
-Vance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide