Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

WindowsUpdate - Root Certificates

We currently receive thousands of events in each workstation's event viewer because we are blocking file downloads for our end users. We would like to add a Policy to allow the following files to be downloaded from Microsoft to ensure the Root Certificate downloads are being allowed:

www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt

ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab

ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Without allowing everything to windowsupdate.com; how we would allow the specific files to be downloaded? If I add the domain to our Whitelist then the Regular Expressions field gets bypassed (unless I am misinterpreting something).

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

WindowsUpdate - Root Certificates

Hi Jake,

You may add those URLs into the Regular Expressions field without having to add the domain into the whitelist.  Just remember the WSA generally looks from the top-to-bottom.  If you add windowsupdate.com to the whitelist AND have a Regular Expression, the whitelist will take effect since it is above the Regular Expression.

-Vance

1 REPLY
Cisco Employee

WindowsUpdate - Root Certificates

Hi Jake,

You may add those URLs into the Regular Expressions field without having to add the domain into the whitelist.  Just remember the WSA generally looks from the top-to-bottom.  If you add windowsupdate.com to the whitelist AND have a Regular Expression, the whitelist will take effect since it is above the Regular Expression.

-Vance

1923
Views
0
Helpful
1
Replies
CreatePlease login to create content