Jump to content

ESET File Security and Microsoft WSUS


Recommended Posts

I more or less have the exact same issue that was posted here back in December: hxxp://www.wilderssecurity.com/showthread.php?t=338009

 

I, too, am running Microsoft WIndows Server Update Services (WSUS) 3.0 SP2 on a 32-bit Windows Server 2003 R2 machine.  With protocol filtering enabled, I repeatedly get these two errors in the Application log in Event Viewer when it attempts to download updates:

 

=====

 

Event Type: Error
Event Source: Windows Server Update Services
Event Category: Core 
Event ID: 10032
Date: 7/23/2013
Time: 5:36:37 AM
User: N/A
Computer: WSUS-SERVER
Description:
The server is failing to download some updates.
 
For more information, see Help and Support Center at hxxp://go.microsoft.com/fwlink/events.asp.
 
=====
 
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Synchronization 
Event ID: 364
Date: 7/23/2013
Time: 5:28:36 AM
User: N/A
Computer: WSUS-SERVER
Description:
Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.
 Source File: /msdownload/update/software/defu/2013/07/am_delta_patch_1.155.325.0_717c923552c0311b07a5ccd36c48a9c1407028ee.exe Destination File: d:\WSUS\WsusContent\EE\717C923552C0311B07A5CCD36C48A9C1407028EE.exe.
 
For more information, see Help and Support Center at hxxp://go.microsoft.com/fwlink/events.asp.
 
=====

 

I am running ESET File Security version 4.5.12011.0.  I have added the protocol filtering exception mentioned in the link above:

 

 

 

The issue was solved after exluding the following application in Computer protection > Antivirus and antispyware > Protocol filtering > Excluded applications:
"C:\Program Files\Update Services\service\bin\wsusservice.exe"

 

This, however, is not solving the problem for me.  Disabling protocol filtering does work for me, but I'd rather leave it on and fix this proper.  Are there any ideas what more I can do to resolve this problem short of disabling a feature in ESET File Security on this server?

Link to comment
Share on other sites

Guest Lawrence Garvin

The wsusservice.exe is not performing the downloads for the EXE file listed; that download is performed by BITS. I'm somewhat intrigued that it made any difference in the original issue in 2006.

 

I believe that you'll need to exclude BITS as well. However, BITS runs within the context of a svchost.exe process running in the SYSTEM context, so you may have to open that pipe a bit wider.

 

Link to comment
Share on other sites

I found the svchost.exe process (C:\WINDOWS\System32\svchost.exe -k netsvcs) that is responsible for BITS, and see it's responsible for maybe about 20 services after poking around a bit in Process Explorer.  How exactly would I go about adding this as an exception without doing all of svchost.exe processes?

Link to comment
Share on other sites

Mihlfeld,

 

 

   I would love to help resolve this for you. In order to do that, I need to know precisely what ESET software and version you have installed on this server as well as the version of OS it is running. You are welcome to reply to this forum or to send me a direct message with this information. That will help me understand the modules that you have installed and help determine the best solution for you.

Link to comment
Share on other sites

  • Administrators

I wonder if you browse websites that you need to keep http checking enabled on the server. It's always been disabled by default on servers as it may cause issues, for instance, due to bugs in Windows Filtering Platform.

 

Do you have SSL scanning disabled?

Link to comment
Share on other sites

  • 9 months later...

Any news on this. I'm having the same issue. I had to disable Web Access Protection in order for the updates to download.

 

Please let me know if you need me to provide more info

Link to comment
Share on other sites

  • ESET Moderators

Hello Ramirez, 

 

there are 2 possible solutions:

1. disable protocol filtering completely if you don't need it.

2. make exception from protocol filtering for the process responsible (svchost.exe has been mentioned here)

 

May I ask why do you need the protocol filtering (web access protection) on the server? 

Link to comment
Share on other sites

Hello Ramirez, 

 

there are 2 possible solutions:

1. disable protocol filtering completely if you don't need it.

2. make exception from protocol filtering for the process responsible (svchost.exe has been mentioned here)

 

May I ask why do you need the protocol filtering (web access protection) on the server? 

 

When I did the installation I just did the default installation. I didn't think about it until I saw the issue with the WSUS download. I'll leave the protocol filtering off as suggested.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...