Trustwave Research Reveals Cybersecurity Risks Threatening Patient Lives in Healthcare. Learn More

Submit RFP
Contact Us
Login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

Submit RFP
Contact Us
Login

login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

Trustwave Research Reveals Cybersecurity Risks Threatening Patient Lives in Healthcare. Learn More

Request a Demo

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services

BY INDUSTRY

BY REGULATION

BY TOPIC

Microsoft Security

Unlock the full power of Microsoft Security

Offensive Security

Solutions to maximize your security ROI

Rapidly Secure New Environments

Security for rapid response situations

Securing the Cloud

Safely navigate and stay protected

Securing the IoT Landscape

Test, monitor and secure network objects

About Us

We reduce cyber risk and fortify organizations

Awards and Accolades

Recognition by analysts and media outlets

Trustwave SpiderLabs Team

Global researchers, ethical hackers, and responders

Trustwave Fusion Security Operations Platform

Unprecedented security visibility and control

Trustwave Security Colony

Access to cybersecurity threat protection resources

Microsoft Security

Unlock the full power of Microsoft Security

Trustwave PartnerOne Program

Join forces with Trustwave to protect against the most advance cybersecurity threats

BLOGS

UPCOMING

MEDIA & ASSETS

NOTICES

HELP

Trustwave Knowledge Base

KB Home Search Latest Additions Most Popular

Knowledgebase

Home » Knowledgebase » WebMarshal » PRB: Windows Update does not connect through WebMarshal proxy

PRB: Windows Update does not connect through WebMarshal proxy

Show/Hide Article Tools

This article applies to:

WebMarshal
Microsoft Windows Update
Windows Store

Symptoms:

Some clients are unable to run Windows Update or Windows Store through WebMarshal proxy.
Windows Update does not run automatically through WebMarshal proxy.

Causes:

WebMarshal policy might not allow access to all sites required by Windows Store or Windows Update.
Windows automatic processes do not use a proxy by default, and cannot use account authentication.
Windows automatic processes use a system proxy setting that you can set manually.

Information:

Sites required for Windows Updates

You can allow access to all sites required by Microsoft Windows Updates by setting up some policies in the WebMarshal configuration.

Create a new URL category called 'Software updates' and populate it with the list of URLs below:
- http://download.windowsupdate.com
- http://*.download.windowsupdate.com
- http://download.microsoft.com
- https://*.update.microsoft.com
- http://*.update.microsoft.com
- https://update.microsoft.com
- http://update.microsoft.com
- http://*.windowsupdate.com
- http://*.windowsupdate.microsoft.com
- http://windowsupdate.microsoft.com
- https://*.windowsupdate.microsoft.com
- http://ntservicepack.microsoft.com
- http://wustat.windows.com
Note: The list of sites used by Windows Updates is subject to change. The list above was taken from Microsoft KB 885819. If you continue to encounter problems after completing the steps in this article, use the Active Sessions feature in WebMarshal Console to identify any blocked sites and add them to the list.
Create a new Standard Rule similar to the following. Place it above any blocking rules:
Site Rule: Permit Software Updates
When a web request is received
For any User
And where the URL is a member of 'Software Updates'

Permit Access to this site
And do not process any further site blocking rules
Create a new Content Analysis Rule similar to the following. Place it above any File Type blocking rules:

FileType Rule: Permit Software Update files
When a web request is received
For any User
And where the URL is a member of 'Software Updates'

Permit Access to this file
And do not process any further file type rules
Be sure to reload the configuration after making these changes.

Proxy authentication options

Windows Update cannot use a proxy that requires account authentication; there is no method to save a credential.

Several possibilities are available to enable automatic updating through a proxy.

Use WSUS. You can configure the WSUS server to use proxy credentials. This is the recommended option for enterprise scenarios and provides greatest flexibility. For WSUS setup, refer to WSUS documentation. Search Microsoft Technet for the latest version of documentation. Here is a recent version.
- Note: If WSUS is connecting through WebMarshal, set WSUS to perform downloads in foreground mode, or add the sites to the Proxy Bypass list. WSUS in background mode uses byte ranges and these are not supported by the WebMarshal Engine. For details, see Trustwave Knowledgebase article Q11582.
Use IP Authentication in WebMarshal. To use this option:
- Add a 'Software Updates' URL category as described above.
- Enable IP authentication in WebMarshal. (If you want to require account authentication for interactive users, enforce browser proxy settings with GPO or other tools.)
- On each workstation, configure the default proxy setting for WinHTTP as described below, using the IP authentication port of WebMarshal.
Use the WebMarshal Proxy Bypass List. To use this option:
- Add the URLs mentioned above to the WebMarshal Proxy Bypass list.
- On each workstation, configure the default proxy setting for WinHTTP as described below.

Proxy settings for WinHTTP

To configure default proxy settings, use proxycfg or netsh winhttp (depending on Windows version). See also Microsoft KB 900935.

In the below instructions, proxyservername and portnumber refer to the WebMarshal server name (or address) and the port where you want to direct the request - for instance, WMSERVER01:8080
For current versions of Windows (Windows 7 and above, Windows Server 2008 and above):

At an elevated (run as administrator) command prompt, enter:

netsh winhttp set proxy proxyservername:portnumber

Alternatively, if the Internet Explorer settings of the current user are correct, you can use them by entering:

netsh winhttp import proxy source=ie
For Windows 2003 and below, at a command prompt, enter:

proxycfg -p proxyservername:portnumber

Notes:

Some earlier releases of Windows Update allowed an interactive user to perform updates through a proxy using their own credentials. However the current versions of Windows Update or Microsoft Update use a back-end process for all updates including user-initiated updates. This article has been revised to reflect this change.