Solved

Users/Clients communicating with www.download.windowsupdate.com even though policy points them at WSUS server

Posted on 2012-03-15
6
1,058 Views
Last Modified: 2012-03-16
Recently we configured a new Sonicwall NSA device which allows us to monitor our Internet traffic in more detail.

One of the things I have noticed is that  quite frequently our users are communicating with the Windows update website at www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

We have in place a policy to force the clients to get updates from our local WSUS server, so I am not sure why this is happening.

Fortunatly the sonicwall device is blocking access to the website, but my concern is that the client PC's are attempting to connect/download/install the updates in the background when the user is not logged on.

(It is important that we control Windows updates ourselves)

example of sonicwall message
0
Comment
Question by:stalbansschool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 

Author Comment

by:stalbansschool
ID: 37724000
I think I have half answered this question myself with a little more research.

I now see that www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Points to Microsoft's Certificate Trust List.

Are people able to provide me with a bit more information about this file?  

What is envoking the download of this file?

Do my users need to access this link to download it?  (currently if I log on as a user and go directly to this link it is blocked by our sonicwall device)
0
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 500 total points
ID: 37726827
this behavior can occur if the Update Root Certificates component is turned on and the computer cannot connect to the Windows Update server on the Internet. The Update Root Certificates component automatically updates trusted root-certificate authorities from the Microsoft Update server at regular intervals.

To resolve this behavior, you must connect to the Internet or turn off the Update Root Certificates component. To turn off the Update Root Certificates component, follow these steps:
In Control Panel, double-click Add/Remove Programs.
Click Add/Remove Windows Components.
Click to clear the Update Root Certificates check box, and then continue with the Windows Components Wizard.

Or, by using a GPO turn off the option.
Computer Configuration – Administrative Templates – System – Internet Communication Settings
"Turn off Automatic Root Certificates Update”
but consider the problems by not updating your CA's


WSUS do have (double check as my memory start to fade ) root cert update
Update for Root Certificates for Windows XP and windows 7  (KB931125) (2 seperate update)
0
 

Author Comment

by:stalbansschool
ID: 37728952
great, thank you for your comment.

So please can I just confirm, if I switch off this option using GPO, WSUS should handle the update?

WHat envokes this behaviour?  Is it when the user opens Internet Explorer?

Is there any harm in unblocking access to this website?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 37

Expert Comment

by:Jian An Lim
ID: 37728964
again, microsoft design it to download every couple of days just in case WSUS do not kicks in.
it is design to work even without WSUS.

so if you have WSUS, then that download become redundant because you always keep your root cert update to do (that means if you really did that)
0
 

Author Comment

by:stalbansschool
ID: 37728980
great answer, thank you very much
0
 

Author Closing Comment

by:stalbansschool
ID: 37728982
perfect answer, explained excellently
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
firefox 50 saying your connection is not secure to every website 13 420
IE 11 + long running scripts 3 96
Enterprise Mode 4 54
Script Error 5 21
The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question