![Screen shot of identified network objects inside updates group]()
The environment: Retail locations (PCI-DSS applicable) Point of Sale registers running Windows XP OS segmented onto a DMZ. Each register runs a Kaseya agent with End Point Security (AVG antivirus). Each location has a SonicWall TZ 215 appliance.
I am having issues updating the AVG installs on the registers. My DMZ rules allow HTTP access to predestinated websites only (2 commerce processing sites and AVG). I quickly discovered the initial AVG update site was inadequate, so I created an AVGUpdateSites network address object and then grouped various update sites (other network address objects) that the log files were showing AVG was trying to access.
I'm up to 15 different update sites now and have some fourth level domain transport companies (e.g. akamaitechnogies.com, nlayer.net, etc...) that seem to change daily. I need to allow access for all of these AVG update sites and block everything else.
I'm looking for ideas of how to better skin this cat. Still haven't spoken to anyone at AVG that even knew they were using these dynamic sites. Attached is a pic of the sites I've currently identified. It shows a few different attempts at the 3rd and 4th level domain attempts - none work.
http://free.avg.com/faq.num-2416#faq_2416
http://free.avg.com/faq.num-2419#faq_2419