Microsoft Update

Microsoft Update updates the Windows operating system and Microsoft applications, such as Office. The update process runs as a system service and consequently does not use the same certificate trusts as a user.

Note: When Microsoft Update is accessed with HTTP, no special configuration is required. However, because the connection is not secure, this method is not recommended.

To use Microsoft Update with HTTPS when SSL support is enabled, you must bypass the proxy in one of the following ways:

PAC file entry:

/* Don't proxy Microsoft Update */

if ((host == "download.microsoft.com") || (host == "ntservicepack.microsoft.com") || (host == "cdm.microsoft.com") ||

(host == "wustat.windows.com") ||

(host == "windowsupdate.microsoft.com") || (dnsDomainIs(host, ".windowsupdate.microsoft.com")) || (host == "update.microsoft.com") ||

(dnsDomainIs(host, ".update.microsoft.com")) || (dnsDomainIs(host, ".windowsupdate.com")))

{

return 'DIRECT';

}
Static bypass rule: Not recommended due to the number of IP address ranges used by Microsoft and the dynamic nature of that IP address set.
SSL incident rule: The rules that are included in the Incident List by default are sufficient.

Alternatively, you can disable Microsoft Update and use Windows Update instead. Windows Update only updates the operating system and doesn’t have problems transiting the proxy.

If you elect to use Windows Update:

  1. Add the URL to the Scanning: Never Scan list (in the Web Security module of Forcepoint Security Manager).
  2. In the Content Gateway manager, go to Configure > Protocols > HTTP > Timeouts, and make sure that the Keep-Alive Timeouts value is set to 60.

On Windows 7 systems, to repair Microsoft Windows error 80072F8F, navigate to Start > Control Panel > Troubleshooter > System and Security and select Fix problem with Windows Update.