Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-28-2018 02:06 AM Edited on ‎03-26-2024 10:28 PM By Community Manager

Article Id 194565

Technical Tip: Windows Critical and Security Updates scan hangs

Description


This article describes that Windows Critical and Security Updates Scan Appears to Hang and not complete.

The Windows Update tool is used to check for Critical Updates and Security Updates during an operating system scan.  Depending upon the configuration of the scan in the Endpoint Compliance Policy, the agent on the endstation will try to connect to one of the following:

  • Microsoft Windows Update website and any other associated sites.
  • An internal server that is providing the Windows Updates.


If there are communication issues between the endstation and the Microsoft Windows Update sites, the scan can appear to hang and not complete.  As of this writing, the agent does not timeout if the update sites cannot be reached.  Consequently, the scan will remain in a hung state until the scan is canceled. 

Scope


FortiNAC -F v7.x, v9.x, v8.x, Agent v9.x, v5.x.

Solution

 
If the scan exhibits this symptom while the host is in isolation, ensure the following:
  • Allowed Domains List has the appropriate entries for Windows Security Updates.  Refer to the document Domains to Add to Allowed Domains List (zones. common).
  • Once the Allowed Domains list has been updated, verify those domains and any CNAMEs are resolving to the actual IP address and not the isolation IP. To identify which names are resolving to the isolation IP address, see the KB article Troubleshooting domain resolution in the captive portal.
  • The firewall allows traffic to these sites. Even though the client is in an Isolation network, it is necessary to allow access to the internet at least for the Microsoft Update. repository. To achieve it, use the Internet Service Database of the Microsoft-Update in FortiGate as the destination.

 

microsoft update.png

 

If the symptom persists, gather the following from the endstation:
  • Wireshark trace taken during scan.
  • Agent debug logs from endstation.  See related KB articles below. 
  • WindowsUpdate.log from endstation. C:WindowsWindowsUpdate.log
  • Application and System logs under the Windows Logs folder in Windows Event Viewer.

 

Related articles:

Technical Note: Windows Persistent Agent logs

Technical Note: Enable Windows Dissolvable Agent debug logging

Labels:
1510
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.