MWB 3.3.1 not playing nice with Fortinet Firewall

[wbshaw]

I just put one of my small business clients onto MWB Premium for Teams. They have version 3.3.1.

Another vendor installed a Fortinet firewall which broke the update process. It seems the AV filter is blocking access to the update site and won't allow signature updates to download.

The vendor says there is a problem with the site and put version 2.2 in for testing. Since the problem disappears as soon as they disable the Fortinet AV filter, they've concluded that the firewall must be blocking MWB because of a MWB problem (??). They further claimed that once a problem materializes with version 3.x, it breaks ALL versions of MWB. I don't have access to the Fortinet box directly and it seems they are only logging category level hits on the filters and further details from the firewall are unavailable.

Are you aware of any known problems with Malwarebytes and Fortinet firewalls? Is this a test configuration?

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Farbar Recovery Scan Tool (FRST)
  1. Download FRST and save it to your desktop
     Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  3. Press the "Scan" button
  4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
     • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
• MB-Check
  1. Download MB-Check and save to your desktop
  2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
  3. This will produce one log file on your desktop: mb-check-results.zip
     • This file will include the FRST logs generated from the previous set of instructions
     • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

[Firefox]

Hello and Welcome

I have asked your topic get moved to the business section so you will get the best replies.

[AdvancedSetup]

Hello @wbshaw

I'm not aware of any known or reported issues with Fortinet firewalls, however I've been doing computer and network support now for many years. I don't see how a 3rd party firewall cannot be setup to allow access to specified destinations. Pretty limited or weak firewall if you can't control it.

Depending on what product is installed, the firewall should allow all of the following Malwarebytes websites OUTBOUND traffic on port 443 otherwise there may be issues with the program at some point.

 

https://cloud.malwarebytes.com

https://data.service.malwarebytes.com

https://telemetry.malwarebytes.com

https://data-cdn.mbamupdates.com

https://data-cdn-static.mbamupdates.com

https://keystone.mwbsys.com

https://meps.mwbsys.com

https://keystone-akamai.mwbsys.com

https://socket.cloud.malwarebytes.com

https://sirius.mwbsys.com

https://hubble.mb-cosmos.com

https://blitz.mb-cosmos.com

https://cdn.mwbsys.com

https://ark.mwbsys.com

 

[wbshaw]

22 hours ago, wbshaw said:

I just put one of my small business clients onto MWB Premium for Teams. They have version 3.3.1.

Another vendor installed a Fortinet firewall which broke the update process. It seems the AV filter is blocking access to the update site and won't allow signature updates to download.

The vendor says there is a problem with the site and put version 2.2 in for testing. Since the problem disappears as soon as they disable the Fortinet AV filter, they've concluded that the firewall must be blocking MWB because of a MWB problem (??). They further claimed that once a problem materializes with version 3.x, it breaks ALL versions of MWB. I don't have access to the Fortinet box directly and it seems they are only logging category level hits on the filters and further details from the firewall are unavailable.

Are you aware of any known problems with Malwarebytes and Fortinet firewalls? Is this a test configuration?

For  posterity, I'm posting the solution. As I suspected, it wasn't really a MWB problem.

Vendor installed an SSL proxy. MWB update servers detected that someone had broken the encryption chain and would drop the connection. This affected both signature updates and the licensing traffic. Vendor added exceptions to the SSL proxy on the firewall for the malwarebytes websites to resolve the issue.

[AdvancedSetup]

Thank you for the update. I'll go ahead then and close this topic now @wbshaw

Take care and have a great week

Ron