Microsoft
Microsoftstill can't get MDE to download AV definitions despite having the winhttp proxy configured via netsh and MDE proxy settings configured via GPO. In the WindowsUpdate.log I see a reference to the proxy configuration:
2024/02/12 15:10:35.9432567 21072 20880 WebServices Current proxy settings: proxy name='proxyserver:8081', bypass list='<local>;', auth scheme='0'.
But checking for updates manually through the windows update gui and the defender gui both fail. Letting it sit and run on it's own for over a week, it also fails. If I set the wininet (user) proxy settings, it succeeds while logged in. I haven't tried when not logged in yet.
Our current config routes all MDE traffic configured via GPO through the proxy over port 8081 to the 80 or so URL's on the mde allowed url's spreadsheet. Then on the winhttp proxy set via netsh, we use port 8080 and allow it only to the specific whitelist for windows updates URL's. Would that be causing a problem, going out two different ports? We're not seeing any deny's on our proxy for either port so not sure if the OS is getting confused and not even trying the winhttp proxy.
