[Snort-users] FW: Allowing windows updates to pass through snort

Tony Reusser treusser at ...15879...
Tue Feb 18 12:04:53 EST 2014

You're gonna hate this answer.  But please, I'm not trying to be snide or

The best solution is to run SNORT on linux.

Been running SNORT on CentOS with Barnyard, PulledPork and BASE for nearly
two years without a single hic-up.  Updates are easy and straight forward.
IMHO, Windows is the absolute WORST platform for running any kind of IDS/IPS



-----Original Message-----
From: Doug Olitsky [mailto:doug_olitsky at ...131...]
Sent: Tuesday, February 18, 2014 9:31 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Allowing windows updates to pass through snort

OK, I'm a beginner at this and after months of trying to read and teach
myself I cry uncle...

I have Snort running on a pfSense gateway I built a year ago. For the life
of me I cannot figure out how to prevent windows updates from being blocked.
My lame solution is to disable Snort for updates and then restart when done.

I tried setting IPS to Connectivity and even disabling it along w/ the
community rules to no avail.

Any guidance is appreciated


Managing the Performance of Cloud-Based Applications Take advantage of what
the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort

More information about the Snort-users mailing list