When using an iOS device on the Cisco Umbrella Secure Web Gateway (SWG) with file inspection settings turned on, all App Store downloads and updates will fail and be blocked as malware. These will appear in your reports as malware blocks attributed to "http://iosapps.itunes.apple.com/itunes-assets/*" or similar domains.
Apple app downloads are equivalent to encrypted archives which are automatically blocked as malware. This ensure that potentially harmful archives which cannot be scanned are not permitted. This feature is not able to be disabled or bypassed. This applies to iOS devices and Apple TV.
These files are not confirmed to be malicious despite the flag of "Malware"; however, they are flagged as malicious due to an inability to extract the archive.
In order to allow iOS application updates and downloads, this traffic must bypass file inspection. There is currently no way to exempt this traffic from file inspection, and therefore the only resolution is to bypass the traffic past the SWG. Some options include:
- Turning off File Inspection completely
- Adding the domain to the External Domains list on the Dashboard (Umbrella-hosted PAC file only)
- Adding the domain to the Internal Domains list on the Dashboard (AnyConnect SWG Umbrella Module only - EFT)
- Manually bypassing the Apple domain in a self hosted PAC file
- Connect iOS device to a different network which does not have the SWG enabled