This article targets users of the Secure Web Gateway (SWG) and Symantec products with LiveUpdate. If you are not using these products with SWG, this article will not apply.
This article applies to Symantec users utilizing SWG via the Cloud Delivered Firewall (CDFW), AnyConnect SWG Agent, PAC file, or any other method of connection to SWG while SAML user authentication is active. In the default configuration, using SWG may cause Symantec to crash, causing a blue screen in Windows.
Mandatory SAML & HTTPS Exclusion
When SAML authentication is active on the SWG, all queries that do not come from a session capable browser will receive a redirection response that cannot be completed. In some cases, this may cause an unexpected behavior in the requesting application.
In Synamtec LiveUpdate, liveupdate.symantecliveupdate.com must be added to the HTTPS decryption exception list to allow liveupdate to function. This will exclude these requests from the SAML requirement and answer the request with a standard policy response.
- Symantec LiveUpdate fails
- System crashes and bluescreens occur
- Add liveupdate.symantecliveupdate.com to the HTTPS decryption bypass list
- This will also bypass the SAML authentication requirement
- Add liveupdate.symantecliveupdate.com to the Domain Management -> External Domains list if using PAC or SWG Module in AnyConnect