SonicWall blocks msftncsi.com as malware

UPDATE: Sonicwall is aware of the issue with their content filtering service (CFS) blocking msftncsi.com. They are working to fix the issue this week and recommend implementing a allow URI list for www.msftncsi.com and msftncsi.com.

Microsoft Windows 10 and 7 perform periodic checks to see if it is properly connected to the Internet. The check essentially does a quick ping at http://www.msftncsi.com/ncsi.txt and evaluates whether the result is “Microsoft NCSI”. If the check fails, then Windows displays a yellow triangle on the Ethernet or WiFi adapter indicating that the system is connected to a network but does not have Internet connectivity.

Unfortunately Microsoft Office 365 desktop apps use the aforementioned network adapter status. If it is in error due to a failed msftncsi.com check, it will prevent users from completing modern authentication. The dialog will simply state: “We are unable to connect right now. Please check your network connection and try again later.”

Sonicwall is aware of the issue and is working to resolve it but recommends users to create an allow URI object for www.msftncsi.com and msftncsi.com. Here’s how:

  1. Navigate to Manage->Objects->Content Filter Objects->URI List Objects.
  2. Create a new list named Allowed List or whatever verbiage you prefer. Then add both www.msftncsi.com and msftncsi.com.
  3. Navigate to Manage->Objects->Content Filter Objects->CFS Profile Objects. Find your active policy profile and edit it. Ensure that your Allowed List is selected in the appropriate area.
Skip to content