It is impossible to download the latest virus definitions. The logs show the following error:
Error: The request was aborted: Could not create SSL/TLS secure channel.
Virus definition updates take place over a secure connection (HTTPS). In a default installation, if this connection fails, the virus definitions cannot be updated.
As a workaround, please follow the steps below:
Configure .NET Framework to support strong cryptography
Since SSL has been retired in favor of TLS, we must configure the installed .NET Framework to support strong cryptography.
Open a new PowerShell window as Administrator and run the following commands:
On a 32 bit operating system (x86):
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
On a 64 bit operating system (x86_64):
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NetFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
Ensure that updates can go through
GFI MailEssentials can be configured to fall back to HTTP, in case a secure connection cannot be established. The procedure is described in the Setting MailEssentials to use HTTP to download updates article. Once completed, make sure that there aren't any firewall rules that prevent access to the update servers:
GFI MailEssentials downloads updates from the following locations over HTTP ports 80 and 443:
GFI MailEssentials can also be configured to download updates through a proxy server. Refer to the Configuring Proxy Settings article for more information.
This connection issue is an environmental problem and is not related to GFI MailEssentials. Although these workarounds are in place, it is advised to investigate your environment for what is preventing the establishment of a secure connection.
After enabling strong encryption and allowing the fall back to HTTP, the updates are working as expected.