You noticed that your Endpoint Protection (SEP) clients are no longer able to get content definitions from their Group Update Providers (GUPs). When looking at the GUP's content folder, many of the full and delta definitions may show as 1 KB or 276 bytes in size.

Contained within the debug.log from a GUP, messages like this will be present:

2017/08/25 11:58:56.261 [6352:5928] GUProxy - **downloadHelper.CreateUrlRequest Succeed to GET://<SEPM IP Address>:8014/content/TempCache/{07B590B3-9282-482f-BBAA-6D515D385869}/170723008/xdelta170723008_To_170824021.dax, begin from 0 with size 1048576

2017/08/25 11:58:56.261 [6352:5928] GUProxy - Download failed GET://<SEPM IP Address>:8014/content/TempCache/{07B590B3-9282-482f-BBAA-6D515D385869}/170723008/xdelta170723008_To_170824021.dax  ResponseStatus=416

HTTP/1.1 416 Requested Range Not Satisfiable

Connection: close

A firewall or other network appliance alters the HTTP Header for the traffic between the Endpoint Protection Manager (SEPM) and the GUP.

Ensure that any firewalls or network appliances in the environment do not alter HTTP header information for Endpoint Protection traffic.