f.y.i. in (somewhat) recent versions of the package its possible to create multiple 'binds' using the normal webgui options. So its possible to have 1 frontend listen on both :443(with ssl-offloading) and :80. So you don't need the bind in 'advanced pass through' anymore.

Have you looked in your SquidGuard filter log?

Hi, :) So with ssl filtering, windows update does not want to do this. There in there a manipulation to do to solve this problem. Sorry for my bad english  ;D

@Derelict: Don't use transparent mode and only hosts set to use it as a proxy will use it. Alright I will try doing that, thank you.

So what was the solution???

You are running into the application cert pinning I think, I've seen this on a few IOS/android apps but makes sense here as well, and I've confirmed that is what they are doing as well in the following link: http://googleonlinesecurity.blogspot.com/2013/05/changes-to-our-ssl-certificates.html At this time, Google Drive's PC application does not support SNI and performs some degree of certificate pinning for transfers.  (This is going to cause you a lot of issues with SSL MITM setups). One fairly easy way to work around this is with a DNS based filter and with pfSense you can easily control what DNS server a client is using. Thanks, Adam

thanks for your response, I will look and review what you say, I'm hoping to solve this problem, otherwise im gonna give a shot with lusca.