More Surface Pro blogging....
I had some issues with some of the Windows 8 apps that rely on Xbox Live sign in - Most seemed to take ages to sign in and others refused to sign in at all (SmartGlass in Windows 8!!!). I'd been poking around BitDefender and just couldn't deep enough into the configuration so removed it and went back to ESET.
After fiddling around trying to resolve SmartGlass sign in error 0x3ec with no success, I made some changes to get everything else working...SmartGlass now shows error 0x3ea and I've stopped wasting any more time on it.
[Please note - SSL scanning in original post, but see update comment at end of post]
Long story short - I often enforce an SSL scan (just because a service uses secured transport doesn't mean someone's cocked up something within the delivery), and this was basically what was causing the issue. After adding some certificates as trusted or excluded the whole sign process was fine.
Excluded certificates: login.live.com, storage.live.com
Trusted certificates: none (other than what you already have)
Not happy that some certificates have to be excluded from SSL scanning but a leap of faith needed to get features operational. Don't forget to disable all obsolete versions of SSL (TLS 1.x > only!) if the option exists in your security system.
In addition to that firewall rules need to be added for outbound traffic.
Application: {windows}\system32\WWaHost.exe
Application: {windows}\SysWow64\WWaHost.exe
Protocols: TCP
Ports: HTTP, HTTPS (ports 80 and 443 by default)
Direction: Outbound
The net result is that I have Windows 8 applications working and still isolated by the OS, IDS and SPI features working. There was an issue with a previous version where if your Xbox was wired to the network and you were using wireless for your SmartGlass device the two could not communicate - They needed to be on the same wireless network. I can understand why that might have been done but it renders the features pointless for me (it just doesn't fit the topology we need here at home).
As I've invested too much time already in SmartGlass I just uninstalled and moved on, but the rest of Xbox One, 360, SP3, Windows and WP are operational again.
Update 25-07-2015
I've now disabled SSL scanning in a few security suites due to concerns about privacy and chain management. A number of well thought of systems will not work with SSL scanning enabled (due to the way in which many security suites insert themselves into the chain). The firewall rules mentioned here could still help you but I no longer recommend SSL scanningAs part of my study for things like CEH I'm building a home IDS separate from these software components - these suites are fairly good for most people but anyone who does a lot on their home networks should consider defence-in-depth these days.
