We have a massive problem with .net updates in our machines (in winxp), caused by kaspersky antivirus. If karspersky is running, .net updates fails to install and breaks something, and some programs stop working.
To stop the propagation of the problem, when we detect a new update that broke a computer, we decline that new update in wsus, but a certain number of pc already tried to install it, and if user didn't complain, it never get repaired.
So, we want to decline ALL .net updates by default in WSUS, leaving all other updates approved by default. Can be it done?