Block Access to Windows Update

8

2

I use a company laptop for work. Usually, I work from a client site. Recently, this client has prohibited the use of its Internet Access from 3rd party. So we switched to a 3G modem + hub as a solution.

However, my company laptop, which runs Windows 7, is configure to automatically download updates. From what I gather, only updates that have been approved by our own company. Either way, I cannot interfere in the process, since it's enforced by a rule.

What I'd like to do is to insert some rule into the 3G's router built-in firewall. Is it possible? Does Windows Update have some main IP that I can block? Or maybe could I block it through a domain name?

Bruno Brant

Posted 2011-11-30T19:24:03.543

Reputation: 581

What do you want the rule to do? – soandos – 2011-11-30T19:48:59.943

@soandos, block any traffic to and from Windows Update services. – Bruno Brant – 2011-11-30T20:32:51.823

Out of curiosity, have you talked to your IT department? Do they want you to get these updates? Because if so, changing the hosts file will prevent you from getting them ever. – soandos – 2011-11-30T20:36:40.047

@soandos, no, I don't want to never get the updates, just to stop then from coming when using my 3G connection, that's why I want block then in the 3G router. The address below in SaintWacko answer was all I needed. Thanks! – Bruno Brant – 2011-12-05T12:57:10.697

Answers

11

Windows Update constantly changes its IP address, so you'd have to block out a massive range of IPs to prevent it. If your firewall supports DNS blocking, block out these hosts:

http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
http://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://stats.microsoft.com
https://stats.microsoft.com

If it does not support DNS blocking, try editing your hosts file to point those hosts to 0.0.0.0. That should prevent them from getting updates.

Microsoft now keeps lists at:

SaintWacko

Posted 2011-11-30T19:24:03.543

Reputation: 1 482

I can't yet comment on the main question, so I'll clarify here. Editing the hosts file will prevent you from getting the updates, but not forever. You can easily re-enable the updates by deleting or commenting out the lines setting the hosts to 0.0.0.0. This will make your computer go back to asking the DNS server for the IP addresses. – SaintWacko – 2011-11-30T20:41:10.117

Let me know how this works for you. – SaintWacko – 2011-12-01T07:39:38.887

sorry I didn't commented about it early. Your answer was EXACTLY what I was looking for; I can block these in my 3G router. I knew how to do it, I just didn't know which address to block. – Bruno Brant – 2011-12-05T12:54:44.400

Asked: 2011-11-30T19:24:03.543

Viewed: 17 713 times

Active: 2018-04-20T09:55:18.227