Block Access to Windows Update

Question

I use a company laptop for work. Usually, I work from a client site. Recently, this client has prohibited the use of its Internet Access from 3rd party. So we switched to a 3G modem + hub as a solution.

However, my company laptop, which runs Windows 7, is configure to automatically download updates. From what I gather, only updates that have been approved by our own company. Either way, I cannot interfere in the process, since it's enforced by a rule.

What I'd like to do is to insert some rule into the 3G's router built-in firewall. Is it possible? Does Windows Update have some main IP that I can block? Or maybe could I block it through a domain name?

Answer 1

Windows Update constantly changes its IP address, so you'd have to block out a massive range of IPs to prevent it. If your firewall supports DNS blocking, block out these hosts:

http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
http://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://stats.microsoft.com
https://stats.microsoft.com

If it does not support DNS blocking, try editing your hosts file to point those hosts to 0.0.0.0. That should prevent them from getting updates.

Microsoft now keeps lists at:

• https://technet.microsoft.com/en-us/library/bb693717.aspx
• https://support.microsoft.com/en-us/help/3084568/can-t-download-updates-from-windows-update-from-behind-a-firewall-or-p