1.    03 Aug 2016 #1
    Join Date : Aug 2016
    Posts : 40
    windows 10

    Using Windows Firewall To Block Updates

    I have a few PC's and they have multiple connections to the internet. These connections appear on each PC as a different network. One of the connections is very expensive and metered, so I don't want Windows updating when the primary connection is down and the secondary only is available. For most applications, what I have done is created rules in the firewall to block/allow them on specific networks, but the most dangerous application of all is Windows Update. In ten minutes that can use my entire monthly allowance and then run me in to a huge bill! It's essential that I stop Windows Update using the fail-over network. Does anyone know what application should be blocked in the firewall to stop Windows Update?
      My ComputerSystem Spec
  2.    03 Aug 2016 #2
    Join Date : Oct 2014
    Posts : 3,045
    10.4 Home 1709 x64

    Quote Originally Posted by davefaz View Post
    Does anyone know what application should be blocked in the firewall to stop Windows Update?
    The app is svchost.exe, it is used for DNS request, among other things. You could block ports 80/443 or specific IPs related to WU, but it might block some other functionality as well. You could set your connection to metered, that should prevent downloading WU, but you can not check for them or they will start downloading ASAP.

    Wireless Network Metered Connection - Set in Windows 10 - Windows 10 Forums

    Ethernet Connection - Set as Metered or Unmetered in Windows 10 - Windows 10 Forums
      My ComputerSystem Spec
  3.    03 Aug 2016 #3
    Join Date : Aug 2016
    Posts : 2
    Win 10 Pro, Ubuntu 14.04

    I don't know how 'do-able' this is in Windows (bearing in mind I have a Linux background !!) but.....

    Windows update depends on the BITS (Background Intelligent Transfer Service) running. If it's not, then it can't check or download updates.

    So, I'd be looking to write a script (triggered from task scheduler) that checks if the primary connection is up and if not, turns off BITS. If it is up, it'd just restart the service.

    Doing it this way would ensure no updates can occur if the primary connection is unavailable. This is pretty simple to write under a Linux shell but I have no idea (yet !!) if it can be done with a simple batch or powershell script. I would imagine however that it can be.
      My ComputerSystem Spec


Similar Threads
Thread Forum
Solved How to block multiple EXE files Windows Firewall
Hello! I want to block a certain application from any access to the internet, either inbound or outbound, so it will never attempt to upgrade. I went in the Advanced Settings in Windows Firewall but I can only block one-by-one the executable...
Network and Sharing
firewall rule to block addresses NOT on an IP list?
I am just starting to learn the Windows Firewall (working on both Windows 7 and 10) and I'm not impressed with the inflexibility of its rules. I would like to know if 1. Is there is a way to do what I want with Windows Firewall? 2. Is there is...
Network and Sharing
Microsoft releases tool to hide or block unwanted Windows 10 updates
"When Windows 10 arrives this week, Windows Update won't include that option, but Microsoft does have a well-hidden troubleshooter package, KB3073930, which allows you to hide or block Windows Updates and, crucially, driver updates. The...
Windows Updates and Activation
Microsoft releases tool to hide or block unwanted Windows 10 updates
Source How to Hide or Show Windows Updates in Windows 10
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:26.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App

Windows 10 Forums