Using Windows Firewall To Block Updates

  1.    03 Aug 2016 #1

    Using Windows Firewall To Block Updates

    I have a few PC's and they have multiple connections to the internet. These connections appear on each PC as a different network. One of the connections is very expensive and metered, so I don't want Windows updating when the primary connection is down and the secondary only is available. For most applications, what I have done is created rules in the firewall to block/allow them on specific networks, but the most dangerous application of all is Windows Update. In ten minutes that can use my entire monthly allowance and then run me in to a huge bill! It's essential that I stop Windows Update using the fail-over network. Does anyone know what application should be blocked in the firewall to stop Windows Update?
      My ComputerSystem Spec

  2. TairikuOkami's Avatar
    Posts : 3,581
    Home 1809 x64 10.0.17763.288
       03 Aug 2016 #2

    davefaz said: View Post
    Does anyone know what application should be blocked in the firewall to stop Windows Update?
    The app is svchost.exe, it is used for DNS request, among other things. You could block ports 80/443 or specific IPs related to WU, but it might block some other functionality as well. You could set your connection to metered, that should prevent downloading WU, but you can not check for them or they will start downloading ASAP.

    Wireless Network Metered Connection - Set in Windows 10 - Windows 10 Forums

    Ethernet Connection - Set as Metered or Unmetered in Windows 10 - Windows 10 Forums
      My ComputerSystem Spec

  3. Posts : 2
    Win 10 Pro, Ubuntu 14.04
       03 Aug 2016 #3

    I don't know how 'do-able' this is in Windows (bearing in mind I have a Linux background !!) but.....

    Windows update depends on the BITS (Background Intelligent Transfer Service) running. If it's not, then it can't check or download updates.

    So, I'd be looking to write a script (triggered from task scheduler) that checks if the primary connection is up and if not, turns off BITS. If it is up, it'd just restart the service.

    Doing it this way would ensure no updates can occur if the primary connection is unavailable. This is pretty simple to write under a Linux shell but I have no idea (yet !!) if it can be done with a simple batch or powershell script. I would imagine however that it can be.
      My ComputerSystem Spec


Related Threads
Hello! I want to block a certain application from any access to the internet, either inbound or outbound, so it will never attempt to upgrade. I went in the Advanced Settings in Windows Firewall but I can only block one-by-one the executable...
I am just starting to learn the Windows Firewall (working on both Windows 7 and 10) and I'm not impressed with the inflexibility of its rules. I would like to know if 1. Is there is a way to do what I want with Windows Firewall? 2. Is there is...
"When Windows 10 arrives this week, Windows Update won't include that option, but Microsoft does have a well-hidden troubleshooter package, KB3073930, which allows you to hide or block Windows Updates and, crucially, driver updates. The...
Source How to Hide or Show Windows Updates in Windows 10
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:32.
Find Us