Windows Update Exception through Windows Firewall

windows windows-update windows-firewall
39,912

Yes, Go to Windows Firewall (control panel ->security ->firewall) click on advanced settings on the left. Create inbound/outbound rules. Alternatively you may be able to just add windows update as an app or feature (option above advanced settings on the left of the firewall screen).

Here is a link that goes into more detail about how to do it:http://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/

one more thing just for clarity. It varies a little depending on your version of windows, but you probably need to add(in advanced setup): c:\windows\System32\wuauclt.exe and be sure to add the service of "windows update" and if that doesnt work try
Process - %SystemRoot%\System32\svchost.exe
Services - Windows Update
and(possibly needed)
Remote ports 80, 443
Process - %SystemRoot%\System32\svchost.exe
Service - BITS
Remote Ports 80, 443

Share:
39,912

Related videos on Youtube

Copy Run Start
Author by

Copy Run Start

I'm the sole Network/Sys Admin for a design and media company of about 500 nodes. CCNP | MS-70-640 | MS-70-642

Updated on September 18, 2022

Comments

  • Copy Run Start
    Copy Run Start almost 2 years

    We have a couple machines deployed to a retail environment and due to budget constraints, are limited to Windows Firewall as our firewall.

    We inherently block all outgoing connections, and whitelist what we need. Unfortunately, whitelisting wuauserv service and svchost.exe is still blocking Windows Update from downloading updates, with error 80240438.

    The firewall log shows the following: 

    2016-05-03 09:53:02 DROP TCP 192.168.10.21 134.170.58.121 49377 443 0 - 0 0 0 - - - SEND
2016-05-03 09:53:02 DROP TCP 192.168.10.21 65.55.138.126 49378 443 0 - 0 0 0 - - - SEND

    Which I've verified are Microsoft IPs.

    As far as I can tell, there is no way to whitelist the following hostnames in Windows Firewall.

    http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
http://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com

    Is there anyway for Windows Update to work with Windows Firewall whitelisting?

    I'm not specifically asking how to whitelist domain the names, more so asking how can I whitelist Windows Update as a whole.

    • Todd Wilcox
      Todd Wilcox about 8 years
      What's your question?
    • Copy Run Start
      Copy Run Start about 8 years
      @Todd Wilcox Is there anyway for Windows Update to work with Windows Firewall whitelisting?
    • Lenniey
      Lenniey about 8 years
      As far as I know, with the out of the box Windows firewall this can't be done. You always have to use IPs / subnets.
  • Lenniey
    Lenniey about 8 years
    OP is asking for whitelisting specific hosts, this cannot be done in the way you describe it.
  • theinvisibleduck
    theinvisibleduck about 8 years
    The OP is asking if there is a way to get windows update to work with windows firewall white listing. The answer to this is yes. They are not asking if they can white list domains/hosts that is a different question.
  • Copy Run Start
    Copy Run Start about 8 years
    As you can see in my post, I already made rule for svchost and windows update service. This did not help.
  • theinvisibleduck
    theinvisibleduck about 8 years
    Did you include the ports and the bits service as well?
  • Luc
    Luc almost 6 years
    As of Windows 8.1, this is no longer sufficient. See social.technet.microsoft.com/Forums/windows/en-US/… (Uwe Bubeck's answer in particular) and social.technet.microsoft.com/Forums/windowsserver/en-US/… (Jani's answer about thread pools in particular).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Uninstalling Windows Hotfix via C# or PowerShell
Allowing a program through windows firewall
Windows 10 Update Failure (2021-05 Version 20H2) KB5003173
Problems with Windows Update on Server 2012 R2
Update to Windows 10 version 1709 is stuck, how can I fix it?
Error 0x80070643 - Can't get the update
For Windows 10 update, what are the IP address for firewall?
Is shutting down laptop during Windows 10 update download inadvisable?
Error 0x80240017 While Installing Microsoft Visual C++ 2015 Redistributable on Windows Server 2012 R2
A list of all the Windows 8.1 updates