How to Block Windows Update

LitTadashi Lv1Posted 30 Sep 2024 13:07

At our office we already use Active Directory and currently Windows updates have been distributed via the PDQ Server... for that reason I want to know how to limit or block Windows Updates from Sangfor.

Previously I had created a "Reject" Policy for Windows Update but the Update continued to run in Top Applications by Traffic.

Is there another way to limit Windows Update?

We are using IAG13.0.47

By solving this question, you may help 543 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Newbie517762 Lv5Posted 30 Sep 2024 16:53
  
HiHi,

Are you trying to add those URL lists to block Windows updates in IAG?

Screenshot_30-9-2024_165223_answers.microsoft.com.jpg

Enrico Vanzetto Lv4Posted 30 Sep 2024 20:55
  
On Sangfor NGAF, to block a windows updartes sites, go to "Security Policy" > "Web Policy" > "URL Filtering," create a new rule, and specify the following urls under the "Blocked URL" section.

windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
*.update.microsoft.com
*.windowsupdate.com
download.windowsupdate.com
download.microsoft.com
*.download.windowsupdate.com
wustat.windows.com
ntservicepack.microsoft.com
*.ws.microsoft.com

After that, proceed to create your own category, navigate to "Security Policy" > "Web Policy" > "Category Management," add a new category with a name and description (call it Microsoft update urls for example).
After creating the category, go back to "URL Filtering," edit the rule, and assign your custom category to block these websites .
Save the configurations to apply this block.
dhileepan Lv1Posted 03 Oct 2024 14:54
  
Have you tried creating a policy in access control?
AC - WUP.png
Sheikh_Shani Lv2Posted 06 Oct 2024 13:40
  
Hello Dear

To limit or block Windows Updates using Sangfor with your current setup, you can try the following steps:

1. Create Firewall Rules: Set up rules in the Sangfor firewall to block the specific endpoints that Windows Update uses. Common endpoints include:
   - `windowsupdate.com`
   - `update.microsoft.com`
   - `.windows.com`
   - `.update.microsoft.com`
   You can find other required endpoints by checking Microsoft's documentation.

2. Limit Bandwidth: Instead of blocking updates completely, you can allocate less bandwidth for Windows Update traffic. This way, updates may still run but will be slower and less disruptive.

3. Application Control: Use Sangfor's application control features to identify and restrict Windows Update traffic. Ensure the "Reject" policy is correctly targeting the Windows Update applications.

4. Monitor Traffic: Keep monitoring the traffic to ensure that your policies are working as intended. You may need to adjust your rules based on what you see in the traffic logs.

5. Check Policy Configuration: Ensure that your "Reject" policy is correctly configured and that it applies to the appropriate user groups or devices.

6. Consult Documentation: Review the Sangfor IAG documentation for specific instructions on managing Windows Update traffic, as there may be features or updates in newer versions that could help.

I Can Help:

Change

Moderator on This Board

15
24
3

Started Topics

Followers

Follow

1
1
5

Started Topics

Followers

Follow

Board Leaders