Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, September 24, 2015 11:47 AM
Hello, does anyone know exact rules which will 'Allow' updates to be downloaded?
After upgrading to W10 I changed default firewall behavior to block outbound connections (as I usually do, I don't like any random program having full access to network). And now I can't figure out what changed from Win7 and how to allow only update service.
I am not using any other online services, no microsoft account, no skydrive etc, so making a rule allowing access from every program to MS ip range is out of question.
Already tried:
1. copying rule from W7 (allow svchost.exe / Windows Update service) - didn't work
2. tracking blocked connections with event log - blocked application is svchost.exe, but even making rule for each service running in this process instance didn't work. Furthermore, allowing 'all services' with svchost.exe did not work either.
Definitely I am not allowing svchost.exe without service restriction.
All replies (4)
Wednesday, September 30, 2015 1:33 AM âś…Answered
Hi,
http://technet.microsoft.com/en-us/library/cc708605(WS.10).aspx
This is what's needed to get WSUS working through your firewall.
This should be the same for a regular client system.
Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Regards,
D. Wu
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Saturday, September 26, 2015 11:00 PM
Control Panel> Windows Firewall>Advanced Settings>``Action>Restore Default Policy
S.Sengupta, Windows Experience MVP
Thursday, May 12, 2016 1:07 PM
Hello Andy!
I'm having the exact same problem as you and can't seem to find a solution. Did you?
It would help me a lot!!! Thank you,
Lionel
Sunday, July 8, 2018 11:58 PM
Top result in a google search for this so bumping to get a working answer hopefully?
That answer is for WSUS servers and this question clearly relates to a Windows 10 client PC accessing the Windows Update servers to download automatic updates.
Mine is a Windows 10 64-bit laptop and using Windows Firewall with Advanced Security with "outbound connections that do not match a rule are blocked". I too do not want any application be able to access the internet unchecked.
I have created a rule that allows the Windows Update service to access ports 80 and 443 to any external IP address.
- This allows the service to check for updates
- This does not apparently allow windows update to download the updates
What processes and/or services need access to what outbound remote ports in order for Windows 10 Update to work with Windows 10 Firewall please?