Always keep in mind that disabling Windows updates comes with the risk that your computer will be vulnerable because you haven’t installed the latest security patch. It’s a sad state of affairs that Microsoft’s Windows 10 updates have become so unreliable and potentially dangerous that they may pose an equal or greater risk to being able to use your computer every day. There’s no good option here. Each user has to weigh the risk of giving Microsoft another opportunity to do damage versus the risk of leaving their system vulnerable to attack. If you choose to disable automatic updates, make sure you have good security software and keep it up-to-date.
Search for Microsoft Update Servers
http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://wustat.windows.com http://ntservicepack.microsoft.com http://go.microsoft.com http://dl.delivery.mp.microsoft.com https://dl.delivery.mp.microsoft.com http://*.ws.microsoft.com https://*.ws.microsoft.com http://*.mp.microsoft.com
Block Windows Update in Router Firewall On Mikrotik
THREE methods if you using Block Windows Update in Router Firewall On mikrotik
- RAW
- Firewal Filter
- REGEXP
RAW
/ip firewall raw add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=windowsupdate.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=test.stats.update.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=ntservicepack.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.download.windowsupdate.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.update.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.windowsupdate.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.windowsupdate.microsoft.com
FILTERS
/ip firewall filter
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=windowsupdate.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=test.stats.update.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=ntservicepack.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.download.windowsupdate.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.update.microsoft.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.windowsupdate.com add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.windowsupdate.microsoft.com
REGEXP Layer 7
/ip firewall layer7-protocol add name=”windows update ” regexp=”^.+(http://windowsupdate.microsoft.com|http://.windowsupdate.microsoft.\ com|https://.windowsupdate.microsoft.com|http://.update.microsoft.com|https://.update.microsoft.com|\ http://.windowsupdate.com|http://download.windowsupdate.com|http://download.microsoft.com|http://.dow\ nload.windowsupdate.com).*\$” /ip firewall filter add action=drop chain=forward comment=”windows update Drop” layer7-protocol=”windows update ” src-address=\ 192.168.xxx.0/24 add action=drop chain=input dst-port=21-23 protocol=tcp
Remember, you can do it always on your computer
- Press the Windows key and “R”.
- Enter “gpedit.msc” in the box.
- Double click “Computer Configuration”.
- Double click “Administrative Templates”.
- Double click “Windows Components”
- Scroll to the bottom and double click “Windows Update”
- Double click “Configure Automatic Updates”
- Select “Disabled” on the upper left.
- Click “Apply” followed by “OK”
