Thursday, October 6, 2022
Google search engine
HomeNetworkingMikrotikBlock Windows Update in Router Firewall On Mikrotik

Block Windows Update in Router Firewall On Mikrotik

Always keep in mind that disabling Windows updates comes with the risk that your computer will be vulnerable because you haven’t installed the latest security patch. It’s a sad state of affairs that Microsoft’s Windows 10 updates have become so unreliable and potentially dangerous that they may pose an equal or greater risk to being able to use your computer every day. There’s no good option here. Each user has to weigh the risk of giving Microsoft another opportunity to do damage versus the risk of leaving their system vulnerable to attack. If you choose to disable automatic updates, make sure you have good security software and keep it up-to-date.

Search for Microsoft Update Servers

http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://go.microsoft.com
http://dl.delivery.mp.microsoft.com
https://dl.delivery.mp.microsoft.com
http://*.ws.microsoft.com
https://*.ws.microsoft.com
http://*.mp.microsoft.com

Block Windows Update in Router Firewall On Mikrotik

THREE methods if you using Block Windows Update in Router Firewall On mikrotik

  • RAW
  • Firewal Filter
  • REGEXP

RAW

/ip firewall raw
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=windowsupdate.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=test.stats.update.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=ntservicepack.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.download.windowsupdate.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.update.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.windowsupdate.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.windowsupdate.microsoft.com

FILTERS

/ip firewall filter

add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=windowsupdate.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=test.stats.update.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=ntservicepack.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.download.windowsupdate.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.update.microsoft.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=download.windowsupdate.com
add action=drop chain=prerouting comment="Blok Windows Update" protocol=tcp tls-host=*.windowsupdate.microsoft.com

REGEXP Layer 7

/ip firewall layer7-protocol
add name=”windows update ” regexp=”^.+(http://windowsupdate.microsoft.com|http://.windowsupdate.microsoft.\ com|https://.windowsupdate.microsoft.com|http://.update.microsoft.com|https://.update.microsoft.com|\
http://.windowsupdate.com|http://download.windowsupdate.com|http://download.microsoft.com|http://.dow\
nload.windowsupdate.com).*\$”

/ip firewall filter
add action=drop chain=forward comment=”windows update Drop” layer7-protocol=”windows update ” src-address=\
192.168.xxx.0/24
add action=drop chain=input dst-port=21-23 protocol=tcp

Remember, you can do it always on your computer

  1. Press the Windows key and “R”.
  2. Enter “gpedit.msc” in the box.
  3. Double click “Computer Configuration”.
  4. Double click “Administrative Templates”.
  5. Double click “Windows Components”
  6. Scroll to the bottom and double click “Windows Update”
  7. Double click “Configure Automatic Updates”
  8. Select “Disabled” on the upper left.
  9. Click “Apply” followed by “OK”

YOU CAN SUPPORT DEVNINJA WITH A CUP OF COFFEE

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online. to search or browse the published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or more ) as a token of appreciation.

Support Us

DevNinja
DevNinja
A systems engineer with experience in systems administration, cloud computing, systems deployment, virtualization, containers
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

5 + 3 =

- Advertisment -
Google search engine

Most Popular

Recent Comments