I wanted to add a Network Zone for Microsoft Update with the following host names:
windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
*.windowsupdate.com
etc…
It seems my rules are not recognizing the Network Zone. I tried both with http:// prefix and without. Any comment what is wrong or missing?
Thanks!
As far as i remember, and altough it has been part of the wishlist (for what it’s worth…) for a long time, wildcards are not allowed.
On the windows side, and altough windows allows wildcards in dns names, no wildcards in the hosts file, so no solution from there.
Thanx.
Any idea of the ip ranges for Microsoft update servers? Googling for it for sometimes now with no success.
They used to stick to a limited list which was posted somewhere on the forum, but they now use other servers depending on what part of the world you are.
Dennis
Edit Post here it might help in part.
Any idea of the ip ranges for Microsoft update servers?
Nope, but maybe a “whois” might help.
Another way, if these ip are not too many, would be to set cis to custom, and to note the ip asked for (i did something similar for avira updates).
Thnx for the link Dennis. That is what I’m trying to do, allow only what are needed and deny everything else. Not easy to do.
I also did brucine’s suggestion (still doing it) but the ip’s for MS update servers seems too many. It’s hard to manage long list of ip’s in the Network Zone. If something bad happens to my system or even just to CIS I have to start again from scratch. Host names for MS update server is lesser.
It would be easier to set these ip ranges (still if there are not too many) not in the network zones but in the firewall rules themselves.
But you would need for that to customize system rules, and i have shown it elsewhere in this forum (altough at the day speaking near succeeded) to be quite a dangerous practice (leading to system hang, don’t try it if you don’t, like me, have a multiboot system).
I can’t speak more about windows update servers, because as said before they are localized, and also because i only use firefox and don’t want to ever use ie (even for microsoft updates) thus proceeding with them manually when needed.