using Hostname to allow windows update only

Hello to all.

Win xp sp3
Avast 4.8 home
CFP 3.025.378

-most of the time limited user
-Internet connection Broadband ADSL router
-AV disabled before installing CFP

  • some custom rules are created.

Problem discretion:
We all know there are certain applications and services which does not make direct internet connection but piggy ride on svchost to make outbound connections for example windows update. HP scanjet update, other printer drivers and many notorious software.

so I allowed svchost to make outbound connections on destination port 53 ,67, 1900,

Now my Problem is I do not want except windows update to be connected by svchost.

I tried to configure the outbound rule using Host name as MICROSOFT in destination address but this didn’t work

I tried Online help manual of COMODO but nothing much was clear ( This section is not explained in much i.e host name)

Kindly tell me how I can allow svchost to connect to windows update only and not to serve the request of each and every exe.

  • How to use Host name in destination address like use of wild card etc

Thanks and regards