none
[OT] But does anyone know how to ... RRS feed

  • Question

  • ... setup outgoing rules for the Windows Firewall in windows 10 for WindowsUpdate when traffic is blocked by default?

    [Reason: I'm having enough of windows up- and downloading 100MB each day for whatever needed...]

    I saw this: [last two posts]
    https://social.technet.microsoft.com/Forums/de-DE/e1317d2a-c68a-4a53-88f4-694c1d467188/windows-10-firewall-with-windows-update-service?forum=win10itprosecurity
    but I dont want to clone svchost and reconfigure the service to run not shared...

    If there's no other way, I think, I'll rather run WindowsUpdate manually once or twice a day...

    Maybe a Moderator could move this to an appropriate forum in the technet forums, but I first want to ask here - because of the experience of the developers.

    Regards,

      Thorsten



    Saturday, May 27, 2017 10:32 PM

Answers

All replies

  • Hi Thorsten

    Sorry I cannot answer your question because I can't even find a way to manually control my windows updates. In Settings >> Update and Security . . . or anyway else on my PC. I am running Windows 10 Home. You may have more options in your edition.

    The real foundation of true love is free choice. Hate is all about taking away people's choice. Windows 10 is hateful, because I have no control. Microsoft and the evil new world order control my PC and I am very angry about it.

    Hopefully you can have more of a positive experience!

    Cheers


    Pride is the most destructive force in the universe

    Saturday, May 27, 2017 11:54 PM
  • Hi Thorsten

    Sorry I cannot answer your question because I can't even find a way to manually control my windows updates. In Settings >> Update and Security . . . or anyway else on my PC. I am running Windows 10 Home. You may have more options in your edition.


    Hi,

    I'm running Win 10 Home too (Anniversary update, I'm somewhat apprehensive installing the creators update, because I fear that all firewall settings, service settings and custom security settings will be reset like it was with the anniversary update...
    Edit: I installed the Creators Update, ran Windows Update, reconfigured the System and made an image of my SystemDrive. All done in 3 hrs. Installing the Creators Update did work much better than expected. The settings for Services didnt change, but some Services were running that have the starttype "disabled" on first login. So you have to re-check and stop some services. The firewall settings have all been kept (!). Just some rules have been added for some apps, or have been re-activated (like Cortana and MS-news and such things. So you have to re-check these settings too, or import a previously saved list. The other settings are quickly configured in the ControlPanel, or whatever the name for the new version is... So, this all went smoothly and I really am surprised how good it ran). I now disabled outgoing traffic by default and have setup some grouppolicies for restricting code execution (with a tool from the german computer magazine c't) to secure my machine. Also I have disabled all versions and uninstalled version 1 of the SMB protocol.

    In settings --> update and security, I have a button to manually start the search for updates and this I will use with temporarily allowing outgoing traffic for the active firewall profile.

    About MS: I really dont understand why they do it. They had the great chance to win back users with a non spying system, but they went the way most others go (IMHO) and so mistrust and hate increases... Its simply no fun anymore to use a computer these days...

    I'd really buy a tablet a *windows* tablet, if it would look more friendly than with those ugly tiles and color scheme and - most of all - if one could download and install software from where and as he (the user) wants to (like it should be) ...

    Regards,

      Thorsten


    Sunday, May 28, 2017 12:34 AM
  • Thorsten,

    The home editions are meant for Home users. It means that Microsoft wants to be sure it is to be safe to avoid all kind of messages which we saw everyday in the paper. If you have the problems you describe you can make from your Net connection a Metered connection. 

    https://support.microsoft.com/en-us/instantanswers/633571e5-3591-437d-bf6a-071a243305a7/metered-connections-in-windows-10


     


    Success
    Cor


    • Edited by Cor Ligthert Sunday, May 28, 2017 2:31 PM removed sentence about which I'm not 100% sure
    • Marked as answer by Thorsten Gudera Monday, May 29, 2017 4:43 PM
    Sunday, May 28, 2017 11:44 AM
  • If you have the problems you describe you can make from your Net connection a Metered connection. 

    Hi Cor,

    I dont want to limit my connection, I want Windows or other programs to *not* send any data outside, or download data without asking me before. With the Exception of WindowsUpdate.

    Thats why I'm blocking outgoing (and - of course - inbound) data by default now. But I cant figure out what rules to create for the firewall, to *allow* WindowsUpdate when outgoing traffic is blocked by default. For the other programs that I allow, I simply created an appropriate firewall-rule (like firefox and thunderbird and VS)

    Regards,

      Thorsten


    Sunday, May 28, 2017 3:06 PM
  • Thorsten,

    Did you read where Metered connections are about?

    https://www.howtogeek.com/226722/how-when-and-why-to-set-a-connection-as-metered-on-windows-10/


    Success
    Cor

    Sunday, May 28, 2017 4:45 PM
  • This is maybe off-topic as far as VB.NET but I have heard good things about this
    Sunday, May 28, 2017 4:50 PM
  • Thorsten,

    Did you read where Metered connections are about?

    https://www.howtogeek.com/226722/how-when-and-why-to-set-a-connection-as-metered-on-windows-10/


    Success
    Cor

    Hi Cor,

    yes I read this, but then still the firewall will allow outgoing traffic by default. And I want to block it by default - as a security consideration.

    Regards,

      Thorsten

    Sunday, May 28, 2017 5:06 PM
  • Sorry then that I cannot help you. 

    But keep in mind, that if you have not a kind of Linux or other OS driven firewall that not is Microsoft on a complete technical other device between your computer and Internet, they are always able to access your computer. 

    They own the software on the lowest level, so the only thing that can stop them are their world wide given privacy statements between them and customers. 


    Success
    Cor

    Sunday, May 28, 2017 5:20 PM
  • This is maybe off-topic as far as VB.NET but I have heard good things about this

    Hi,

    I probably would use it, if the source code was available... but thanks for the info!

    I think, I'll do what I thought in first place, allow outgoing traffic for the time I manually run WU.

    @ Cor: Maybe I set the adapter connection as a metered one too, but since this is a Lan adapter, I need to do it manually in the registry (W10 Anniversary), am I right?

    Regards,

      Thorsten


    Sunday, May 28, 2017 5:27 PM
  • Thorsten, 

    You ask me now something likewise you are standing on the Parizer Platz in Berlin and ask to somebody if he knows where the Brandenburger Tor is.

    This kind of solutions I've also to find on Internet and if that gives endless replies how to do it using the registry and nothing more, I try it.

    I'm not a system admin, in that case I would do it on my security device in the LAN.

    I don't know this product but just found it on Internet.

    https://www.ubnt.com/unifi-routing/usg/  


    Success
    Cor

    Monday, May 29, 2017 11:37 AM
  • Thorsten, 

    You ask me now something likewise you are standing on the Parizer Platz in Berlin and ask to somebody if he knows where the Brandenburger Tor is.

    This kind of solutions I've also to find on Internet and if that gives endless replies how to do it using the registry and nothing more, I try it.

    I'm not a system admin, in that case I would do it on my security device in the LAN.

    I don't know this product but just found it on Internet.

    https://www.ubnt.com/unifi-routing/usg/  


    Success
    Cor

    Hi Cor,

    thanks for the info! But yesterday I did install the Creators Update where you can set this (metered connection for wired LAN-conn) in the ControlPanel/Windows-Settings (which worked really good. Installing tokk about an hour, One WindowsUpdate afterwards half an hour, configuring everything went relatively quick, since most settings have been kept and creating an image of the systemdrive took also about half an hour, so, after all, things had been done in about 3 hrs, thats acceptable for a home IMHO)

    Thanks, and Regards,

      Thorsten

    Monday, May 29, 2017 4:42 PM