For me windows update also didn't work with IP addresses in the op. If you are using windows firewall control, use "connection log feature" in manage rules, filter out blocked attempts. Refresh the log, see the latest attempt (or better just clear the log, so it will be easier to see latest attempts). Then press to update windows, refresh the log, you will see attempts by windows update getting blocked. You can perform this a few times to be sure that the IP's you will get are used for windows update. See the screenshot attached. Press on a few connections at once and use "customize and create" option to create one rule for these all IPs. Customize the rule as seen in screenshot, just leave IP's as you get. You might need to perform that a few times. It seems not all IPs will appear from the first time and Windows Update might work for that time, but not the next. Windows firewall allows to block everything, that's how one should do as per OP.
That's right BS-it svchost.exe rule ! Windows update, svchost.exe must be connected with wuauserv service,otherwise you have an open connection to all.
Has anyone tried ZoneAlarm Firewall? In that you can disable all outbound and inbound traffic and then allow everything one by one whenever they try to use the network.
Yes, it's looking like svchost.exe is the way to do it. If I find any further information (which I doubt) I'll add it here.
Post No. 57 - Thanks for this post shewolf... Presumably these changes would show up in the WFC UI and could be ammended from there if need be.
I knew, because I told you. Look, Windows Default Firewall Policy has rule svchost|wuauserv and you with 10$ B.S-it piece downgrade your system. If you allow all instances of svchost.exe to freely go out to the Internet (in your case it is) you've done a security and privacy hole as big as the moon.
My Windows 10 didn't have such rule or at least I couldn't find it, can you give a reference? Why you are so unhappy about 10$ software? The software is a free tool which allows for easy monitoring of connections and creating the appropriate rules for them, after rule set is finished software can be ditched. Not larger than it is by default.
I don't have windows firewall where can I find it? Upssss I think I have accidently uninstall it and used router to block unwanted traffic
BTW regarding hidden windows rules - Windows Service Hardening (which also include rules to allow windows defender, indexer and search), will these be overridden by custom user rules to block this traffic? Or the hidden rules will get priority? You sound like a troll here. Also I don't have that windows update rule enabled.
I would appreciate if could provide a windows firewall rule to allow windows updates working without creating "privacy hole as big as the moon". Also could you elaborate how allowing everything by default with some rules to block search and other exes is safer than block everything with allowing some svchost connections to particular IPs? I have checked the logs with my rules and most svchost connections were blocked apart from local ones and IPs that I included. With default rules(allow all) and your suggested rules to block search/cortana and etc there will be more svchost traffic going through. BTW can anyone elaborate how WSH (Windows Service Hardening) works as per my previous post?
Update Session Orchestrator (Uso) is the one responsible for new WU you should allow its service UsoSvc and client usoclient.exe
I hope you don't mind, I linked your post into my post about Activation, it is such a great help to people, thanks for taking the time to give everyone such a great tool.