How to restrict internet access to windows update and antivirus update
- Thread starter Renegade
- Start date
Well, we can start by stopping DNS service so that IE and any browser cannot resolve names, then use a blocker to block all IP addresses except for the update servers that you mentioned.
tommy_vercetti
Guide
Use WSUS and a Managed Antivirus like Symantec Corporate or McAfee Enterprise
+1
Setup a WSUS server and edit the policies on that required server to use the WSUS server to receive updates. If the AV you use is a corporate edition, then it too can have update servers setup on the network. If you use a hardware firewall, block all Internet activity of the IP and add the update servers of windows and AV as exceptions. Note that there might be 10~20 update server IPs for load balancing. Try to find out all possible update server addresses and add them to exception.
Setup a WSUS server and edit the policies on that required server to use the WSUS server to receive updates. If the AV you use is a corporate edition, then it too can have update servers setup on the network. If you use a hardware firewall, block all Internet activity of the IP and add the update servers of windows and AV as exceptions. Note that there might be 10~20 update server IPs for load balancing. Try to find out all possible update server addresses and add them to exception.
GPMlore
Discoverer
Hello, you can use a program called Internet Lock, available from Computer internet security protection & access control software products. You can use it to block any application from accessing internet. It is very easy to set up also. I have tried it and its very good. Only problem i found in this app was using it with torrent clients because they create multiple connections to download files and this program will totally load your CPU. It is worth trying atleast once.