- Windows Update and Windows Firewall
- Replies (3)
- Add windows update to windows firewall
- Asked by:
- General discussion
- How to add outbound rule in windows firewall to allow Windows Update?
- Windows Update and Windows Firewall
- Replies (3)
- Windows 10 Firewall how to create an Outbound Whitelist rule for Windows Update
Windows Update and Windows Firewall
I am using third party internet security on my windows 10 machine, which includes a proprietary firewall.
As far as I know, it’s not recommended to run multiple security software at the same time.
The problem is that, if I turn off windows firewall, then windows update won’t work. So I have no choice but to leave it active.
I fear that this situation may lead to the rules I have set on the third party firewall being overridden.
Is this a known issue or does it have some form of logic?
Replies (3)
Thank you for posting the query on Microsoft Community. I am glad to assist you on this.
Yes, it is not recommended to use multiple security software at a time. As you have set rules on third party service provider, I would suggest you to contact the support of third party service provider for better clarification and check if it helps.
Kindly let us know if you need any further assistance with Windows. We are glad to assist you.
12 people found this reply helpful
Was this reply helpful?
Sorry this didn’t help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
I think you don’t understand the issue.
It’s a fact that Windows Update (and the app updates in Windows Store) doesn’t work if the Windows Firewall service isn’t running. If someone like LaurFlorin or me have a third-party security suite with its own firewall, then basically we are in a quite uncomfortable situation. If we leave the Windows Firewall service running, it may create conflicts as the Security and Maintenance part of Control Panel warns us. If we stop the Windows Firewall service, then the Windows Update and the Windows Store app updates don’t work. Is there a workaround for this situation? I don’t want to hassle turning on the Windows Firewall each time there’s an update.
Never mind, I have found the solution here: https://forums.comodo.com/firewall-help-cis/comodo-firewall-windows-firewall-and-windows-update-t113903.0.html
«Don’t disable the Windows firewall, you’ll also lose the ability to share files and printers if you do. Instead open the Local Security Policy (Control Panel > Administrative Tools > Local Security Policy). Expand Windows Firewall with Advanced Security, then click on the Windows Firewall with Advanced Security sub-option that appears. In the Windows on the top right click the Windows Firewall Properties text menu and then in the dialog box that opens set the Firewall State to Off for the Domain, Public and Private profiles. That will stop the Windows firewall from operating whilst still leaving the service running for all other features.»
Add windows update to windows firewall
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Asked by:
General discussion
Can anyone kindly give me a Windows Firewall rule that allows Windows Update? Assume I’m running MMC’s «Windows Firewall with Advanced Security» snap-in as Administrator. Note that a «solution» that takes down the outbound firewall is not acceptable.
===== Solution =====
Suppose that, as the default, you’ve set the outbound firewall to block (see To close the outbound firewall, below). In order for Windows Update to check whether an update is available and then to download the update files, you first need an outbound firewall allow-rule that allows the Windows Update service to pass through the outbound firewall.
Prerequisite: Knowledge of the Microsoft Management Console (MMC) and its «Windows Firewall with Advanced Security» plug-in.
What you will do: You will use the «Windows Firewall with Advanced Security» MMC plug-in to create an outbound firewall rule that allows ‘%SystemRoot%\System32\svchost.exe’ (the generic service driver) to pass through the outbound firewall on behalf of ‘wuauserv’ (the name of the specific service that performs the update).
Warning: If you don’t know what I’m writing about, get help.
Name: Allow Windows Update (. or any name you prefer — it doesn’t matter)
Group:
Profile: Public
Enabled: Yes
Action: Allow
Program: %SystemRoot%\System32\svchost.exe
Local Address: Any
Remote Address: Any
Protocol: Any
Local Port: Any
Remote Port: Any
Allowed Computers: Any
Status: OK
Service: wuauserv
Rule Source: Local Setting
Interface Type: All interface types
Excepted Computers: None
Description:
To open the outbound firewall:
More accurate wording would be
Outbound connections are allowed unless explicitly blocked by a rule.
If you look at the standard rules you will find no block-rules. That means that nothing is blocked, everything is allowed, and the outbound firewall is wide open.
To close the outbound firewall:
More accurate wording would be
Outbound connections are blocked unless explicitly allowed by a rule.
If you look at the standard rules you will find only allow-rules that have been crafted to allow the vital Windows connections to pass through the outbound firewall. To an informed observer it’s obvious that the firewall engineers crafted these allow-rules so that users who closed the outbound firewall wouldn’t have to write them. But the firewall engineers left out Windows Update.
How to add outbound rule in windows firewall to allow Windows Update?
Please don’t ask me to change firewall policy. My default policy for outbound connections is «block». Many programs connect to internet without my attention and consumes bandwidth so I restricted the firewall policy to block, but Microsoft update or Windows update service not working. Please suggest safe option to enable MS Update by creating outbound rule.
Thank you for the post. I understand that you would like to allow Windows updates in firewall by creating an outbound rule.
I will definitely help you with this.
You need to add the Windows Update website addresses to the blocking program’s exceptions or «allow» list or allow Windows Update Service to connect to the Internet through port 80 and port 443.
To add the Windows Update websites to a firewall exceptions list
Windows Firewall ships with this version of Windows and should already include these sites in the exceptions list. If you use a different firewall, refer to the software publisher’s documentation to see how to add these websites to your firewall exceptions list:
- http://*.update.microsoft.com
- https://*.update.microsoft.com
- http://download.windowsupdate.com
For more information, visit the following links and check.
If anything in my post is unclear or you have any further questions, please do not hesitate to let us know. We will be glad to assist you.
8 people found this reply helpful
Was this reply helpful?
Sorry this didn’t help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
Windows Update and Windows Firewall
I am using third party internet security on my windows 10 machine, which includes a proprietary firewall.
As far as I know, it’s not recommended to run multiple security software at the same time.
The problem is that, if I turn off windows firewall, then windows update won’t work. So I have no choice but to leave it active.
I fear that this situation may lead to the rules I have set on the third party firewall being overridden.
Is this a known issue or does it have some form of logic?
Replies (3)
Thank you for posting the query on Microsoft Community. I am glad to assist you on this.
Yes, it is not recommended to use multiple security software at a time. As you have set rules on third party service provider, I would suggest you to contact the support of third party service provider for better clarification and check if it helps.
Kindly let us know if you need any further assistance with Windows. We are glad to assist you.
12 people found this reply helpful
Was this reply helpful?
Sorry this didn’t help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
I think you don’t understand the issue.
It’s a fact that Windows Update (and the app updates in Windows Store) doesn’t work if the Windows Firewall service isn’t running. If someone like LaurFlorin or me have a third-party security suite with its own firewall, then basically we are in a quite uncomfortable situation. If we leave the Windows Firewall service running, it may create conflicts as the Security and Maintenance part of Control Panel warns us. If we stop the Windows Firewall service, then the Windows Update and the Windows Store app updates don’t work. Is there a workaround for this situation? I don’t want to hassle turning on the Windows Firewall each time there’s an update.
Never mind, I have found the solution here: https://forums.comodo.com/firewall-help-cis/comodo-firewall-windows-firewall-and-windows-update-t113903.0.html
«Don’t disable the Windows firewall, you’ll also lose the ability to share files and printers if you do. Instead open the Local Security Policy (Control Panel > Administrative Tools > Local Security Policy). Expand Windows Firewall with Advanced Security, then click on the Windows Firewall with Advanced Security sub-option that appears. In the Windows on the top right click the Windows Firewall Properties text menu and then in the dialog box that opens set the Firewall State to Off for the Domain, Public and Private profiles. That will stop the Windows firewall from operating whilst still leaving the service running for all other features.»
Windows 10 Firewall how to create an Outbound Whitelist rule for Windows Update
I have been banging my head against this for 2 days and thought I would turn to the community.
I cannot get Windows update to work when I block all outbound connections and then try to create a rule to allow the windows update service on all protocols, ports and IP’s.
I have tried a couple different ways in allowing svchost with the BITS and Windows update service as well as allowing «System» outbound with Windows update service.
I found 3 different possibilities online that did not work:
This one says you only need to allow the windows update service but it does not work:
This one says he did it but doesn’t make it clear as to how:
This one also did not work by adding BITS and WUAUCLT:
Has anyone ever done this or have an idea on how to do it?
One last thing is I am using Group policy to do this and I have everything else working that I want to be talking except for this.
PS If you feel the need to ask me why I want to do this the answer is because I should be able to and I want to. Yes I know its an administrative nightmare maintaining an outbound whitelist but I don’t care. Hopefully this keeps the thread on topic.
