How to block Windows Update from ProxySG
search cancel

How to block Windows Update from ProxySG


Article ID: 166310


Updated On:


ProxySG Software - SGOS Advanced Secure Gateway Software - ASG ISG Proxy


You want to block Windows Update because:


Your internal policy does not allow each single host to go direct to the internet for Windows Update

Windows Update is done through Patch Management Server, so the client host is not allowed to go direct to the internet for Windows Update.

When Windows Updates are being blocked in the ProxySG, users may receive a message that resembles one of the following:

We couldn't get online to download your updates. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet.

Windows could not search for new updates: An error occurred while checking for new updates for your computer. Try again


Install the following CPL to block currently known Microsoft Update servers at the proxy level. This CPL also blocks the user-agent for Windows Update (the known user-agent as of this writing).



; client.address=<IP_address> Condition=Windows_Update ALLOW

; enable previous rule to allow specific host to perform Windows Update


Condition=Windows_Update DENY


define condition Windows_Update ;(this is required if you have connected a Microsoft Account)




Additional Information

Microsoft may change these URLs. Please refer this article for the latest published list. You may need to add/remove domains to the above CPL accordingly.