Forum Discussion
How should Windows Defender Firewall be configured for Windows Update?
I have blocked outbound connections that do not match a rule, and then I have a problem when configure rules for Windows Update. I allow outbound connections for wuauserv and other related programs a...
To configure Windows Defender Firewall for Windows Update, you need to create outbound rules that allow these programs and services to access the network. You can do this by following these steps:
- Open Windows Defender Firewall by typing "firewall" in the search box on the taskbar and selecting it from the list of results.
- On the left pane, click on "Advanced settings".
- On the left pane, click on "Outbound rules".
- On the right pane, click on "New rule".
- In the New Outbound Rule Wizard, select "Program" as the rule type and click "Next".
- In the Program screen, browse to the location of the program or service that you want to allow, such as C:\Windows\System32\svchost.exe, and click "Next".
- In the Action screen, select "Allow the connection" and click "Next".
- In the Profile screen, select the network profiles that you want the rule to apply to, such as Domain, Private, or Public, and click "Next".
- In the Name screen, type a name and an optional description for the rule, such as "Allow svchost.exe for Windows Update", and click "Finish".
- Repeat these steps for each program or service that you want to allow for Windows Update.
- Open Windows Defender Firewall by typing "firewall" in the search box on the taskbar and selecting it from the list of results.
- On the left pane, click on "Advanced settings".
- On the left pane, click on "Outbound rules".
- On the right pane, click on "New rule".
- In the New Outbound Rule Wizard, select "Program" as the rule type and click "Next".
- In the Program screen, browse to the location of the program or service that you want to allow, such as C:\Windows\System32\svchost.exe, and click "Next".
- In the Action screen, select "Allow the connection" and click "Next".
- In the Profile screen, select the network profiles that you want the rule to apply to, such as Domain, Private, or Public, and click "Next".
- In the Name screen, type a name and an optional description for the rule, such as "Allow svchost.exe for Windows Update", and click "Finish".
- Repeat these steps for each program or service that you want to allow for Windows Update.
I don't think it‘s a good idea to allow svchost.exe without specifying a service. Many services that use svchost.exe like network discovery will be allowed to establish outbound connections.
