We've configured Automatic Updates (option 4 - auto download and install) on a server that has SQL Server installed. The option Install updates for other Microsoft products is disabled.
We've also set the Microsoft update service location to our internal WSUS server.
To confirm, I pulled a RSOP report, as shown below.
Now this server has a SQL Server security updates pending for installation, and during the last scheduled update run, an update installation for SQL Management Studio was started, but eventually failed. In my understanding, these are other Microsoft Products and should not be downloaded and installed by Windows Auto Update. But they were and are.
Side note, because the Microsoft Support Premiere engineer I'm working with on this case thought this was important: The two SQL updates are approved in WSUS, because we do have SQL servers where we'd like to have them offered for installation. But in my understanding, this should only offer these updates and the Update Agent should then decide based on the setting, whether or not to install updates for other Microsoft products. I do not agree with the support engineer, that the WSUS approval is responsible for the installation of that update.
Can someone exactly explain, how the update agent works in this case? Or better, why the update agent does install updates for other Microsoft products, although I did not enable that?