Re: Firewall settings to allow "Windows Updates"

From: Jordan (drjster_at_myrealbox.whoiam.com)
Date: 09/30/04

Next message: Jordan: "Re: Firewall settings to allow "Windows Updates""

Previous message: Duane Arnold: "Re: are these copies of svchost.exe legitimate"
In reply to: Brendan DJ Murphy: "Firewall settings to allow "Windows Updates""
Next in thread: Jordan: "Re: Firewall settings to allow "Windows Updates""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 30 Sep 2004 03:31:35 GMT

Brendan DJ Murphy wrote:
> I'm in the process of tightning up my firewall settings.
> I use Kerio Firewall 2.1.5
>
> Up until recently, I had an "Allow" rule as follows:
>
> Protocol TCP(Out)
> Local Port: Any
> Remote address: Any
> Remote Port: 80,443
> Application: c:\.....\svchost.exe
>
> This was to allow the Windows Update to work.
>
> I'd rather tie it down to specific remote IP address, but they keep
> changing.
>
> Is there a definitive list (or range) of Ip address that I should use
> instead?

You can specify an IP range to get the Windows Update web page to *list* the
recommended fixes, patches, updates, etc. but the actual downloads will most
likely be blocked.

I used to use this rule in Sygate but the WU downloads almost always got
blocked:
Rule Summary:
This rule will allow outgoing traffic to IP address(es)
207.46.0.0-207.46.255.255 on TCP remote port(s) 443,80. This rule will be
applied to all network interface cards. The following applications will be
affected in this rule: Generic Host Process for Win32 Services.

So I changed it to one similar to yours and the WU downloads now always
work:
Rule Summary:
This rule will allow outgoing traffic to all hosts on TCP remote port(s)
80,443. This rule will be applied to all network interface cards. The
following applications will be affected in this rule: Generic Host Process
for Win32 Services.

Or you could use the first rule I listed and disable it when you wanted to
use (and download from) WU.

-- 
Jordan

Next message: Jordan: "Re: Firewall settings to allow "Windows Updates""

Previous message: Duane Arnold: "Re: are these copies of svchost.exe legitimate"
In reply to: Brendan DJ Murphy: "Firewall settings to allow "Windows Updates""
Next in thread: Jordan: "Re: Firewall settings to allow "Windows Updates""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Firewall settings to allow "Windows Updates"
... > Local Port: Any ... > Remote address: Any ... I used to use this rule in Sygate but the WU downloads almost always got ... following applications will be affected in this rule: Generic Host Process ...
(comp.security.firewalls)
Logging in to local machine after working with RDC???
... and when I close the remote connection, ... downloads are timed out. ... Is there a way to invoke logging in automaticaly to the local machine after ... RDC disconnection? ...
(microsoft.public.windowsxp.work_remotely)