Blocking Windows Updates

To block Windows 10 Updates, block lookup of the following domains:

  • *.windowsupdate.microsoft.com
  • *.update.microsoft.com
  • *.windowsupdate.com
  • *.wustat.windows.com
  • *.ntservicepack.microsoft.com
  • *.stats.microsoft.com
  • *.mp.microsoft.com
  • *.data.microsoft.com
  • *.events.data.microsoft.com

This list differs from the lists I’ve been able to find published by Microsoft; notably stats.microsoft.com, mp.microsoft.com, and data.microsoft.com. I developed the list above by watching DNS queries while checking for updates and blocking domain names until the check for updates failed.

Since I’m using Dnsmasq, I’ve added a config file in /etc/dnsmasq.d/ so I can easily disable the blocking when I am ready to install updates:

address=/windowsupdate.microsoft.com/#
address=/update.microsoft.com/#
address=/windowsupdate.com/#
address=/wustat.windows.com/#
address=/ntservicepack.microsoft.com/#
address=/stats.microsoft.com/#
address=/mp.microsoft.com/#
address=/data.microsoft.com/#
address=/events.data.microsoft.com/#