How can I use Windows Firewall to only permit the Windows Update service to make an outbound connection?

networking firewall windows-7 windows-update windows-firewall

I'm trying to tailor my Windows Firewall settings (using the Windows Firewall with Advanced Security console) to only permit programs that need to access the Internet with an outbound connection to do so.

This works fine for normal applications as I can just allow the program, but services that load in the svchost.exe process are a problem. The only services I actually need to give access to are Windows Update and the Background Intelligent Transfer Service (and even that, I would only like Windows Update to be able to submit jobs to, but that's another issue.) Is there a method to only allow these to be permitted an outbound connection, and not any of the other services loaded in svchost?


Solution 1:

As stated by Joe Internet in the comments, you can specify the Service you want to use. For that, you have to define a new outbound rule, but use "Custom" instead of "Program". There, you can choose the service, in your case "Windows Update", or also "wuauserv", which should be exactly what you're looking for.

Related

Is it true that strongly-password-protected PDF can be cracked?
Connect a wireless LAN to a WAN wirelessly
How can I both pipe and display output in Windows' command line?
Choosing a Linux distribution
Take ownership of entire drive?
Desktop app for wiki like markdown/markups?
Make Excel open some hyperlinks with non-default browser
Check if PC has sufficient power for all components
How do I reverse the text in a file / stream in UNIX / Cygwin?
Can I install a Windows 8 App directly from the app store website?
I can't do a Remote Assistance session to a Windows XP box from Windows 7
How to remap "Dashboard" key to show the Desktop on OSX [Snow] Leopard?