Block Access to Windows Update
Solution 1:
Windows Update constantly changes its IP address, so you'd have to block out a massive range of IPs to prevent it. If your firewall supports DNS blocking, block out these hosts:
http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
http://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://stats.microsoft.com
https://stats.microsoft.com
If it does not support DNS blocking, try editing your hosts file to point those hosts to 0.0.0.0. That should prevent them from getting updates.
Microsoft now keeps lists at:
- https://technet.microsoft.com/en-us/library/bb693717.aspx
- https://support.microsoft.com/en-us/help/3084568/can-t-download-updates-from-windows-update-from-behind-a-firewall-or-p