[FALSE-POSITIVE] sls.update.microsoft.com.akadns.net

[Wiggum127]

Started using a Windows10 PC recently. Noticed windows updates crashed due to DNS lookup errors. Monitoring the requests made by the PC on the DNS-filters revealed that sls.update.microsoft.com.akadns.net was getting refused. After whitelisting that entry, the Windows updates worked without any issue.

Would recommend to remove this false positive as it blocks the windows updates from working. Something which is crucual for people to keep their systems up to date.

[spirillen]

Would recommend to remove this false positive as it blocks the windows updates from working. Something which is crucial for people to keep their systems up to date.

You are both right and wrong... this is yet another two headed domain, previously you didn't need access to that domain for updating (at least from my network) and that make it devastating to keep the record (Sort of FP) BUT, the very same domain is used for telemetry tracking (yet another personal identifier) and therefor it is rightly stored on a blacklist.

My personal opinion to this is, only whitelist it if you need to downgrade further.

[dnmTX]

@funilrys just for reference: Same issue was opened in upstream from another user and it's been sitting there without response for 23 days. The last commit in that repo is from Dec 29, 2016 It looks to me that the lists's owner has abandon the project with no maintenance or curation for four years now. Probably it's for the best if you drop the list altogether.

[Somebodyisnobody]

The domain appears in serval lists althrough I don't think that it's used for telemetry, the Projects ust grabbed the endpoint list. I have no indication that the domain is used for telemetry purposes. As I've already upgraded to Win10.2004 I cannot check that with sslsplit. As Microsoft listed here, the domain isn't used anymore on >=Win10.1909 (search term "sls.update.microsoft.com") @Wiggum127 which OS version do you use? (Win + R -> "winver" -> Enter)

[Wiggum127]

Version 1909, build 18363.1082

[Somebodyisnobody]

Oh nevermind, I saw here that *.akadns.net is also partly used in 1909 for load balancing reasons.

[Wiggum127]

In the meantime upgraded to Windows 10 version 2004. Dropping sls.update.microsoft.com.akadns.net from the whitelist doesn't crash windowsupdate anymore.

So you could live without when running that version. Still, I would recommend to drop this from the blacklist since it breaks windowsupdate.

I did not find a resource on the Internet explaining this domain is part of telemetry funnelling.

[Somebodyisnobody]

Out of interest as I had also problems with windows updates a year ago which forced me to downgrade back to Win7: Did the update freeze the whole PC in the blue update-screen. Or in preparing the update?

[Wiggum127]

It doesn't cause a BSOD or system failure. Instead, after starting to search for windows updates, the process would crash with an message to the user saying there were issues on the network and I should try again another time. Whitelisting the domain, resolved it.

[ghost]

This issue was moved by dnmTX to Ultimate-Hosts-Blacklist/whitelist#168.