Theo-user
commented
2 years ago I don't have issues with updates even with svchost blocked or workaround
Closed lodx-xd closed 2 years ago
Theo-user
commented
2 years ago I don't have issues with updates even with svchost blocked or workaround
lodx-xd
commented
2 years ago I don't have issues with updates even with svchost blocked or workaround
Sorry, but what did you mean by that, as far I know if you block svchost, without doing anything extra like you implied, you can't even check for updates on Windows 10, I only imagine that I'm missing some rule, because if I stop blocking svchost the update is download normally, I'm using the default blocklist and the default rules.
jisanos
commented
2 years ago Try enabling the following in the Services tab: BITS, wlidsvc, DoSvc, DsmSvc, WpnService, UsoSvc, wuauserv. Those are the main services I detected were being used during an update. Additionally, you can enable netprofm which is used for NCSI check and Dnscache for DNSquerying.
Was having similar situation on Windows 11, these were the main services used for Updates, although there might be others I could be missing.
elandorr
commented
2 years ago I have the exact same issue, the workaround does nothing. @jisanos this does nothing either unfortunately.
I know this is not simplewall's fault, but we have to find a fix, otherwise simplewall is almost useless. There is no point in an afw if people whitelist svchost altogether out of need.
jisanos
commented
2 years ago @elandorr I would recommend enabling svchost and verifying what services are accessing the internet while updating on your end until you can conclude that you can get updates by just allowing those services. Thats the assessment i took and then i created my own user profile i could enable only those services when i needed to update.
elandorr
commented
2 years ago @jisanos I tried that, that did nothing. What I do for now is turn logging on and check which IPs pop up. That's not a very accurate measure though, and it is extremely annoying, because the simplewall UI isn't made for that: copy IP, open rule again, enter it all over, clear, repeat. Then I turn that on when I update.
But that's not a real solution since it's not perfectly accurate, and not a single one of the people I install simplewall for will be bothered with this. So either they don't run any security updates, or they enable svchost...
Edit: IP based in general is icky, because why would Microsoft not just use those for spying at some point? Microsoft in general is trash. Forced to use it though.. Fresh enterprise install, telemetry set to 0, and it's connecting all over the place..
First I was not getting automatic updates because I was blocking the svchost.exe so I applied the workaround from the #677 and it "worked" as far I know, at least now I get updates notices, but when trying to update it get stuck in "downloading - 0%".
I'm probably doing something fundamentally wrong here, but so far I was not able to make updates work 100% using this workaround, needing some help here.