- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-21-2023 01:10 PM
URL categories will never work for limiting ICMP requests. That simply isn't how ICMP functions and there would be no way for your firewall to know that you're attempting to send ICMP requests to "microsoft.com" because your machine will just send the request to the resolved IP address. The only way to accomplish that specific task would be FQDN objects and hoping that the firewall and the client actually keep the resolved address in check.
That addressed, the following list will function for getting Microsoft updates as a custom URL category. It may not be complete, likely isn't complete, and can change at any time.
<entry name="Microsoft Updates">
<list>
<member>windowsupdate.microsoft.com/</member>
<member>*.windowsupdate.microsoft.com/</member>
<member>update.microsoft.com/</member>
<member>*.update.microsoft.com/</member>
<member>*.windowsupdate.com/</member>
<member>*.download.windowsupdate.com/</member>
<member>download.microsoft.com/</member>
<member>*.download.microsoft.com/</member>
<member>wustat.windows.com/</member>
<member>ntservicepack.microsoft.com/</member>
<member>stats.microsoft.com/</member>
<member>amupdatedl.microsoft.com/</member>
<member>*.events.data.microsoft.com/</member>
<member>*.data.microsoft.com/</member>
<member>smartscreen-prod.microsoft.com/</member>
</list>
<description>Used to account for Microsoft Update Traffic</description>
<type>URL List</type>
</entry>
You can then setup a policy that uses that category and allows app-ids [ ms-update ssl ocsp web-browsing ] with the category applied. This would allow updates to function, but it should prevent normal browsing access.