![]() If you want to investigate on your own you could try enabling Windows firewall logs: ![]() With reg tweaks this can be done without needing a domain and can serve multiple PC's.Ĭlick to expand.As mentioned previously, this is not a solution I use so may be more helpful here. It's no quick fix but would mean svchost would never need to connect to the internet for updates at all, only the LAN. If you want to go completely overkill and can get hold of Windows Server you could roll your own WSUS server either as a physical machine or a virtual one (requires a lot of HD space). If you go the MS public IP's route, you may find powershell helps to bulk create/remove rules: If you're serious about restricting svchost outbound access then you need to be willing to put in a little research/work along the way as you're working against the OS unfortunately. ![]() They created a wrapper service which allows many libraries and third party applications to send/receive via the same exe but provided little way to differentiate between this traffic. Click to expand.BITS is used for more than just windows updates, so blindly allowing all BITS traffic to all destinations without knowing the content of a BITS job won't help with security.Īs you're probably aware, issues around controlling svchost outbound access are as a result of Microsoft's design.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |