Jump to content


AV config for windows updates

  • Please log in to reply
3 replies to this topic

#1 Raphael Rotondari

Raphael Rotondari
  • Members
  • 2 posts

Posted 31 July 2017 - 05:00 AM

Hello Community


I have an issue with Windows update archives which have too many files; it leads to an Avira block log entry 'The archive contains more files than allowed.'.

What max. file count config would you recommend here?

Or would you rather recommend to whitelist Windows updates, i.e. 'download.windowsupdate.com'?

Thanks for your advice. 



#2 Micha Knorpp

Micha Knorpp
  • Members
  • 167 posts
  • LocationGermany, BW

Posted 04 August 2017 - 05:47 AM

I usually whitelist all the MS domains that are related to updates. Better to leave checking on these files to the endpoint  / server AV IMHO.


#3 Raphael Rotondari

Raphael Rotondari
  • Members
  • 2 posts

Posted 14 September 2017 - 02:35 AM

Thanks for the input. The issue is still not resolved; what are all the MS domains? I tried several times to collect all involved, eg here: https://support.office.com/en-gb/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2

The list still doesn't seem to be complete. Does anybody have a complete list to whitelist for MS activation and updates?

Many thanks,


#4 Jens Hildenbeutel

Jens Hildenbeutel
  • Members
  • 44 posts
  • LocationKaiserslautern, Germany

Posted 14 September 2017 - 04:10 AM

As per https://technet.microsoft.com/en-us/library/bb693717.aspxthere are more domains used by Microsoft for updating:


  • http://windowsupdate.microsoft.com
  • http://*.windowsupdate.microsoft.com
  • https://*.windowsupdate.microsoft.com
  • http://*.update.microsoft.com
  • https://*.update.microsoft.com
  • http://*.windowsupdate.com
  • http://download.windowsupdate.com
  • http://download.microsoft.com
  • http://*.download.windowsupdate.com
  • http://test.stats.update.microsoft.com
  • http://ntservicepack.microsoft.com


As some of the URLs show, it is not quite up to date, but I have created DNS objects for the ones that are noticed in ATP and whitelisted them. Having Windows Updates ATPed creates error messages on my servers and clients from time to time, and I want a reliable patching.