Block Windows Update for all computers except specific IP

How do I block all the computer from windows update in Sophos xg?

  • In reply to lferrara:

    Can I know what is the purpose of web exceptions and how to use it ? because it has the category windows update but idk how to use it

  • Hi,

    If you want to block Windows Update you can do that with Application Control policy. You simply need to create Application Control policy with Windows Update selected with action Deny. Now you can select this new policy in firewall rule. If you want to allow Windows Updates on specific devices, you need firewall rule above based on source IP addresses of the devices that want to allow Windows Update. 

    Thanks,