I know it is not safe but I need to know how to prevent all computers in my LAN to download updates.
I have squid as proxy with dansguardian and I use OpenDNS...
I have put on a blacklist on dansguardian microsoft.com but it looks like it is not enough.
In order to block it in one section of our network the following domains were redirected to a site with instructions:
These seem to have done the trick here, but it mightn't be the full list.
You may want to consider, rather than blocking all updates, managing updates with WSUS. Assuming you have a copy of Windows Server and your clients are in a domain, it's a free option that you can use to only deploy updates when and where you want them.
Blocking the windows updates is a very hard task. You can't only block a few of the servers as there are many and if 1 is blocked, the updates immediately go to a different server.
You can check some of the servers here:
https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions
Its simple go to start menu> control panel (view by small icons)>administrative tools > services. Search for Background intelligent transfer service and windows update ...stop the services and on properties disable them
