How to Block Windows Update on MikroTik

In this post, i will explain about how to block Windows Update on MikroTik. So, you won’t get any automatic update, or you don’t need to edit Group Policy (especially for Home edition). This tutorial also block all Windows Update connection. So, even you do a manual update, it won’t work.

Before, i was post about How to Block Windows Update using Group Policy. But, for this post, i will explain for blocking on network-side

Copy this script to terminal :

/ip firewall raw
add action=drop chain=prerouting protocol=tcp tls-host=*windowsupdate.com* comment=”Block Windows Update”
add action=drop chain=prerouting protocol=tcp tls-host=*update.microsoft.com*
add action=drop chain=prerouting protocol=tcp tls-host=*windowsupdate.microsoft.com*
add action=drop chain=prerouting protocol=tcp tls-host=*ntservicepack.microsoft.com*

How it works?

If you click “Check for Update” or Windows do an auto update, the blocking rule will work. And the update will be failed, because it looks like “no connection”

That’s it. Hope it will work for you. So, you don’t need to setup every PC for disabling auto update