Windows update passes firewall somehow.

[HelloWorld]

I used to have windows autoupdate turend on but blocked with firewall, now i reinstalled windows and loaded my previous settings to firewall, and when i start windows i getting windows update notification of avalaible updates, though when i try to download em it outpost blocks it.
Question: why it gets trough outpost at startup?
I remember seeing some option to start outpost before other programs at windows startup, but cant find it now, can it be because its disabled some programs send info to internet before outpost loaded?

Also i remember clicking Disable policy and then back to Block Most from system tray, can this disable command edit some settings that did not restore when i sellected Block Most?

[Manny Carvalho]

Windows Update is a thorny issue.

OP, if you are running in the service mode rather then the application, starts before the network drivers so that it will block any traffic. Changing the policy should make little difference as long as it was moved back. It's unlikely that the update service snuck through while you had the firewall disabled. However, the logs can tell you if that happened.

The problem is likely due to load sharing by Microsoft. The IP addresses for WU does change around a bit. If you have it blocked by IP it's possible that it used another address and some other rule allowed the traffic. You'll have to show us your logs in order to figure that out.

Still, why fight it? Just turn off WU if you don't want notifications.

[HelloWorld]

Nah i blocked not by IP, but completely blocked all activity except programs i use and enabled svchost.exe only for DHCP (in/out) and UDP out to DNS_Servers macro, and for windows autoupdate you should also enable svchost.exe TCP out to port 80 (which i had not set up at that moment).
So it should not get to windows update, and it wasnt before i reinstalled windows. I think some settings i had was imported, but some wasnt.
I dont worry much about windows autoupdate, i worry more about some programs may leak out when i boot my pc, or there is some hole in my settings.
Okay it saying Service Mode in title, this means outpost starts before network drivers, how i can change mode to application?

[Paranoid2000]

Switching Outpost to start as an application is not recommended for most users since it means Outpost will not protect your system until you login.

As Manny has stated, your logs should provide details of what was allowed and checking these carefully should reveal how (or if) Windows Update was able to detect new downloads.

Changing Outpost's background policy (Options/Policy/Advanced/Firewall Policy) from Block Most to Stop All should prevent any network connections until Outpost's GUI has started, but it may cause problems with network connectivity since it will also block DHCP initially.

[HelloWorld]

My logs was deleted, but i think it was global rule i created that enabled DNS when dirrection is OUT and protocol is UDP, i could not make internet work without this rule while using block most policy.

P.S.
Entertainment mode = normal mode from Options/General?
How i change mode from service mode to application?

[wat0114]

and for windows autoupdate you should also enable svchost.exe TCP out to port 80 (which i had not set up at that moment).

I'm not sure how, exactly, you have this rule set up, but you should restrict svchost to specific MS update server ip addresses. There are several of them so it is a bit of a painstaking process, but it is far better than simply allowing svchost to connect to any remote host on TCP port 80.