simplewall icon indicating copy to clipboard operation
simplewall copied to clipboard

Published 20 hours ago verified publisher icon henrypp

Windows Update stuck in 0%

Open lodx-xd opened this issue 3 years ago • 6 comments

First I was not getting automatic updates because I was blocking the svchost.exe so I applied the workaround from the #677 and it "worked" as far I know, at least now I get updates notices, but when trying to update it get stuck in "downloading - 0%".

I'm probably doing something fundamentally wrong here, but so far I was not able to make updates work 100% using this workaround, needing some help here.

lodx-xd avatar Dec 20 '21 04:12 lodx-xd

I don't have issues with updates even with svchost blocked or workaround

Theo-user avatar Dec 21 '21 21:12 Theo-user

I don't have issues with updates even with svchost blocked or workaround

Sorry, but what did you mean by that, as far I know if you block svchost, without doing anything extra like you implied, you can't even check for updates on Windows 10, I only imagine that I'm missing some rule, because if I stop blocking svchost the update is download normally, I'm using the default blocklist and the default rules.

lodx-xd avatar Dec 22 '21 12:12 lodx-xd

Try enabling the following in the Services tab: BITS, wlidsvc, DoSvc, DsmSvc, WpnService, UsoSvc, wuauserv. Those are the main services I detected were being used during an update. Additionally, you can enable netprofm which is used for NCSI check and Dnscache for DNSquerying. Was having similar situation on Windows 11, these were the main services used for Updates, although there might be others I could be missing.

jisanos avatar Feb 16 '22 20:02 jisanos

I have the exact same issue, the workaround does nothing. @jisanos this does nothing either unfortunately.

I know this is not simplewall's fault, but we have to find a fix, otherwise simplewall is almost useless. There is no point in an afw if people whitelist svchost altogether out of need.

elandorr avatar Feb 25 '22 07:02 elandorr

@elandorr I would recommend enabling svchost and verifying what services are accessing the internet while updating on your end until you can conclude that you can get updates by just allowing those services. Thats the assessment i took and then i created my own user profile i could enable only those services when i needed to update.

jisanos avatar Feb 25 '22 13:02 jisanos

@jisanos I tried that, that did nothing. What I do for now is turn logging on and check which IPs pop up. That's not a very accurate measure though, and it is extremely annoying, because the simplewall UI isn't made for that: copy IP, open rule again, enter it all over, clear, repeat. Then I turn that on when I update.

But that's not a real solution since it's not perfectly accurate, and not a single one of the people I install simplewall for will be bothered with this. So either they don't run any security updates, or they enable svchost...

Edit: IP based in general is icky, because why would Microsoft not just use those for spying at some point? Microsoft in general is trash. Forced to use it though.. Fresh enterprise install, telemetry set to 0, and it's connecting all over the place..

elandorr avatar Feb 26 '22 12:02 elandorr