"Mike",
There were changes in the functionality of Windows Update (WU), to include
Automatic Updates (AU), when Windows XP clients moved to the
http://v5.windowsupdate.microsoft.com from the //v4 site. In this newer
model:
1. Generic Service Host (Win32 svchost) is required for Windows Update to
work.
2. Automatic Updates service (wuauserv) is also required to work, but this
is separate from the Automatic Updates engine that gives you your preference
in the Control Panel, or in the properties of My Computer. That engine
simply allows you to choose when and how you get automatic updates. The
names are identical, and I understand any confusion people have about this.
3. Background Intelligent Transfer Service (BITS) is also required to work.
If you ran nothing but Automatic Updates on your machine from June of last
year until now, then you would not even be aware that you needed updates,
since generic service has been blocked, and thus the scan of your system
would not take place. Further, since AU does not produce popups, you would
not see a failure unless you looked in the log.
As to your case:
1. Recently, when you went to the WU website, you allowed generic service to
run
2. Automatic Updates service and BITS were also required to be started to
obtain the update.
3. Automatic Updates service coordinates itself between AU downloads and WU
downloads, so that you are not offered the exact same update twice. This is
one of the features of this newer technology.
4. It is entirely possible, that in the specific timing of your WU visit,
Automatic Updates engine identified a download and started copying itself
down to your system. This may be the reason that generic service is
attempting to contact download.microsoft.com, and is likely.
5. Keep in mind that Automatic Updates engine asks you to choose when you
would like an install, or how to perform the install, NOT WHEN it obtains
the download. To avoid huge network bottlenecks, Automatic Updates
downloads updates throughout the day at staggered times. When it runs into
a networking issue, it retries and retries -- all of which WITHOUT a pop-up.
To conclude, svchost is trying to connect to (Windows Update website) for a
known reason. It is attempting to finish a download it started. I should
also mention that BITS allows a download to partially complete and, if
interrupted, go back to the download and get just the remaining portion of
the download.
To correct for your given situation, I recommend this:
1. On your firewall, create a "Trusted Sites" object related to Windows
Update that is easy to remember.
a. Try to create just one, so that you can easily manipulate this over
time.
b. There should be only 3 domains allowed in this object:
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://download.windowsupdate.com
2. Also on your firewall, create an "Exceptions" object related to Windows
Update.
a. Create just one
b. List the exact same list of domains as in step one.
c. Make sure that your Exception object also excepts the following
services:
1. Win32 Generic Service (svchost.exe)
2. WinHTTP (this is usually allowed by default)
3. Wininet (this also is usually allowed by default)
3. On the clients behind the firewall:
a. Click Start
b. Click Run
c. Type: services.msc
d. Press the <Enter> key, or click OK.
e. Double-click on Automatic Updates service
i. Set the Startup Type to: Automatic
ii. If it is not running, click the Start button
iii. Verify this service is running, and close the properties window
of this service.
f. Double-click on Background Intelligent Transfer Service
i. Set the Startup Type to: Manual (could be Automatic or Manual,
but Manual is recommended)
ii. Other than the previous step, follow the instructions for
Automatic Updates service.
g. Verify that the Event Log service is "Started" just by scrolling
through the Services window list
h. Close the Services window.
i. Right-click on My Computer
j. Click Properties
k. Click on the "Automatic Updates" tab
l. Depending on your preference, choose one of the last three choices.
Here are the advantages of each:
i. "Download updates for me, but let me choose when to install them."
<- This is a good choice if your computer is connected to the Internet
24/7/365, and you do not mind a reminder balloon after they are downloaded.
This is an ineffective choice if you are on dialup, or purposely cut off
Internet access to your computer for most of the day and night.
ii. "Notify me but don't automatically download or install them." <-
This is a good choice if you want to control the download time, as well as
the timing of the installation. Particularly good as it allows the scan of
your system and the identification of updates you need, without the
bandwidth used to actually download the items. This is an ineffective
choice if you are busy, and are not able to revisit the security issues of
your PC from day to day, as it will not download and install.
iii. "Turn off Automatic Updates" <- This is a good choice if you do
not want any balloon reminder that there are updates, and you are supremely
confident that you will be able to visit Windows Update on a regular basis
to scan and then download the latest updates.
I chose not to include the first choice: "Automatic," as it is a great
choice if you want to choose a time for install and reboot that will not
interfere with other activities of your computer--but not a very good choice
if you do not relish the idea of your computer installing updates,
rebooting, installing more updates, rebooting, and onward.
Please let me know if this helped you, and let us know what you decided to
do.
Sincerely,
Pat Walters [MSFT]
"Mike" <> wrote in message
news: om...
> I'm having a problem on my Win XP with what I think is Windows Update.
>
> First I want to say that I've scanned my computer with my antivirus
> software and used two online virus scanners and my computer is clean.
> I've also scanned it with spyware/adware programs such as Ad-Aware and
> a few online spyware scanners and my computer is clean. I have a
> firewall properly installed/configured and have had no security
> problems at all recently.
>
> The problem started around Feb. 10 when I discovered that svchost.exe
> tries to make outgoing connections to download.microsoft.com every 10
> minutes on TCP port 80. I've had svchost blocked by firewall for the
> past three years and I've never had any problems doing that until Feb.
> 10. I have Automatic Windows Updates set to disabled/manual as I like
> to install the updates myself so I know exactly what's going on. In
> those cases I allow svchost to connect to Microsoft.
>
> I can't figure out why svchost is trying to connect to Microsoft all
> of a sudden for no apparent reason. I'm sure it's no big deal but I'd
> still like to know what's going on. Does anyone have any ideas? I
> figure that it has to do with the Windows Updates.
Similar Threads
Linear Mode
