First, you can enable debug mode in the console to use the presentation debugger:
https://www-01.ibm.com/support/docview.wss?uid=swg21506082
In the debug menu, select “Presentation Debugger” and paste the following…
unique values of (matches (case insensitive regex “(http|https|ftp)://[^ ^/]") of matches (case insensitive regex "^(download|prefetch).$”) of scripts of it) of actions whose (exists script of it) of fixlets of bes sites whose (name of it = “Enterprise Security”)
Note that the site name “Enterprise Security” is actually “patches for windows” . You can change the site name to get lists of download URLs to compile for your white listing purposes.