what is the impact if we are block windowsupdate.com ? Will our main server stop downloading the MS fixlets?
why would you want to block that?
as far as I’m aware, the bigfix team generates the fixlets for the MS patch fixlets, they aren’t gathered from anything microsoft provides.if you go to sites -> external sites, and then patches for windows, you can see that the gather URL is http://sync.bigfix.com/cgi-bin/bfgather/bessecurity
The Fixlets would get updated, showing new patches that are missing; but when the BigFix client triggers a download of the patches, they downloads would fail if any of them come from windowsupdate.com (most of the patches come from download.microsoft.com though)
@JasonWalker @Entaille Thank You for the inputs
thanks, that’s good to know, I see now in the actions they are grabbing them from download.microsoft.com - I always assumed the BigFix team downloaded the data, built out the fixlets, and we gathered them into our local stores