Thanks in advance for any help offered.  I have a minor, but specific problem, I need help with.

I have a small office network of 4 computers.  They all are running Windows XP SP3.  Each is networked through a Westell DSL modem/router (wired, not wireless).  I use Verizon DSL as my ISP.  Three computers are running Norton 360 V2 and one runs McAfee (came already installed on computer).  Two computers running Norton 360 V2 are in the front office and accessed by my employees.  The other two computers are in my private back office and are not accessed by anyone but me.

Here's my problem.  For security reasons, I want to configure the two front office computers so that they are only able to access a few specific web sites and no email.  I have set this up under Program Rules in the Firewall Protection section.  It accomplishes my security goal; however, it blocks Windows Update.  If I disable the Firewall or change the Internet Program Rule to Allow all communications, it allows Windows Update to work; but I do not want to do this becauuse one allows access to any web site and the other disables the Firewall completely.  I realize that computers behind a router are somewhat "invisible" to hackers anyway, but I would like the extra protection of the software firewall.  I could leave it set up as I have it, manually disable the firewall, and manually access Windows Update; then enable the firewall again.  However, this is inconvenient:  I may forget to update Windows.

How can I accomplish this?

Here's what I have tried so far in Norton 360:

Microsoft Internet Explorer Rule -

        "Allow" "Connections to & from other computers" ("all types of communications:  all ports, local & remote")

        "Only the computers & sites listed below:"

                   Network address:   192.168.1.1       (allows access to internet through router/modem)

                   Subnet mask:         255.255.255.0

                  http://update.microsoft.com

                  http://windowsupdate.microsoft.com

                  http://*.update.microsoft.com

                  http://download.windowsupdate.com

                  https://*.update.microsoft.com

When I click on Windows Update from the Control Panel it goes to the windows update site but stops and displays the message:

      "Internet Explorer cannot display the webpage"

At this point the web address is displayed in the entry field just under the Windows title bar as follows:

                 http://update.microsoft.com/microsoftupdate/v6/default.aspx

If I include this address in the Norton Firewall permitted computers list (see above), it doesn't matter.  Same result.  This happens on both computers.

Any help would be appreciated.

D M Cook

Note that accessing Windows Update there are a number a redirects. Be sure to include all the redirects.

Thanks for the reply.  I thought of that also.  Is there any way of monitoring what the redirects are short of trying to see them as they quickly flash by?  A log file?  I tried to enter the ones I could see, but have still missed something.

Thanks,

D M Cook

More Info:  With the setup mentioned in my forst posting, Windows Update will not complete when accessed through the Windows Control Panel, but it will work when accessed through the Start Button, Help and Support Window.

D M Cook

Try to create a program rule for allowing wuauclt.exe (Windows Update AutoUpdate Client). The wuauclt.exe file is located in the folder C:\Windows\System32. It is a process managing automatic updates for Microsoft Windows which continuously checks for the latest updates and uses the Internet to do so. This program is important for the stable and secure running of your computer and should not be terminated. I think, it uses port 443 for outgoing traffic(needs confirmation).

I tried your suggestion – made a program rule for wuauclt.exe  –  same result as noted before.  I also made another program rule for wuauclt1.exe but no difference.  Thanks for the suggestion, though.