Share via

Windows update using insecure and random IPs

Adrian Palmer 45 Reputation points
2025-12-18T09:39:58.8833333+00:00

Hi,

We are using windows 11 pro in our business, we have an issue were windows update is tripping our antivirus as it keeps reaching out to random IPs using http for what looks to be cached update files.

We have turned off delivery optimization but the issue persists - we would whitelist these IPs however they appear to be caching servers that do not belong to MS so we would prefer to not do that.

Has anyone come across this issue?

example url is below - slashes have been replaced with hashs:

http:##173.46.83.206#phf#d#dod#ph#prod5#msdownload#update#driver#drvs#2025#12#1024#423e5227-321b-467e-8a71-280adde8e2da_c2794803b1091591a9783775f97ffb1a63c3aec4.cab.json?cacheHostOrigin=download.windowsupdate.com

Windows for home | Windows 11 | Windows update
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2025-12-18T09:40:09.7933333+00:00

    It sounds like you're experiencing issues with Windows Update reaching out to unexpected IP addresses, which can indeed trigger antivirus alerts. Here are a few points to consider:

    1. Delivery Optimization: Even though you've turned off Delivery Optimization, Windows Update may still attempt to reach out to various servers for updates. Delivery Optimization is designed to reduce bandwidth by allowing devices to download updates from each other or from Microsoft servers, but if it's disabled, it should primarily use Microsoft’s official update servers.
    2. Caching Servers: The IPs you're observing might belong to third-party caching servers that are not officially associated with Microsoft. This can happen if your network is configured to use a proxy or if there are other network configurations in place that redirect traffic.
    3. Firewall and Proxy Settings: Ensure that your firewall or any proxy settings are not misconfigured. Sometimes, these can lead to unexpected behavior in how updates are fetched.
    4. Network Throttling Policies: If you're looking to manage bandwidth and update behavior further, consider applying network throttling policies available for Delivery Optimization. This might help in controlling how updates are downloaded and could potentially reduce the number of requests to external IPs.
    5. Windows Update Security: Windows Update uses secure connections to ensure the authenticity of the updates. If you're seeing HTTP requests, it may be worth investigating if there are any misconfigurations in your network that could be affecting how Windows Update operates.

    If the problem persists, you might want to monitor the specific IP addresses and check if they are indeed associated with any known caching services or if they are legitimate Microsoft services. You can also consult Microsoft's documentation or support for more tailored assistance regarding your specific network setup.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.