It's going to be difficult to manage using windows update. Better option may be to stand up a WSUS on network and configure client to source updates from it. This way you'll have complete control of what updates and when they're applied.
--please don't forget to close up the thread here by marking answer if the reply is helpful--