Share via

Microsoft updates and flooded our network connections

Jayr Madrigal 10 Reputation points
2025-02-10T12:35:48.83+00:00

Wanted to share the findings regarding the recent investigation into one of my site recent issue. After conducting a troubleshooting, it appears that the firewall is not the culprit behind the disruptions .Upon reviewing the logs during the time of the incident, I have noticed that some unusual behavior linked to the application running related to Microsoft updates and flooded our network connections. However, there are certain IP addresses in question that do not appear to belong to Microsoft. Notably, the IP address 217.20.50.41,184.84.170.208,199.232.210.172 are associated with [qwilt.com],Fastly, Inc, etc. Given this information, we need to validate whether this IP address is indeed linked to Microsoft services for updates. To ensure we have accurate information, I recommend to clarify whether these IP addresses are legitimate and if they are authorized for use in their update processes??

Microsoft Security | Intune | Configuration Manager | Updates
Windows for business | Windows Client for IT Pros | User experience | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Reny Thomas 0 Reputation points
    2025-03-10T23:42:37.24+00:00

    Hi Jayr,

    The Microsoft Update Services are hosted below:

    https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsus#211-configure-your-firewall-to-allow-your-first-wsus-server-to-connect-to-microsoft-domains-on-the-internet

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.