Versions Compared

Old Version 10

changes.mady.by.user Dick Visser

Saved on

compared with

New Version 11

changes.mady.by.user Dick Visser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • s-microsoft.com as well, as this is used a lot in updates.
  • mstfncsi.com is a web site used by the Network Connectivity Status Indicator, Windows' network awareness tool (see http://blog.superuser.com/2011/05/16/windows-7-network-awareness/). 
  • Don't forget that systems might access CRLs or OCSP responders, which are hosted on thawte.com and public-trust.com.
Thus my whitelist look like this:
Code Block
^(.*\.|)(s-)?microsoftmicrosoftupdate\.com$
^(.*\.|)msftncsi\.com$
^(ocsp|crt)\.tcs\.terena\.org$
^(.*\.|)public-trust\.com$
^crl\.globalsign\.net$
^(.*\.|)windowsupdatesecunia\.com$
^(.*\.|)microsoftupdatethawte\.com$
^(.*\.|)secunia(s-)?microsoft\.com$
^(.*\.|)vmwareusertrust\.com$
^ocsp\.comodoca\.com$
^(.*\.|)msftncsiverisign\.com$
^(.*\.|)public-trustvmware\.com$
^(.*\.|)thawtewindowsupdate\.com$
^(api|dellincca|downloads|ftp|www)\.dell\.com$
^www\.adobe\.com$
^update\.exactsoftware\.com$

This list is the initial list. By monitoring the log files you can adjust the list. This is an iterative process, it takes a while to establish a list that is 'right'.

...