Advice Request Windows Firewall: What outbound rules to enable vital Windows processes/services?

[TairikuOkami]

The only problem are certificates, used by Windows and browsers, they are updated daily via svchost.
They might get outdated or not revoked, when they get vulnerable, like for drivers or webpages.
Then again, 10 is updated twice a year, so it is not such an issue, but still worth considering.

Symantec revokes faulty security certificates

The cybersecurity firm has once again been left red-faced after issuing insecure certificates.

www.zdnet.com

 

[Andy Ful]

I was taking this route, but got this warning message which I did not fully understand:

View attachment 208759

That is the longer version of what I posted. Some system processes are restricted by Microsoft, and changing that may have unexpected consequences.
Allowing svchost.exe should not be dangerous to the system. But, blocking it fully can be more dangerous.

 

[Andy Ful]

Fully allowing svchost.exe, makes checking Windows Updates functional. I tried to restrict svchost for anything, except Windows services, but this blocked Windows Updates. So, svchost in Windows Updates needs something more than services only.

 

[oldschool]

@Andy Ful - yes, that Windows curious "something more" says it all about MS. Curious and obscure!