In the end, this list worked on a Fritz!Box, but I still do not know which other subdomains and protocols they silently let pass:
windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
*.update.microsoft.com
*.windowsupdate.com
download.windowsupdate.com
download.microsoft.com
*.download.windowsupdate.com
test.stats.update.microsoft.com
ntservicepack.microsoft.com
update.microsoft.com
*.update.microsoft.com
*.download.microsoft.com
windowsupdate.com
wustat.windows.com
login.live.com
mp.microsoft.com
*.mp.microsoft.com
http://www.update.microsoft.com
support.microsoft.com
http://www.msftconnecttest.com
Some source materials:
- First try:
- Later tries:
–jeroen