Getting "Windows Defender" updates while blocking *.microsoft.com

[99bobster99]

Using the latest DNSCrypt-proxy (v2.1.5), I have the following entry within the "blocked-names.txt" file, "*.microsoft.com".

Within the "allowed-names.txt" file I have the entry "go.microsoft.com".

Whenever Windows Defender automatically updates it's definition file, it sends a request to "go.microsoft.com". This request responds with a "302" status, showing the redirected URL as "www.microsoft.com/security/encyclopedia/... + system information details", as well as an additional redirection, including Defender package details.

I've looked at the cloaking and captive portal solutions, unfortunately, I'm not able to get either solution to work since they require redirection to IP addresses. In this case, the entire URL string needs to be sent.

Does anyone have any pointers to suggest?

[jedisct1]

Maybe add www.microsoft.com to the allow list?

[99bobster99]

That could work, it would need to be on-the-fly though, only as a result of a "302" after requesting domain "go.microsoft.com". I don't think we have that capability within DNSCrypt -proxy. I'd like to keep "www.microsoft.com" blocked for all other times, and only allow it if it's as a result of a redirection (302).

I currently don't think it's possible, maybe a guru can prove me wrong.