Windows Updates can cause a bottleneck on some ICAP services when patches are deployed. Administrators wishing to bypass these patches can do so using the method described below.
Although there is risk involved with bypassing URLs from ICAP scanning, they need to be weighed against the benefits. Patches released during the same time period may not take full advantage of caching before being pushed to clients. This can cause a bottleneck on the ICAP service. Most update packages also decompress into much larger packages, increasing the time it takes to scan them. Microsoft never recommends bypassing any files, however Windows Update can be considered a trusted source as all patches go through strict quality control before being published. More details from Microsoft can be found here: http://support.microsoft.com/kb/822158.
Microsoft Update/Windows Update Overview
Microsoft Update/Windows Update is a standardized method of updating both Microsoft Windows and all other Microsoft products detected on a computer. On any Microsoft-based system, it can be accessed via Internet Explorer using
Windows Update favors HTTP to download normal updates. These are typically served by
http://download.windowsupdate.com. Windows XP uses a Microsoft-based download application known as
Background Intelligent Transfer which has a user-agent of "Microsoft BITS/x.x" (the version number may vary).
Windows Update will also rely on
http://crl.microsoft.comto verify the locally installed certificates placed by Microsoft to ensure they are still valid.
Bypassing these Updates
These URLs can be bypassed using the following local policy. (See 000010101 for details on how to install local policy.)