It does. I noticed on their site the list that they have for updates. I set a wildcard for them, as in *.microsoft.com, *.microsoftupdate.com, etc. Could that be the issue? Shoudl I put in the domains explicitly?
I would prefer not to open svchost.exe wide open to ports 80 and 443, as malware can hijack that service quite easily.I woudl rather white list the locations that it can go to.