How to block Windows Update on RB2011

Hi all! I can’t block with any rules (ip firewall/ adress-list/ layer 7)
I am uses this pool adress-list for blocking MS Updates:

http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
http://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://stats.microsoft.com
https://stats.microsoft.com

Please help me with this issue. 300 units of computers on W10

On windows computers you can set the update server. Point it to a non-existent server. You can do that in Group Policy. Then the computers won’t get any updates.

For the Mikrotik, I think you’d have to resolve all those hostnames to the various IPs in which they may resolve. Then add those IPs to an address list and block that list.

Somewhere around 6.38 they added the ability to add DNS names to an address list. Put them in there and then add a firewall filter rule to drop anything to those sites. Or I create an internal address list for the computers that I don’t want to update as well.

Don’t include the http:// or https:// when creating the address-lists

How to resolve dear ?