Recently we configured a new Sonicwall NSA device which allows us to monitor our Internet traffic in more detail.
One of the things I have noticed is that quite frequently our users are communicating with the Windows update website at www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
We have in place a policy to force the clients to get updates from our local WSUS server, so I am not sure why this is happening.
Fortunatly the sonicwall device is blocking access to the website, but my concern is that the client PC's are attempting to connect/download/install the updates in the background when the user is not logged on.
(It is important that we control Windows updates ourselves)