After excessive testing with snapshots and try and error approach I can state the following:
- In proxy/filter configuration, I have the following extensions for blocking configured: js, jar, bat, msi, cpl, scr, com, pif, vbs, ps1, wsf, doc, ppt, xls, docm, docx, xlsm, xlsx, pptm, pptx, zip, gz, rar, 7z
I had to remove ,exe as this blocked updates.
Then I found out that activating antivirus checking, blocked an update, namely 2020-05 cumulative update for windows 10 version 1909 for x64based systems (KB4556799). In antivirus log I found the following entry, which probably is a false positive? clamd: instream (local): MiscreantPunch.INFO.LINK.PSHELL.UNOFFICIAL FOUND.
Checking revealed that this happens no matter what setting I have set in clamav (official, low, medium, high).
Additionally I found out that security essiantial signature updates are blocked, if the following two categories in filters are set: cleaning and liste_bu.
All other categories can remain active.