I'm testing this now with version 4.0119 and it appears that you would have to answer the Query with a YES to allow the update to continue.
Perhaps theres a way to create a rule to allow binaries from the /WindowsUpdates directory to run unimpeded.
But then that might introduce another vulnerability...
here is a snip from the server log file:
Warning The current application 'C:\WINDOWS\system32\wuauclt.exe' (as user NT AUTHORITY\SYSTEM) tried to execute the new application 'C:\Program Files\WindowsUpdate\wuaudnld.tmp\cabs\com_microsoft.817606_XPSP2_WinSE_43844_Critical\Q817606_WXP_SP2_x86_ENU. exe' and the user was queried. The user responded by choosing 'No (as default)'. Details Rule 296 Wizard
37 9/2/2003 10:09:30 AM D087063.sce.eix.com Warning The current application 'C:\WINDOWS\system32\wuauclt.exe' (as user NT AUTHORITY\SYSTEM) tried to execute the new application 'C:\Program Files\WindowsUpdate\wuaudnld.tmp\cabs\com_microsoft.Q823718_MSRC1589_MDAC\Q823718_MDAC_SecurityPatch.exe' and the user was queried. The user responded by choosing 'Yes'. Details Rule 296 Wizard
SO in the first example, I just watched it and it timed out with the default NO. In the 2nd case I chose YES to allow it to proceed.
Im going to see if I can use the profiler to create an analysis job for the "wuauclt.exe" process.
Ill let you know if Im able to find a way to allow these updates..
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...