To block Windows updates using Pfsense you need to install Squid Proxy Server (run this in transparent mode), then install SquidGuard. Please ensure that SquidGuard is installed after Squid Proxy Server.
Note that the the domains have to separated by a single space and not a new line. This could of course also be achieved using regex, but I was too lazy to write the regex for this 🙂 Please feel free to post the regex if you feel so inclined 🙂
Next, go to the Common ACL tab and click on the “+” next to Target Rules List.
Select access deny for the target category you just created and click Save
Next, go to the General settings tab and under General options click the Apply button