A while ago, a pop-up message notified me of an activity that not many have seen, or that was too new and should therefor be terminated. From what I understood, this concerned a background Windows update download. The originating server was 'windowsupdate.com' and upon checking the file string details, it seemed a legit activity. However, since there was a mentioning of that website delivering malware in the past or being hacked/abused and was no longer in use by Microsoft, I decided to be cautious and deny the activity. Today, that same message popped up and after checking the file details at the Microsoft support site, I decided to allow the activity.
My question: how would I know whether to allow or deny this kind of activity? If it is legit, why would that dialogue screen pop up in the first place? If it's not, how would I be able to verify whether this is a legitimate background process?