Windows Update servers identify the content they deliver to a computer as a generic binary stream (such as octet stream), which is blocked by the default HTTP proxy rules. To allow Windows updates through the HTTP-proxy, you must edit your HTTP-Client proxy ruleset to add HTTP-proxy exceptions for the Windows Update servers.
If you have more than one HTTP-proxy policy, make sure that you add the HTTP exceptions to the correct policy and proxy action.
Microsoft does not limit updates to only these domains. Examine your log messages for denied traffic to a Microsoft-owned domain. Look for any traffic denied by the HTTP-proxy. The log message details should include the domain. Add any new Microsoft domain to the HTTP-proxy exceptions list, and then run Windows Update again.
About the HTTP-Proxy