So there is no right or wrong policy in my SEP.
The reason why I want to do this is because my company policy requires us to encrypt all usb storage device using bitlocker in order to be able to write to it.
I have the policy to bypass this requirement, so I can write to usb without having it encrypted by bitlocker.
But once I have connected to the internet, the policy update runs and update itself with the company policy.
I just want to disable this update policy activity. I think I can block it using windows firewall if I know the protocol, port, etc.