My PC has Lockdown Mode enabled, auto connect set not to connect on startup and split tunneling set for a virtual machine. VPN on the host is by default disconnected to prevent any internet connectivity. Any internet access is done in the virtual machine only. The idea is to protect the data stored on the host and isolate potential threats inside the VM which exclusively has internet access on the PC.
Once a few days or weeks I connect the host to the Internet just only to download and install updates (after reviewing there were no reported issues on latest updates).
However somehow the host OS sometimes manages to check for updates despite no connection.
In the settings app, Windows Update section, it displays "Last checked: <today, few hours back>".
When I manually check for updates Windows says it is unable due to no internet connection, as intended.
How is this possible?