Hey,
in addition to the bug Daniel already commented on: you don’t necessarily have to deactivate your policy for updates, you just have to prevent it from updating to 4.3-0 or later. I’ve written an explanation how to achieve this a couple of weeks ago. That way you’ll still receive security updates for 4.2-x, but the update to 4.3-0 isn’t attempted automatically.
Kind regards,
mosu