5
5
I am running Windows 10 pro. I deleted all the telemetric services and all the scheduled tasks (except defragment). With some digging I make a list of telemetric executable files and blocked them in firewall.
Is Windows firewall sufficient to block Windows telemetry fully and forever ??
Biswapriyo
Posted 2017-05-10T15:40:58.467
Reputation: 6 640
1
Things to do before: Activate Windows OS before this tweak. Gather full path of every executable files that need to be connected. Make sure to have backup. Otherwise try in virtual machine. Below I mentioned my process with batch files command. Read also the pros and cons.
Procedure (with explanation):
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess. Another way is to delete those rules in Windows Firewall (WF.msc).for %%X in (
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules"
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules"
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedInterfaces"
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices") do (
reg delete %%X /F
)
for %%X in (
Defaults
Parameters ) do (
for %%Y in (
DomainProfile
PublicProfile
StandardProfile ) do (
reg add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y /V "EnableFirewall" /T REG_DWORD /D "1" /F
reg add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y /V "DisableNotifications" /T REG_DWORD /D "0" /F
reg add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y /V "DefaultInboundAction" /T REG_DWORD /D "1" /F
reg add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y /V "DefaultOutboundAction" /T REG_DWORD /D "1" /F
)
)
Restart PC to apply that previous registry settings. Shut down or sign out does not work.
Allow apps to outbound rules: First add allow system outbound rule. Then other apps including antivirus software.
Powershell New-NetFirewallRule -DisplayName "~System" -Name "~System" -Direction Outbound -Program "System" -Action Allow
Delete DNS cache service: This command first stops and then deletes DNS caching service. As windows firewall will block svchost.exe, delete this service. Otherwise it would not be possible to enable DNS for other apps.
sc stop "Dnscache" & sc delete "Dnscache"
Pros: This procedure does not require to edit hosts file. One has not configured all the telemetry IPs and URLs in hosts file. Block entirely telemetry apps. Try this with enabling full telemetry and Cortana allowed. Does not require to delete any other services. No telemetry network activity has shown with WireShark, GlassWire, tcpview, CurrPorts and SmartSniff (i.e. no Microsoft web address or IP is shown).
Cons: Block metro apps including Cortana, Edge, Store, Mail, Maps etc. Block any apps that want to update silently.
Biswapriyo
Posted 2017-05-10T15:40:58.467
Reputation: 6 640
Find the batch file here: https://gist.github.com/Biswa96/4341e43d7a617ea212790fae8c9a22da
– Biswapriyo – 2018-04-04T20:21:49.510From Windows 10 build 17655 you should not delete the DNSCache service. The remaining procedures are same as before. – Biswapriyo – 2018-05-20T08:32:07.120
6
The actual answer to your question is "Yes". See this widely mentioned article:
Stop Windows 10 spying on you using just Windows Firewall.
But I would like to throw some light of sanity on this question. The big hype of "Windows is spying on you" is sensational enough to make good headlines, but the truth is much less interesting.
First, telemetry data is not used for commercial purposes. Most of it is even deleted within 30 days of its transmission.
Second, Microsoft has become quite transparent about telemetry, and its latest versions have exposed most of the functions through PC Settings so they have become optional and controllable by the user.
Third, some parts of this telemetry data are even essential to the correct functioning of Windows. Without these parts, for example Windows Update may install incorrect patches with very bad results for the health of your computer. It is impossible to tell which "telemetric executable files" are essential for the correct functioning of your computer.
My best advice for you is to turn off telemetry via PC Settings. Do not give in to the hype.
As a remark: Microsoft is not the only one that is "spying" on you. For example see Disable NVIDIA Telemetry. I really think that stopping it all is Cutting off the nose to spite the face.
See also :
harrymc
Posted 2017-05-10T15:40:58.467
Reputation: 306 093
7no, Windows domains are allowed (hardcoded whitelist in DLLs) – magicandre1981 – 2017-05-10T15:43:58.553
1You shouldn't assume that the list of exceptions you have created will not be wiped, in the future, because of a chance in a future Windows 10 feature update. It has happened before where a feature that exists in 1703, required Microsoft to set the option to a new default value, because the previous default value was no longer valid – Ramhound – 2017-05-10T15:45:55.797
2It doesn't matter. Microsoft's domains are whitelisted. You would have to block the traffic on the telemetry ports, instead of blocking, specific domains. I suggest you block the domains using your networking hardware instead of doing anying within Windows. Your list also will have to be updated every single time, anyone of those applications is updated, which is several times a year because a Windows Firewall exception is file version specific. – Ramhound – 2017-05-10T15:53:33.563
2They are telling you it is due to some behind the scenes voo doo magic so leave it alone at the Windows OS level as blocking Windows OS level related objects, etc. may be superseded with funky voo doo coming to take your guns like Trump magic!! Don't do it man, don't do it, just block at a different level such as a corporate firewall as the Windows OS and blocking Windows sites, domains, etc. may not give you the expected result. I wasn't aware of the file version specific Windows FW thing as pointed out but that is even another reason it's a poor choice to maintain such access restrictions. – Pimp Juice IT – 2017-05-11T00:09:30.907
1Please [edit] your question and provide the list of objects you have determined related to Windows telemetry and what you have setup that is blocking this. As far as "Is Windows firewall sufficient to block Windows telemetry fully and forever ??"... well that depends on what you do with this system as far as Windows Updates, OS version build updates, what changes are made and how those relate to explicit blocking rules you have setup, what MS does behind the scenes to allow otherwise regardless (e.g. the whitelist), and I'm sure a few other things too so you'll get an educated guess only. – Pimp Juice IT – 2017-05-16T04:41:32.550
Can you trust software running on an unstrusted system? You cannot. Firewalling outbound connections on the same device is meaningless. – Daniel B – 2017-05-16T08:11:24.370
Deleted my proposed answer, since it seems that running the FW will block entries you enter. However, please note, that w/win7, MS added tunneling technology. Combined with https, you can't tell what connections to MS are going through a given connection (like skype, as an example). But since I don't see any evidence to prove they are doing that, I'm not going to claim they are. But I wouldn't trust them. They've indicated a willingness to deceive users before through trickery, so it would be hard to convince me they wouldn't do so again. – Astara – 2017-05-21T13:28:48.487