How Do I Completely Disable Windows 10 Telemetry?

Page 4 of 5 FirstFirst ... 2345 LastLast

  1. Posts : 24,052
    Win 10 Home ♦♦♦19045.4894 (x64) [22H2]
       #31

    F22 Simpilot said:
    You have a misunderstanding on what Shields Up is doing.


    Actually... it shows this... (read the fine print)

    How Do I Completely Disable Windows 10 Telemetry?-image1.png
      My Computer


  2. Posts : 152
    Windows 10 Home
       #32

    Disabling telemetry 100% would be awesome from a personal security point of view but obviously this task is mighty impossible with how software is configured these days. To have a fully undetectable and unhackable online prescence is a dream that can't come true. Kill the telemetry I say, but no one is that bold.
      My Computer


  3. Posts : 1,493
    Windows 10
       #33

    Yeah that stealth test is incoming traffic and not outbound which would not effect things like MS telemetry because they are outbound. Its still good to know that you are pretty good incoming though.
      My Computer


  4. Posts : 282
    Windows 10 Pro
       #34

    Ghot said:
    Actually... it shows this... (read the fine print)

    How Do I Completely Disable Windows 10 Telemetry?-image1.png
    And you still don't know what it means...

    Take it from someone that knows...
      My Computer


  5. Posts : 24,052
    Win 10 Home ♦♦♦19045.4894 (x64) [22H2]
       #35

    F22 Simpilot said:
    And you still don't know what it means...

    Take it from someone that knows...


    You misunderstand what I was saying about Zonealarm and Shields Up.

    To put it simply... Zonealarm was a great inbound/outbound firewall... AND.... you can at least see that it was completely stealthed on the inbound side, with Shields Up.

    But thanks for playing.
      My Computer


  6. Posts : 7,158
    22H2 64 Bit Pro
       #36

    The only way after applying various tweaks that claim to stop telemetry is to remap the routing table.

    How Do I Completely Disable Windows 10 Telemetry?

    Here are some lines from Tron script (not recommended) that block connection to telemetry ip's. And before anyone tries to point out that ip addresses change, these ones do not.

    EDIT: Don't use the entries below. They're just lines from a script and you'd need the script to add them.

    A usable list is here:

    Stop telemetry


    Code:
    :: a-0001.a-msedge.net
    	route -p add 204.79.197.200/32 0.0.0.0
    	:: a23-218-212-69.deploy.static.akamaitechnologies.com
    	route -p add 23.218.212.69/32 0.0.0.0
    	:: a.ads1.msn.com
    	route -p add 204.160.124.125/32 0.0.0.0
    	route -p add 8.253.14.126/32 0.0.0.0
    	route -p add 8.254.25.126/32 0.0.0.0
    	:: a.ads2.msads.net
    	route -p add 93.184.215.200/32 0.0.0.0
    	:: a.ads2.msn.com
    	route -p add 198.78.194.252/32 0.0.0.0
    	route -p add 198.78.209.253/32 0.0.0.0
    	route -p add 8.254.23.254/32 0.0.0.0
    	:: ac3.msn.com
    	route -p add 131.253.14.76/32 0.0.0.0
    	:: ads1.msads.net
    	route -p add 23.201.58.73/32 0.0.0.0
    	:: ads1.msn.com
    	route -p add 204.160.124.125/32 0.0.0.0
    	route -p add 8.253.14.126/32 0.0.0.0
    	route -p add 8.254.25.126/32 0.0.0.0
    	:: adsmockarc.azurewebsites.net
    	route -p add 191.236.16.12/32 0.0.0.0
    	:: ads.msn.com
    	route -p add 157.56.91.82/32 0.0.0.0
    	:: auth.gfx.ms
    	route -p add 23.61.72.70/32 0.0.0.0
    	:: b.ads1.msn.com
    	route -p add 204.160.124.125/32 0.0.0.0
    	route -p add 8.253.14.126/32 0.0.0.0
    	route -p add 8.254.25.126/32 0.0.0.0
    	:: b.ads2.msads.net
    	route -p add 93.184.215.200/32 0.0.0.0
    	:: df.telemetry.microsoft.com
    	route -p add 65.52.100.7/32 0.0.0.0
    	:: help.bingads.microsoft.com
    	route -p add 207.46.202.114/32 0.0.0.0
    	:: oca.telemetry.microsoft.com
    	route -p add 65.55.252.63/32 0.0.0.0
    	:: oca.telemetry.microsoft.com.nsatc.net
    	route -p add 65.55.252.63/32 0.0.0.0
    	:: pre.footprintpredict.com
    	route -p add 204.79.197.200/32 0.0.0.0
    	:: reports.wes.df.telemetry.microsoft.com
    	route -p add 65.52.100.91/32 0.0.0.0
    	:: sb.scorecardresearch.com
    	route -p add 104.79.156.195/32 0.0.0.0
    	:: services.wes.df.telemetry.microsoft.com
    	route -p add 65.52.100.92/32 0.0.0.0
    	:: settings-win.data.microsoft.com
    	route -p add 65.55.44.108/32 0.0.0.0
    	:: s.gateway.messenger.live.com
    	route -p add 157.56.106.210/32 0.0.0.0
    	:: sgmetrics.cloudapp.net
    	route -p add 168.62.11.145/32 0.0.0.0
    	:: spynet2.microsoft.com
    	route -p add 23.96.212.225/32 0.0.0.0
    	:: spynetalt.microsoft.com
    	route -p add 23.96.212.225/32 0.0.0.0
    	:: sqm.df.telemetry.microsoft.com
    	route -p add 65.52.100.94/32 0.0.0.0
    	:: sqm.telemetry.microsoft.com
    	route -p add 65.55.252.93/32 0.0.0.0
    	:: sqm.telemetry.microsoft.com.nsatc.net
    	route -p add 65.55.252.93/32 0.0.0.0
    	:: statsfe1.ws.microsoft.com
    	route -p add 134.170.115.60/32 0.0.0.0
    	route -p add 207.46.114.61/32 0.0.0.0
    	:: statsfe2.update.microsoft.com.akadns.net
    	route -p add 65.52.108.153/32 0.0.0.0
    	:: statsfe2.ws.microsoft.com
    	route -p add 64.4.54.22/32 0.0.0.0
    	:: storeedgefd.dsx.mp.microsoft.com // Disabled for Tron, required for the Microsoft App Store to connect
    	:: route -p add 104.79.153.53/32 0.0.0.0
    	:: telecommand.telemetry.microsoft.com
    	route -p add 65.55.252.92/32 0.0.0.0
    	:: telecommand.telemetry.microsoft.com.nsatc.net
    	route -p add 65.55.252.92/32 0.0.0.0
    	:: telemetry.appex.bing.net
    	route -p add 168.62.187.13/32 0.0.0.0
    	:: telemetry.microsoft.com
    	route -p add 65.52.100.9/32 0.0.0.0
    	:: telemetry.urs.microsoft.com
    	route -p add 131.253.40.37/32 0.0.0.0
    	:: vortex.data.microsoft.com
    	route -p add 64.4.54.254/32 0.0.0.0
    	:: vortex-sandbox.data.microsoft.com
    	route -p add 64.4.54.32/32 0.0.0.0
    	:: vortex-win.data.microsoft.com
    	route -p add 64.4.54.254/32 0.0.0.0
    	:: watson.live.com
    	route -p add 207.46.223.94/32 0.0.0.0
    	:: watson.microsoft.com
    	route -p add 65.55.252.71/32 0.0.0.0
    	:: watson.ppe.telemetry.microsoft.com
    	route -p add 65.52.100.11/32 0.0.0.0
    	:: watson.telemetry.microsoft.com
    	route -p add 65.52.108.29/32 0.0.0.0
    	:: watson.telemetry.microsoft.com.nsatc.net
    	route -p add 65.52.108.29/32 0.0.0.0
    	:: wes.df.telemetry.microsoft.com
    	route -p add 65.52.100.93/32 0.0.0.0
    ) else (
    	:: a-0001.a-msedge.net
    	route -p add 204.79.197.200/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: a23-218-212-69.deploy.static.akamaitechnologies.com
    	route -p add 23.218.212.69/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: a.ads1.msn.com
    	route -p add 204.160.124.125/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	route -p add 8.253.14.126/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	route -p add 8.254.25.126/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: a.ads2.msads.net
    	route -p add 93.184.215.200/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: a.ads2.msn.com
    	route -p add 198.78.194.252/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	route -p add 198.78.209.253/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	route -p add 8.254.23.254/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: ac3.msn.com
    	route -p add 131.253.14.76/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: ads1.msads.net
    	route -p add 23.201.58.73/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: ads1.msn.com
    	route -p add 204.160.124.125/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	route -p add 8.253.14.126/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	route -p add 8.254.25.126/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: adsmockarc.azurewebsites.net
    	route -p add 191.236.16.12/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: ads.msn.com
    	route -p add 157.56.91.82/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: auth.gfx.ms
    	route -p add 23.61.72.70/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: b.ads1.msn.com
    	route -p add 204.160.124.125/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	route -p add 8.253.14.126/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	route -p add 8.254.25.126/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: b.ads2.msads.net
    	route -p add 93.184.215.200/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: df.telemetry.microsoft.com
    	route -p add 65.52.100.7/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: help.bingads.microsoft.com
    	route -p add 207.46.202.114/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: oca.telemetry.microsoft.com
    	route -p add 65.55.252.63/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: oca.telemetry.microsoft.com.nsatc.net
    	route -p add 65.55.252.63/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: pre.footprintpredict.com
    	route -p add 204.79.197.200/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: reports.wes.df.telemetry.microsoft.com
    	route -p add 65.52.100.91/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: sb.scorecardresearch.com
    	route -p add 104.79.156.195/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: services.wes.df.telemetry.microsoft.com
    	route -p add 65.52.100.92/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: settings-win.data.microsoft.com
    	route -p add 65.55.44.108/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: s.gateway.messenger.live.com
    	route -p add 157.56.106.210/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: sgmetrics.cloudapp.net
    	route -p add 168.62.11.145/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: spynet2.microsoft.com
    	route -p add 23.96.212.225/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: spynetalt.microsoft.com
    	route -p add 23.96.212.225/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: sqm.df.telemetry.microsoft.com
    	route -p add 65.52.100.94/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: sqm.telemetry.microsoft.com
    	route -p add 65.55.252.93/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: sqm.telemetry.microsoft.com.nsatc.net
    	route -p add 65.55.252.93/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: statsfe1.ws.microsoft.com
    	route -p add 134.170.115.60/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	route -p add 207.46.114.61/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: statsfe2.update.microsoft.com.akadns.net
    	route -p add 65.52.108.153/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: statsfe2.ws.microsoft.com
    	route -p add 64.4.54.22/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: storeedgefd.dsx.mp.microsoft.com // Disabled for Tron. Required for the Microsoft App Store to connect
    	:: route -p add 104.79.153.53/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: telecommand.telemetry.microsoft.com
    	route -p add 65.55.252.92/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: telecommand.telemetry.microsoft.com.nsatc.net
    	route -p add 65.55.252.92/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: telemetry.appex.bing.net
    	route -p add 168.62.187.13/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: telemetry.microsoft.com
    	route -p add 65.52.100.9/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: telemetry.urs.microsoft.com
    	route -p add 131.253.40.37/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: vortex.data.microsoft.com
    	route -p add 64.4.54.254/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: vortex-sandbox.data.microsoft.com
    	route -p add 64.4.54.32/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: vortex-win.data.microsoft.com
    	route -p add 64.4.54.254/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: watson.live.com
    	route -p add 207.46.223.94/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: watson.microsoft.com
    	route -p add 65.55.252.71/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: watson.ppe.telemetry.microsoft.com
    	route -p add 65.52.100.11/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: watson.telemetry.microsoft.com
    	route -p add 65.52.108.29/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: watson.telemetry.microsoft.com.nsatc.net
    	route -p add 65.52.108.29/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    	:: wes.df.telemetry.microsoft.com
    	route -p add 65.52.100.93/32 0.0.0.0 >> "%LOGPATH%\%LOGFILE%" 2>&1
    As for firewall:

    How Do I Completely Disable Windows 10 Telemetry?-freefirewall.jpg

    If I run Essential Net Tools with logging and leave it running I don't see any connections to telemetry ip's.
      My Computer


  7. Posts : 282
    Windows 10 Pro
       #37

    Ghot said:
    But thanks for playing.
    I only play with beautiful woman...
      My Computer


  8. Posts : 282
    Windows 10 Pro
       #38

    Callender said:
    Well:


    Remap routing table.

    Stop telemetry

    Anyway a lot of it can be turned off by the choices made when doing an offline install of Windows 10.

    The rest of it is a little more tricky but remap routing table works. You still need to monitor connections for a while and weed out anything that connects to MS telemetry servers.
    Where did the IPs come from? Becasue just looking at that I know it's no where near complete based on Microsoft's ASNs and their use of the Akamai CDN which are even harder to block because many websites use Akamai. So you have to block that CDN one IP or maybe CIDR at a time...

    And that's not a remap of the routing table... LOL That's just blocking IPs in a firewall. A remap involves router core functionality. But I digress.


    Edit-

    Okay, I see now. Where is that script from?
      My Computer


  9. Posts : 7,158
    22H2 64 Bit Pro
       #39

    F22 Simpilot said:
    Where is that script from?
    The one I posted is part of "Tron" script but I don't use it and never have. The ip's are only "telemetry" ip's. Not a complete list of everything MS.

    The original script was here but I don't think that it is still available. See Posts #27 * #28


    Static Routes - Create or Remove - Page 3 - | Tutorials

    That still assumes an offline install declining all privacy sensitive options along with disabling/ removing certain features and services like CEIP Spynet and so on.

    Undo tool for original script lists routes:

    DWS_Neutralizer/DWS_Neutralizer.cmd at master . NetwOrchestration/DWS_Neutralizer . GitHub

    I added some others found elsewhere but I don't remember the source.
      My Computer


  10. Posts : 282
    Windows 10 Pro
       #40

    It's interesting and a start in lieu of the Akamai CDN I talked about, but I'd add them in a hardware based firewall like OPNsense or pfSesne because code (especially in UEFI) can execute prior to boot up and thus the hosts file is null and void.

    GitHub - Jamesits/dropWPBT: Disables the Windows Platform Binary Table (WPBT) in your UEFI firmware.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:42.
Find Us




Windows 10 Forums