This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block or pass packets...

I am trying very hard to disable all options that send telemetry data to Microsoft, since on all my servers the outgoing ports are closed, I ask you is it heavier as a firewall workload, block a packet or pass it ?



This thread was automatically locked due to age.
  • Ciao papali,

    When a packet is dropped, the firewall stops working with it.  When the packet is passed, the firewall continues working to send it on.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I have mine set up as a filter in Web Protection, and it blocks all the telemetry data, and I run my own WSUS server.

    Here are the domains I have blocked.  You can import this into your own filter

    vortex.data.microsoft.com
    vortex-win.data.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    watson.telemetry.microsoft.com
    watson.telemetry.microsoft.com.nsatc.net
    redir.metaservices.microsoft.com
    choice.microsoft.com
    choice.microsoft.com.nsatc.net
    df.telemetry.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    wes.df.telemetry.microsoft.com
    services.wes.df.telemetry.microsoft.com
    sqm.df.telemetry.microsoft.com
    telemetry.microsoft.com
    watson.ppe.telemetry.microsoft.com
    telemetry.appex.bing.net
    telemetry.urs.microsoft.com
    telemetry.appex.bing.net:443
    settings-sandbox.data.microsoft.com
    vortex-sandbox.data.microsoft.com
    survey.watson.microsoft.com
    watson.live.com
    watson.microsoft.com
    statsfe2.ws.microsoft.com
    corpext.msitadfs.glbdns2.microsoft.com
    compatexchange.cloudapp.net
    cs1.wpc.v0cdn.net
    a-0001.a-msedge.net
    statsfe2.update.microsoft.com.akadns.net
    sls.update.microsoft.com.akadns.net
    fe2.update.microsoft.com.akadns.net
    diagnostics.support.microsoft.com
    corp.sts.microsoft.com
    statsfe1.ws.microsoft.com
    pre.footprintpredict.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    feedback.windows.com
    feedback.microsoft-hohm.com
    feedback.search.microsoft.com
    rad.msn.com
    preview.msn.com
    ad.doubleclick.net
    ads.msn.com
    ads1.msads.net
    ads1.msn.com
    a.ads1.msn.com
    a.ads2.msn.com
    adnexus.net
    adnxs.com
    aidps.atdmt.com
    apps.skype.com
    az361816.vo.msecnd.net
    az512334.vo.msecnd.net
    a.rad.msn.com
    a.ads2.msads.net
    ac3.msn.com
    aka-cdn-ns.adtech.de
    b.rad.msn.com
    b.ads2.msads.net
    b.ads1.msn.com
    bs.serving-sys.com
    c.msn.com
    cdn.atdmt.com
    cds26.ams9.msecn.net
    c.atdmt.com
    db3aqu.atdmt.com
    ec.atdmt.com
    flex.msn.com
    g.msn.com
    h1.msn.com
    live.rads.msn.com
    msntest.serving-sys.com
    m.adnxs.com
    m.hotmail.com
    pricelist.skype.com
    rad.live.com
    secure.flashtalking.com
    static.2mdn.net
    s.gateway.messenger.live.com
    secure.adnxs.com
    so.2mdn.net
    ui.skype.com
    www.msftncsi.com
    msftncsi.com
    view.atdmt.com
    msnbot-65-55-108-23.search.msn.com
    schemas.microsoft.akadns.net
    a-0002.a-msedge.net
    a-0003.a-msedge.net
    a-0004.a-msedge.net
    a-0005.a-msedge.net
    a-0006.a-msedge.net
    a-0007.a-msedge.net
    a-0008.a-msedge.net
    a-0009.a-msedge.net
    msedge.net
    a-msedge.net
    lb1.www.ms.akadns.net
    vortex-bn2.metron.live.com.nsatc.net
    vortex-cy2.metron.live.com.nsatc.net
    ssw.live.com

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hi Amodin, great!!

    I will use them for sure!

    I also use my own WSUS server, but I also have several others servers in many others DMZ and not registered with WSUS that I update directly from Microsoft.

  • You can still update your machines via MS online with the filter I have applied.  It won't interfere with updates, just the telemetry.  Slight smile

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)