This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Here's how to Block Windows 10 "Spying"

I have gathered from different sources the sites that Windows 10 use to send informations collected from your computer.

You just need to go into: Web Protection -> Web Filtering -> Policies -> Default content filter action

Under Websites -> Block Theses Websites Import this list :

vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net
redir.metaservices.microsoft.com
choice.microsoft.com
choice.microsoft.com.nsatc.net
df.telemetry.microsoft.com
reports.wes.df.telemetry.microsoft.com
wes.df.telemetry.microsoft.com
services.wes.df.telemetry.microsoft.com
sqm.df.telemetry.microsoft.com
telemetry.microsoft.com
watson.ppe.telemetry.microsoft.com
telemetry.appex.bing.net
telemetry.urs.microsoft.com
telemetry.appex.bing.net:443
settings-sandbox.data.microsoft.com
vortex-sandbox.data.microsoft.com
survey.watson.microsoft.com
watson.live.com
watson.microsoft.com
statsfe2.ws.microsoft.com
corpext.msitadfs.glbdns2.microsoft.com
compatexchange.cloudapp.net
cs1.wpc.v0cdn.net
a-0001.a-msedge.net
statsfe2.update.microsoft.com.akadns.net
sls.update.microsoft.com.akadns.net
fe2.update.microsoft.com.akadns.net
diagnostics.support.microsoft.com
corp.sts.microsoft.com
statsfe1.ws.microsoft.com
pre.footprintpredict.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
feedback.windows.com
feedback.microsoft-hohm.com
feedback.search.microsoft.com
rad.msn.com
preview.msn.com
ad.doubleclick.net
ads.msn.com
ads1.msads.net
ads1.msn.com
a.ads1.msn.com
a.ads2.msn.com
adnexus.net
adnxs.com
aidps.atdmt.com
apps.skype.com
az361816.vo.msecnd.net
az512334.vo.msecnd.net
a.rad.msn.com
a.ads2.msads.net
ac3.msn.com
aka-cdn-ns.adtech.de
b.rad.msn.com
b.ads2.msads.net
b.ads1.msn.com
bs.serving-sys.com
c.msn.com
cdn.atdmt.com
cds26.ams9.msecn.net
c.atdmt.com
db3aqu.atdmt.com
ec.atdmt.com
flex.msn.com
g.msn.com
h1.msn.com
live.rads.msn.com
msntest.serving-sys.com
m.adnxs.com
m.hotmail.com
pricelist.skype.com
rad.live.com
secure.flashtalking.com
static.2mdn.net
s.gateway.messenger.live.com
secure.adnxs.com
sO.2mdn.net
ui.skype.com
www.msftncsi.com
msftncsi.com
view.atdmt.com
msnbot-65-55-108-23.search.msn.com
settings-win.data.microsoft.com
schemas.microsoft.akadns.net 
a-0001.a-msedge.net
a-0002.a-msedge.net
a-0003.a-msedge.net
a-0004.a-msedge.net
a-0005.a-msedge.net
a-0006.a-msedge.net
a-0007.a-msedge.net
a-0008.a-msedge.net
a-0009.a-msedge.net
msedge.net
a-msedge.net
lb1.www.ms.akadns.net
pre.footprintpredict.com
vortex-bn2.metron.live.com.nsatc.net
vortex-cy2.metron.live.com.nsatc.net


Cheers ! [:D]


This thread was automatically locked due to age.
  • .How can it effectively block all traffic to and from the FQDN if it's only blocking port 80? Again, I have found nothing in numerous posts as to what ports W10 is using for it's communication with the various servers. [:S]


    Define no Firewall rules (for Win10 blocked sites), and create Web Filtering Policy like mentioned in previous posts.

    TCP ports 80 and 443 will be intercepted and filtered, all other blocked.
  • If anyone is interested, this article is interesting and the tool described is pretty nice.


    Windows 10 spyware | Rock, Paper, Shotgun
  • Here is some more information. Seems the validity of the information is in question, but might be true.

    A (Terrifying) Traffic Analysis Of Windows 10

    The article mentions:
    Text "While the inital reflex may be to block all of the above servers via HOSTS, it turns out this won't work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted.

    Wouldn't this render blocking all the domains listed in this topic useless? Or does the web proxy automatically do a DNS lookup for all blocked domains to block by IP as well?
  • The proxy will not automatically do reverse DNS and when it sees an IP check to see if the domain is blocked.

    However if this is true you should be able to see the proxy sending stuff to IPs, determine them and block them.  If this is true that windows 10 has a "hardcoded list" then I would presume someone can figure them out and publish them.
  • Info:
    I had the problem with the list, that my windows machines get the yellow exclamationmark on their network icon in taskbar. This is beacause they can't reach this URL: http://www.msftncsi.com/ncsi.txt  [8-)]

    After removing the two entrys with msftncsi.com problem solved.
  • An updated list of hosts...


    a-0001.a-msedge.net
    a-0002.a-msedge.net
    a-0003.a-msedge.net
    a-0004.a-msedge.net
    a-0005.a-msedge.net
    a-0006.a-msedge.net
    a-0007.a-msedge.net
    a-0008.a-msedge.net
    a-0009.a-msedge.net
    a-msedge.net
    a.ads1.msn.com
    a.ads2.msads.net
    a.ads2.msn.com
    a.rad.msn.com
    ac3.msn.com
    ad.doubleclick.net
    adnexus.net
    adnxs.com
    ads.msn.com
    ads1.msads.net
    ads1.msn.com
    aidps.atdmt.com
    aka-cdn-ns.adtech.de
    apps.skype.com
    az361816.vo.msecnd.net
    az512334.vo.msecnd.net
    b.ads1.msn.com
    b.ads2.msads.net
    b.rad.msn.com
    bing.com
    bs.serving-sys.com
    c.atdmt.com
    c.msn.com
    cdn.atdmt.com
    cds26.ams9.msecn.net
    choice.microsoft.com
    choice.microsoft.com.nsatc.net
    compatexchange.cloudapp.net
    corp.sts.microsoft.com
    corpext.msitadfs.glbdns2.microsoft.com
    cs1.wpc.v0cdn.net
    db3aqu.atdmt.com
    df.telemetry.microsoft.com
    diagnostics.support.microsoft.com
    ec.atdmt.com
    family.api.account.microsoft.com:443
    fe2.update.microsoft.com.akadns.net
    feedback.microsoft-hohm.com
    feedback.search.microsoft.com
    feedback.windows.com
    flex.msn.com
    g.msn.com
    h1.msn.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    lb1.www.ms.akadns.net
    live.rads.msn.com
    m.adnxs.com
    m.hotmail.com
    msedge.net
    msftncsi.com
    msnbot-65-55-108-23.search.msn.com
    msntest.serving-sys.com
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    pre.footprintpredict.com
    preview.msn.com
    pricelist.skype.com
    public-family.api.account.microsoft.com
    rad.live.com
    rad.msn.com
    redir.metaservices.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    s.gateway.messenger.live.com
    sO.2mdn.net
    schemas.microsoft.akadns.net
    secure.adnxs.com
    secure.flashtalking.com
    services.wes.df.telemetry.microsoft.com
    settings-sandbox.data.microsoft.com
    settings-win.data.microsoft.com
    sgmetrics.cloudapp.net
    sls.update.microsoft.com.akadns.net
    sqm.df.telemetry.microsoft.com
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    ssw.live.com
    static.2mdn.net
    statsfe1.ws.microsoft.com
    statsfe2.update.microsoft.com.akadns.net
    statsfe2.ws.microsoft.com
    survey.watson.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    telemetry.appex.bing.net
    telemetry.appex.bing.net:443
    telemetry.microsoft.com
    telemetry.urs.microsoft.com
    ui.skype.com
    urs.microsoft.com
    view.atdmt.com
    vortex-bn2.metron.live.com.nsatc.net
    vortex-cy2.metron.live.com.nsatc.net
    vortex-sandbox.data.microsoft.com
    vortex-win.data.microsoft.com
    vortex.data.microsoft.com
    watson.live.com
    watson.microsoft.com
    watson.ppe.telemetry.microsoft.com
    watson.telemetry.microsoft.com
    watson.telemetry.microsoft.com.nsatc.net
    wes.df.telemetry.microsoft.com
    www.a-0001.a-msedge.net
    www.a-0002.a-msedge.net
    www.a-0003.a-msedge.net
    www.a-0004.a-msedge.net
    www.a-0005.a-msedge.net
    www.a-0006.a-msedge.net
    www.a-0007.a-msedge.net
    www.a-0008.a-msedge.net
    www.a-0009.a-msedge.net
    www.a-msedge.net
    www.a.ads1.msn.com
    www.a.ads2.msads.net
    www.a.ads2.msn.com
    www.a.rad.msn.com
    www.ac3.msn.com
    www.ad.doubleclick.net
    www.adnexus.net
    www.adnxs.com
    www.ads.msn.com
    www.ads1.msads.net
    www.ads1.msn.com
    www.aidps.atdmt.com
    www.aka-cdn-ns.adtech.de
    www.apps.skype.com
    www.az361816.vo.msecnd.net
    www.az512334.vo.msecnd.net
    www.b.ads1.msn.com
    www.b.ads2.msads.net
    www.b.rad.msn.com
    www.bing.com
    www.bs.serving-sys.com
    www.c.atdmt.com
    www.c.msn.com
    www.cdn.atdmt.com
    www.cds26.ams9.msecn.net
    www.choice.microsoft.com
    www.choice.microsoft.com.nsatc.net
    www.compatexchange.cloudapp.net
    www.corp.sts.microsoft.com
    www.corpext.msitadfs.glbdns2.microsoft.com
    www.cs1.wpc.v0cdn.net
    www.db3aqu.atdmt.com
    www.df.telemetry.microsoft.com
    www.diagnostics.support.microsoft.com
    www.ec.atdmt.com
    www.fe2.update.microsoft.com.akadns.net
    www.feedback.microsoft-hohm.com
    www.feedback.search.microsoft.com
    www.feedback.windows.com
    www.flex.msn.com
    www.g.msn.com
    www.h1.msn.com
    www.i1.services.social.microsoft.com
    www.i1.services.social.microsoft.com.nsatc.net
    www.lb1.www.ms.akadns.net
    www.live.rads.msn.com
    www.m.adnxs.com
    www.m.hotmail.com
    www.msedge.net
    www.msftncsi.com
    www.msnbot-65-55-108-23.search.msn.com
    www.msntest.serving-sys.com
    www.oca.telemetry.microsoft.com
    www.oca.telemetry.microsoft.com.nsatc.net
    www.pre.footprintpredict.com
    www.preview.msn.com
    www.pricelist.skype.com
    www.public-family.api.account.microsoft.com
    www.rad.live.com
    www.rad.msn.com
    www.redir.metaservices.microsoft.com
    www.reports.wes.df.telemetry.microsoft.com
    www.s.gateway.messenger.live.com
    www.sO.2mdn.net
    www.schemas.microsoft.akadns.net
    www.secure.adnxs.com
    www.secure.flashtalking.com
    www.services.wes.df.telemetry.microsoft.com
    www.settings-sandbox.data.microsoft.com
    www.settings-win.data.microsoft.com
    www.sls.update.microsoft.com.akadns.net
    www.sqm.df.telemetry.microsoft.com
    www.sqm.telemetry.microsoft.com
    www.sqm.telemetry.microsoft.com.nsatc.net
    www.static.2mdn.net
    www.statsfe1.ws.microsoft.com
    www.statsfe2.update.microsoft.com.akadns.net
    www.statsfe2.ws.microsoft.com
    www.survey.watson.microsoft.com
    www.telecommand.telemetry.microsoft.com
    www.telecommand.telemetry.microsoft.com.nsatc.net
    www.telemetry.appex.bing.net
    www.telemetry.appex.bing.net:443
    www.telemetry.microsoft.com
    www.telemetry.urs.microsoft.com
    www.ui.skype.com
    www.urs.microsoft.com
    www.view.atdmt.com
    www.vortex-bn2.metron.live.com.nsatc.net
    www.vortex-cy2.metron.live.com.nsatc.net
    www.vortex-sandbox.data.microsoft.com
    www.vortex-win.data.microsoft.com
    www.vortex.data.microsoft.com
    www.watson.live.com
    www.watson.microsoft.com
    www.watson.ppe.telemetry.microsoft.com
    www.watson.telemetry.microsoft.com
    www.watson.telemetry.microsoft.com.nsatc.net
    www.wes.df.telemetry.microsoft.com
    www.www.msftncsi.com
  • Many entrys in your list are duplicated... [:S]
  • vilic - can you expand on your solution a little more?

    Where do you create the tag?  
    (I assume you do so in Web Protection -> Filtering Options -> Websites?  Then import the list and add a tag?  Should / Should not classify with a reputation?) (Screenshot 1?)

    Where do you add the object in the Filtering Options (screenshot 2)?  I assume this was done in the default policy?  Or did you create an additional item in Web Filter Profiles -> Filter Actions -> New Filter Action -> Websites -> Control sites tagged in the Website List ?

    Was the purpose of the 3rd screenshot simply to show how to use the object in another capacity?  Bypassing URL Filter will not actually achieve the goal of blocking access to these sites correct or have I misunderstood the purpose of the exception?  Or just an example of how access to those sites could be achieved for a single network segment or group of systems?

    Thanks!
  • Many entrys in your list are duplicated... [:S]


    Sorry about this, edited now...