Windows Spying Filter

Windows 10 collect and transmit telemetry data to Microsoft. Telemetry data might include sensitive information. So let's refuse Microsoft servers with the firewall and get peace of mind.

Use one out of the following three methods on this page. (pf, iptables, Windows Firewall)

These files are updated every day.

And

Add following hosts to your c:\Windows\System32\drivers\etc\hosts

0.0.0.0 mobile.pipe.aria.microsoft.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 a-0010.a-msedge.net
0.0.0.0 a-0011.a-msedge.net
0.0.0.0 a-0012.a-msedge.net
0.0.0.0 a-0013.a-msedge.net
0.0.0.0 a-0014.a-msedge.net
0.0.0.0 a-0015.a-msedge.net
0.0.0.0 a-0016.a-msedge.net
0.0.0.0 a-0017.a-msedge.net
0.0.0.0 a-0018.a-msedge.net
0.0.0.0 a-0019.a-msedge.net
0.0.0.0 a-0020.a-msedge.net
0.0.0.0 a-0021.a-msedge.net
0.0.0.0 ocos-office365-s2s.msedge.net
0.0.0.0 client-office365-tas.msedge.net
0.0.0.0 evoke-windowsservices-tas.msedge.net
0.0.0.0 continuum.dds.microsoft.com
0.0.0.0 cs.dds.microsoft.com
0.0.0.0 emdl.ws.microsoft.com
0.0.0.0 mediaredirect.microsoft.com
0.0.0.0 ris.api.iris.microsoft.com
0.0.0.0 sci1-1.am.microsoft.com
0.0.0.0 sci2-1.am.microsoft.com
0.0.0.0 settings-ssl.xboxlive.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 settings.data.microsoft.com
0.0.0.0 store-images.microsoft.com
0.0.0.0 store-images.s-microsoft.com
0.0.0.0 king.com
0.0.0.0 candycrushsoda.king.com
0.0.0.0 bling2.midasplayer.com
0.0.0.0 arc.msn.com
0.0.0.0 cdn.content.prod.cms.msn.com
0.0.0.0 s.gateway.messenger.live.com
#0.0.0.0 login.live.com
0.0.0.0 device.ra.live.com
0.0.0.0 bn2ap002.device.ra.live.com
0.0.0.0 cid-88cb63afc66ce711.users.storage.live.com
0.0.0.0 ssw.live.com
0.0.0.0 storage.live.com
0.0.0.0 directory.services.live.com
0.0.0.0 sn3302.storage.live.com
0.0.0.0 musicdelivery-ssl.xboxlive.com
0.0.0.0 windows.policies.live.net
0.0.0.0 skyapi.live.net
0.0.0.0 sn3302.settings.live.net
0.0.0.0 m.hotmail.com
0.0.0.0 blu402-m.hotmail.com
0.0.0.0 skype-m.hotmail.com
0.0.0.0 api.onedrive.com
0.0.0.0 files.1drv.com
0.0.0.0 3h88yg-sn3302.files.1drv.com
0.0.0.0 3h9byg-bn1305.files.1drv.com
0.0.0.0 3h9k8a-sn3302.files.1drv.com
0.0.0.0 3hp0na-sn3302.files.1drv.com
0.0.0.0 3hpona-sn3302.files.1drv.com
0.0.0.0 3hpzna-sn3302.files.1drv.com
0.0.0.0 3hqehq-sn3302.files.1drv.com
0.0.0.0 5wabhq-sn3302.files.1drv.com
0.0.0.0 5wyvsw-sn3302.files.1drv.com
0.0.0.0 5wzzna-sn3302.files.1drv.com
0.0.0.0 ezru1w-sn3302.files.1drv.com
0.0.0.0 eztgqq-sn3302.files.1drv.com
0.0.0.0 eztjba-sn3302.files.1drv.com
0.0.0.0 fakiwq-sn3302.files.1drv.com
0.0.0.0 fakzyw-sn3302.files.1drv.com
0.0.0.0 famlpw-sn3302.files.1drv.com
0.0.0.0 g1da1a-sn3302.files.1drv.com
0.0.0.0 g1doyg-sn3302.files.1drv.com
0.0.0.0 q6untq-sn3302.files.1drv.com
0.0.0.0 qdab2a-sn3302.files.1drv.com
0.0.0.0 r30ysg-sn3302.files.1drv.com
0.0.0.0 r33ubq-sn3302.files.1drv.com
0.0.0.0 svj7qa-sn3302.files.1drv.com
0.0.0.0 svjfvw-sn3302.files.1drv.com
0.0.0.0 svkxkq-sn3302.files.1drv.com
0.0.0.0 svlneg-sn3302.files.1drv.com
0.0.0.0 cdn.onenote.net
0.0.0.0 clientconfig.passport.net
0.0.0.0 ocsp.msocsp.com
0.0.0.0 ocsp.omniroot.com
0.0.0.0 api.skype.com
0.0.0.0 avatar.skype.com
0.0.0.0 api.cc.skype.com
0.0.0.0 a.config.skype.com
0.0.0.0 b.config.skype.com
0.0.0.0 config.skype.com
0.0.0.0 config.edge.skype.com
0.0.0.0 api.mcr.skype.com
0.0.0.0 prod.registrar.skype.com
0.0.0.0 etag-rr.prod.registrar.skype.com
0.0.0.0 registrar-rr.prod.registrar.skype.com
0.0.0.0 dsn1.d.skype.net
0.0.0.0 dsn2.d.skype.net
0.0.0.0 dsn3.d.skype.net
0.0.0.0 dsn4.d.skype.net
0.0.0.0 dsn5.d.skype.net
0.0.0.0 dsn6.d.skype.net
0.0.0.0 dsn7.d.skype.net
0.0.0.0 dsn8.d.skype.net
0.0.0.0 dsn9.d.skype.net
0.0.0.0 dsn10.d.skype.net
0.0.0.0 dsn11.d.skype.net
0.0.0.0 dsn12.d.skype.net
0.0.0.0 dsn13.d.skype.net
0.0.0.0 dsn14.d.skype.net
0.0.0.0 dsn15.d.skype.net
0.0.0.0 dsn16.d.skype.net
0.0.0.0 0.133.13.11.23.rst5.r.skype.net
0.0.0.0 0.204.8.11.23.rst7.r.skype.net
0.0.0.0 client.wns.windows.com
0.0.0.0 skydrive.wns.windows.com
0.0.0.0 HK2SCH130020629.wns.windows.com
0.0.0.0 HK2SCH130020732.wns.windows.com
0.0.0.0 HK2SCH130020829.wns.windows.com
0.0.0.0 HK2SCH130020832.wns.windows.com
0.0.0.0 HK2SCH130021127.wns.windows.com
0.0.0.0 HK2SCH130021535.wns.windows.com
0.0.0.0 config.scm.windowsphone.com
0.0.0.0 www.msftconnecttest.com

How to edit Hosts file.
Right click the start button. Left click the "Command prompt (administrator)".

cd drivers\etc [Enter]
notepad hosts [Enter]

Edit and save.

Usage of Windows PowerShell script

Download above links.

Windows Firewall 1
Left click on the Start button.
Select [All apps].
Find [Windows PowerShell] and open nest menu. Left click on the [Windows PowerShell].
Right click on the [Run as Administrator].

Windows Firewall 2

PS C:\Windows\system32> Get-ExecutionPolicy
Restricted

Enter "Get-ExecutionPolicy" and [Enter].
Check the result.

PS C:\Windows\system32> Set-ExecutionPolicy Unrestricted

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust.
Changing the execution policy might expose you to the security risks
described in the about_Execution_Policies help topic at
http://go.microsoft.com/fwlink/?LinkID=135170. 
Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  
[?] Help (default is "N"): y
PS C:\Windows\system32>

Enter "Set-ExecutionPolicy Unrestricted" and [Enter].
Enter "y" and [Enter].

PS C:\Windows\system32> ~\downloads\winfirewall_windows_update_us.ps1

Security warning
Run only scripts that you trust. While scripts from the internet can 
be useful, this script can potentially harm your computer. 
If you trust this script, use the Unblock-File cmdlet to allow
the script to run without this warning message. 
Do you want to run
C:\Users\foobar\downloads\winfirewall_windows_update_us.ps1?
[D] Do not run  [R] Run once  [S] Suspend  
[?] Help (default is "D"): r

Enter "~\downloads\winfirewall_windows_update_us.ps1" and [Enter].
Enter "y" or "a" and [Enter].

Name                  : {bbf4a6cc-7d38-4825-ac25-9bad3d44f033}
DisplayName           : Windows10Privacy_Inbound
Description           : https://gato.intaa.net/net/windows_privacy_filter
DisplayGroup          :
Group                 :
Enabled               : True
Profile               : Any
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 :
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

Name                  : {6515e352-8561-401e-a62d-e9d79b28760b}
DisplayName           : Windows10Privacy_Outbound
Description           : https://gato.intaa.net/net/windows_privacy_filter
DisplayGroup          :
Group                 :
Enabled               : True
Profile               : Any
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 :
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

PS C:\Windows\system32>

An outbound rule and an inbound rule are loaded.
Check results.

PS C:\Windows\system32> Set-ExecutionPolicy Restricted

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks
described in the about_Execution_Policies help topic at http://go.microsoft.com/fwlink/?LinkID=135170. 
Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  
[?] Help (default is "N"): y
PS C:\Windows\system32>

Enter "Set-ExecutionPolicy Restricted" and [Enter].
Enter "y" and [Enter].
Remember this.

Windows Firewall 3
Right click on the Start button.
Left click on the [Control Panel].

Windows Firewall 4
Left click on the [Windows Firewall].

Windows Firewall 5
Left click the "Advanced Settings" link.

Windows Firewall 6
Select [Inbound Rules] or [Outbound Rules] on the left side.
Find and select "Windows10 Privacy_Inbound" or "Windows10 Privacy_Outbound" on the center.
If you want to disable the rule, click [Disable Rule] on the right side.
If you want to delete the rule, click [Delete] on the right side.

If you use Bing, delete 204.79.797.200.

  1. Right click the "Windows10 Privacy_Outbound".
  2. Select 204.79.797.200 and click [Delete].
  3. Click [Apply] and [OK]

Read also: Windows Update Filter


1件のコメント

  1. Hi there.
    Could you please exlpain how were you able to extract all these malicious IPs?
    Please, answer to my email.

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です