I guess we dont appreciate freedom so much We cant never know what is peaceful planet till we have it and lose it i blame our short life
it connects most likely from onedrive too on port 443 but you can see clearly with tcpview there are connections from explorer to msnboot and several other servers on port 443 for explorer.exe ...
And if Microsot wanted to, they could obfuscate traffic so nothing shows up at all with tcpview. That's the problem with closed source systems. You don't know what its doing; you are at the whim of the developers. And in Microsoft's case, they have proven time again to be an untrustworthy company.
earning trust means giving users control and showing facts about the code compared to locking down the system and deciding for the clients.
Backdoor connection may not even be TCP but written in different hidden layer protocol. And OS may not act until received a trigger send out to global. The effect we have yet to see.
So a keylogger spying thing, forced updates and that's the best windows to date? Sorry MS, but for me the best is Windows 7. Only thing is, I am again forced to update because of DX12, way to go. Force is not the way to gain loyalty.
It's called incentive, not force. I agree that telemetry and forced updates suck, that's why I disable them with scripts: Disable-telemetry.cmd: Code: @echo off title Disable/Enable Windows Telemetry color 1f :Begin UAC check and Auto-Elevate Permissions :------------------------------------- REM --> Check for permissions >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" REM --> If error flag set, we do not have admin. if '%errorlevel%' NEQ '0' ( echo: echo Requesting Administrative Privileges... echo Press YES in UAC Prompt to Continue echo: goto UACPrompt ) else ( goto gotAdmin ) :UACPrompt echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs" "%temp%\getadmin.vbs" exit /B :gotAdmin if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" ) pushd "%CD%" CD /D "%~dp0" :-------------------------------------- :Check the key: (reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry"|find /i "0x0")>NUL 2>NUL if %errorlevel% NEQ 0 GOTO :KEYOFF :KEYON echo ============================================================ echo Windows Telemetry currently disabled. echo Would you like to re-enable it? (Y/N) echo ============================================================ echo. choice /c yn /n If %ERRORLEVEL% NEQ 1 GOTO :QUIT Echo Deleting Telemetry Registry key REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /F>NUL 2>NUL IF %ERRORLEVEL% NEQ 0 GOTO :ERROR Echo. Echo Windows Telemetry enabled Echo. goto :QUIT :KEYOFF echo ============================================================ echo Windows Telemetry is currently enabled. echo Would you like to disable it? (Y/N) echo ============================================================ echo. choice /c yn /n If %ERRORLEVEL% NEQ 1 GOTO :QUIT Echo Changing Registry key reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry">NUL 2>NUL if %errorlevel% equ 1 REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /F>NUL 2>NUL REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /D 0 /T REG_DWORD /F>NUL 2>NUL IF %ERRORLEVEL% NEQ 0 GOTO :ERROR Echo. Echo Windows Telemetry disabled Echo. goto :QUIT :QUIT echo ============================================================ echo Press any key to exit... echo ============================================================ pause>NUL goto :EOF :ERROR echo ============================================================ echo The script ran into an unexpected error setting reg key. echo Press any key to exit... echo ============================================================ pause>NUL goto :EOF Disable-AutoUpdates.cmd: Code: @echo off title Disable/Enable Windows 10 Automatic Updates color 1f :Begin UAC check and Auto-Elevate Permissions :------------------------------------- REM --> Check for permissions >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" REM --> If error flag set, we do not have admin. if '%errorlevel%' NEQ '0' ( echo: echo Requesting Administrative Privileges... echo Press YES in UAC Prompt to Continue echo: goto UACPrompt ) else ( goto gotAdmin ) :UACPrompt echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs" "%temp%\getadmin.vbs" exit /B :gotAdmin if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" ) pushd "%CD%" CD /D "%~dp0" :-------------------------------------- :Check Windows Version wmic os get version | find /i "10.">nul 2>nul if %errorlevel% neq 0 GOTO :Not10 :Check the key: (reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate"|find /i "0x1")>NUL 2>NUL if %errorlevel% neq 0 GOTO :KEYOFF :KEYON echo ============================================================ echo Automatic Updates are currently disabled. echo Would you like to re-enable them? (Y/N) echo ============================================================ echo. choice /c yn /n If %ERRORLEVEL% NEQ 1 GOTO :QUIT echo Attempting to shut down the Windows Update service if it's running net stop wuauserv>NUL 2>NUL echo. Echo Changing Registry key REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /D 0 /T REG_DWORD /F>NUL 2>NUL IF %ERRORLEVEL% NEQ 0 GOTO :ERROR Echo. Echo Automatic Updates have been enabled Echo. goto :QUIT :KEYOFF echo ============================================================ echo Automatic Updates are currently enabled. echo Would you like to disable them? (Y/N) echo ============================================================ echo. choice /c yn /n If %ERRORLEVEL% NEQ 1 GOTO :QUIT echo Attempting to shut down the Windows Update service if it's running net stop wuauserv>NUL 2>NUL echo. Echo Changing Registry key REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /D 1 /T REG_DWORD /F>NUL 2>NUL IF %ERRORLEVEL% NEQ 0 GOTO :ERROR Echo. Echo Automatic Updates have been disabled Echo. goto :QUIT :QUIT echo ============================================================ echo Press any key to exit... echo ============================================================ pause>NUL goto :EOF :ERROR echo ============================================================ echo The script ran into an unexpected error setting reg key. echo Press any key to exit... echo ============================================================ pause>NUL goto :EOF :Not10 echo ============================================================ echo This script is only designed for Windows 10... echo Press any key to exit... echo ============================================================ pause>NUL goto :EOF If you were unable to stop these things, I'd agree with you. But, you can; so I don't.
Sorry for asking this but... is this really disabling that keylogger? This is really worriying! I see that it still communicates through port 443 or something according to older posts... This really means a no no for upgrading to W10 for me if this still gets my keystrokes... Thanks for the scripts and info
If you use Cortana it will collect all kinds of info. Cortana will send back voice etc to improve it. Don't use it if you are scared of that. If you use One Drive they will probably scan it. You can't use apps that require personal information to work properly without them collecting data. If you are using them on Win 7 or Win 8 they are already collecting it. Better to just disconnect the Internet if you are super paranoid.
you should disable the service too, because with that, you stop the service but on the next reboot... sc config wuauserv start= disabled
@murphy78 I checked Enterprise LTSB with the reg i guess u was right even its not said None its set to none edit [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] "SubmitSamplesConsent"=dword:00000002 Spynet
It's just an override toggle, like the one to disable defender: Code: @echo off title Disable/Enable Windows Defender color 1f :Begin UAC check and Auto-Elevate Permissions :------------------------------------- REM --> Check for permissions >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" REM --> If error flag set, we do not have admin. if '%errorlevel%' NEQ '0' ( echo: echo Requesting Administrative Privileges... echo Press YES in UAC Prompt to Continue echo: goto UACPrompt ) else ( goto gotAdmin ) :UACPrompt echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs" "%temp%\getadmin.vbs" exit /B :gotAdmin if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" ) pushd "%CD%" CD /D "%~dp0" :-------------------------------------- :Check the key: (reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware"|find /i "0x1")>NUL 2>NUL if %errorlevel% neq 0 GOTO :KEYOFF :KEYON echo ============================================================ echo Windows Defender currently disabled. echo Would you like to re-enable it? (Y/N) echo ============================================================ echo. choice /c yn /n If %ERRORLEVEL% NEQ 1 GOTO :QUIT Echo Changing Registry key REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /D 0 /T REG_DWORD /F>NUL 2>NUL IF %ERRORLEVEL% NEQ 0 GOTO :ERROR Echo. Echo Windows Defender enabled Echo. goto :QUIT :KEYOFF echo ============================================================ echo Windows Defender is currently enabled. echo Would you like to disable it? (Y/N) echo ============================================================ echo. choice /c yn /n If %ERRORLEVEL% NEQ 1 GOTO :QUIT Echo Changing Registry key REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /D 1 /T REG_DWORD /F>NUL 2>NUL IF %ERRORLEVEL% NEQ 0 GOTO :ERROR Echo. Echo Windows Defender disabled Echo. goto :QUIT :QUIT echo ============================================================ echo Press any key to exit... echo ============================================================ pause>NUL goto :EOF :ERROR echo ============================================================ echo The script ran into an unexpected error setting reg key. echo Press any key to exit... echo ============================================================ pause>NUL goto :EOF The appropriate service checks to see if the key exists and is set to a certain value. If yes, service goes dormant. If no, then service proceeds.
wondering, have you actually tested, monitored traffic, to see if this truly does stop it? if this really works, no need for a host file modification? everywhere i read no one talks about this. they all say disable this service and add the host file.
I use this method del HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~x86~~10.0.10240.16384\Owners and with dism remoove package Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~x86~~10.0.10240.16384 also this HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Client-Package~31bf3856ad364e35~x86~~10.0.10240.16384\Owners it will remove it completly