i f**ked up my windows 10 from testing when i try to login there error handle is invaild so i cant test
That search block stops it from sending data to find search results on the web, but it doesn't stop anything else. For example: with the normal firewall setting in place, searching for "blahblahblah" turns up like 8 web results With the firewall setting disabled, it doesn't report any. But this is a bad way of approaching it if we have any other options. We need to see if there's some sort of policy setting that will disable the web stuff.
Yes, we are in bad situation disabling cortana's internet from the settings not doing the job and i dont find cortana policy from the small search i did but we can apply same reg for firewall in winxp its possible, never tried it on win10 yet
I don't know man... I feel like our plan of attack should be to start with LTSB N: - Block what we can via GPO (figure out which reg keys they modify) Limit this to things that send data or connect to undesired things only - Anything we cant block via GPO, figure out the firewall settings for - If there's anything left after firewall settings that still sends info, try to hosts block it or disable services if we must Once we get everything blocked on LTSB N, scale to LTSB and figure out what's additional (apps and such) After that, scale to Enterprise. Of these last 2 options, it should make it so that the store and and onedrive still function, but only as intended, not for additional app usage info. The annoying thing is that every new app you install will send the app usage into to MS as well, so you'd pretty much have to avoid installing them or make a habit of blocking their firewall access. I am just a bit too disillusioned right now. It seems like such a big hassle. Everyone has a billion different ways they want to block things and they usually do a lot more than simply block the data. It's just too much work right now. I'm just kinda in that mood where I'm disgusted by all the private info being sent. I'm not enthusiastic about doing all this work to fix it.
-guys, there is also windows firewall, with two rules will solve everything, block svchost.exe with Diagnostics Tracking Service-DiagTrack, and searchui.exe with Cortana application |Action=Block|Active=TRUE|Dir=Out|App=C:\windows\system32\svchost.exe|Svc=DiagTrack|Name=Windows Telemetry| |Action=Block|Active=TRUE|Dir=Out|App=C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe|Name=Search and Cortana application|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742| have a nice day
Firewall is okay, but it's better to block via settings... Anyhow, someone shared this in the CODY thread: Code: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d 0 /f That will turn your search box into a normal search instead of web search. We still need to test to see if it sends data to ms after doing that tho.
- so many stories about windows privacy, keylogger ecc - block via settings..? in most cases end up with windows backup or reinstall - all you have to do is block communication, there is a windows firewall able to block application and used services - block, network connection svchost.exe - DiagTrack and searchui.exe - Cortana application - but everyone uses what it thinks is better have a nice day
Windows Firewall seems broken in Windows 10. For example, turn on outbound connections to "block", and then try to figure out how to grant just enough rules to make Windows Update work. In Windows 7, that was just a rule for svchost.exe + BITS service (port 80, 443), and in some earlier versions you also needed svchost.exe + wuauserv service (port 80, 443). In Windows 10, I have found no combination of individual service rules that allow Windows Update to work. With auditpol logging turned on, I can see the PID for the svchost.exe instance getting denied, but even if I add every service listed running under that instances PID, Windows Update still does not work. The only way to fix this is to add a generic rule for anything that runs under svchost.exe, but that is a terrible ideal, because then diagtrack and the other unwanted services have full network access. After 2-3 hours of experimentation I finally gave up.... it doesn't help that Windows 10 is extremely "chatty" compared to Windows 7... why does explorer.exe ask for internet access... why is searchui.exe always going nuts even when not searching? It seems like Windows Firewall is no longer capable of matching some individual portions of svchost.exe that are requesting network access (it does seem to work for say dnscache, and dhcp)... either it is a bug, or perhaps they have intentionally subverted their own firewall to prevent exactly what we are trying to do with it. Of course I could be wrong... If someone else figures it out I would be interested in their results.
If you have figured out how to make Windows Update work without unscoped svchost.exe rules, please feel free to share... I never had an issue with Windows 7. If you are granting svchost.exe access with an unscoped rule, then you might as well not be running outbound filtering at all, since you are just letting every service have access.
I believe that is the same as setting the policy: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search] "ConnectedSearchUseWeb"=dword:00000000 Policy (for Pro/Enterprise) is "Don't search the web or display web results in Search" in Windows Components/Search. And also the other settings in the same key: "AllowCortana"=dword:00000000 "AllowSearchToUseLocation"=dword:00000000 Windows GUI should be a bit less chatty to the net after setting these.
I guess we misunderstood each other... my setup is to only create allow rules, everything else is blocked by default. For your example to work, you would need a "global" allow rule, and then block everything you didn't want. This would in theory work, since block rules are evaluated first. The "broken" is the fact you cannot set the default policy to "block everything" and then give each individual service that needs access an allow rule... it works for some, but not for others, when in the past versions I didn't have these issues. Default allow policies are problematic for me... for example when they back-ported DiagTrack to Windows 7, it would not have been blocked by default.
I understand you very well, please stop trolling, there is discussed something other than that you have a problem creating win-update rule, make new threads win-firewall, edit and post your firewall.wfw file and then you can help, maybe ?
No need, sorry you feel this way. My comments were only directed toward the fact that Windows 10 outbound firewall rules do not seem to work as expected compared to previous version of Windows based on my own testing (proper configuration of auditpol/pfirewall.log confirms this). So if you expect to block telemetry/keylogging/etc. this way, you might not get the results you are expecting... I'm done with this topic.