[Guide]Way to Disable Keylogger/ Telemetry v3.55

Please use [code=rich][/code] tags to avoid broken strings in code (the '#' symbol in editor):

Code:

Windows Registry Editor Version 5.00

;Delete Diagtrack and Cortana Remnants
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60E6D465-398E-4850-BE86-7EF7620A2377}"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\windows\system32\svchost.exe|Svc=DiagTrack|Name=Windows Telemetry|"
"{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe|Name=Search and Cortana application|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|" 

Code:

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{60E6D465-398E-4850-BE86-7EF7620A2377}" /t REG_SZ /d "v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\windows\system32\svchost.exe|Svc=DiagTrack|Name=Windows Telemetry|" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}" /t REG_SZ /d "v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe|Name=Search and Cortana application|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|" /f

 

Thank you

 

.

 

Yah, for beta it was fine. It was part of the deal. We help them improve the OS and we get to try out the free OS.
For an OS that they are selling for $120/$200 retail, this is unacceptable.
Even the movie app has firewall access. WTF DOES A MOVIE VIEWER NEED WITH FIREWALL ACCESS, MS???

 

Could Tinywall be of any help in manipulating these outgoing settings? I use it in W7, and it seems quite strict about what is allowed

 

These 2 are good aswell. Since there is no setting button to disable error reporting like in windows 8.1
edited: fixed in newer post.

 

But it's the exact same key.

 

Are you sure? The one in HKCU exists by default, but not the one in HKLM. Or you mean it dosen't matter were you put it?

 

The HKLM affects the whole system, but HKCU just affects the person who's currently logged in.

 

Can you show this tweak in registry code and not just in .bat ?

 

You mean like this?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting]
"Disable"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR]
"Disable"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR]
"Disable"=dword:00000001

 

Yes. This is.

It's interesting. Just now I notice there isn't setting for error reporting in Control Panel.

 

Wait. I just noticed I did something wrong. Here is correct:

Code:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting]
"Disabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR]
"Disable"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR]
"Disable"=dword:00000001

OR

Code:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d 1 /f 
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR" /v "Disable" /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR" /v "Disable" /t REG_DWORD /d 1 /f

 

I prefer leave the OS untouched, each connection block with windows build in firewall very well


Windows Problem Reporting firewall rule

Code:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F1EB671-4A03-4BA3-8D97-8FD9F8858759}"="v2.24|Action=Block|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|App=C:\windows\system32\wermgr.exe|Name=Windows Problem Reporting |"

- and periodically delete the contents of this folder "C:\ProgramData\Microsoft\Windows\WER\ReportQueue", or if you use CCleaner "include >> "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\*.*"

 

No, the only firewall that can so fine tuning the rule is "windows build in firewall" and "Jetico" firewall

 

This is probably not part of the telemetry thing, posting it here anyway in case of this thing bothers somebody else.

If you have a permanent connection from explorer.exe to some msnbot.xxx.xxx.xxx.search.msn.com url/ip, try disabling the "Network Connection Broker" service. It's not the best way as it probably breaks features for some apps, so if somebody found a way with a GPO/registry edit to stop this permanent connection to the search.msn.com url....

 

Code:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D5C10EB3-C0A2-4FE6-A172-2CD5D9733B4A}"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=%SystemRoot%\explorer.exe|Name=Block Explorer|"

 

I meant a GPO/registry setting that disable whatever is making explorer.exe connect to the search.msn.com server, not a firewall rule. I know how to do that..

 

How can explorer.exe (file explorer) can connect to the internet ? it's open This PC/Quick access.

 

You tell me. That's no virus, it's a feature of Windows 10. Now to figure which is another story. I tried about everything from disabling telemetry to search the web, and explorer.exe still make the connection to the search.msn.com.