Im with lited version windows 10 N LSTB i tested it for few days didn't find any something suspicious
Don't let AcuraTML see you claiming you've stopped data going in or out. Apparently that's not possible in his fantastical world.
I think he gave up before the "try" stage even occurred to him frankly. At least some people understand that blocked = blocked, in a way that no magic is getting around it. I for one appreciate the effort going into things like that. Already added the new rules to my systems.
Are you sure about that??. Its not that easy, if you change the default search engine, Cortana (DISABLED) still connect to m$. Check again.
which edition u using did u apply the new method ? i tested it again when resetting to default system PID 0 open port all over
with any sniffer. EDIT Spoiler CONNECT client.wns.windows.com:443 HTTP/1.1 Host: client.wns.windows.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 55 CE 58 5D 65 75 C7 B0 51 D3 D8 69 51 8C D9 DF F7 1B AC FC 4B 45 1F 55 7D DE 7E 41 7B E8 DC D2 "Time": 18-Aug-19 01:04:37 SessionID: empty Extensions: server_name client.wns.windows.com elliptic_curves secp256r1 [0x17], secp384r1 [0x18] ec_point_formats uncompressed [0x0] signature_algs sha256_rsa, sha384_rsa, sha1_rsa, sha256_ecdsa, sha384_ecdsa, sha1_ecdsa, sha1_dsa, sha512_rsa, sha512_ecdsa SessionTicket empty extended_master_secret empty renegotiation_info 00 Ciphers: [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [009D] TLS_RSA_WITH_AES_256_GCM_SHA384 [009C] TLS_RSA_WITH_AES_128_GCM_SHA256 [003D] TLS_RSA_WITH_AES_256_CBC_SHA256 [003C] TLS_RSA_WITH_AES_128_CBC_SHA256 [0035] TLS_RSA_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [0038] TLS_DHE_DSS_WITH_AES_256_SHA [0032] TLS_DHE_DSS_WITH_AES_128_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA [0005] SSL_RSA_WITH_RC4_128_SHA [0004] SSL_RSA_WITH_RC4_128_MD5 Compression: [00] NO_COMPRESSION Spoiler CONNECT watson.telemetry.microsoft.com:443 HTTP/1.1 Host: watson.telemetry.microsoft.com:443 A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.3 (TLS/1.2) Random: 55 CE 58 02 80 99 CC 2F 0C BB D3 C6 E0 78 C9 00 7B F4 FA 56 4A B2 45 B5 6D 48 52 C9 AE 93 7D 17 "Time": 01-Apr-71 14:20:21 SessionID: empty Extensions: server_name watson.telemetry.microsoft.com status_request OCSP - Implicit Responder elliptic_curves secp256r1 [0x17], secp384r1 [0x18] ec_point_formats uncompressed [0x0] signature_algs sha256_rsa, sha384_rsa, sha1_rsa, sha256_ecdsa, sha384_ecdsa, sha1_ecdsa, sha1_dsa, sha512_rsa, sha512_ecdsa SessionTicket empty extended_master_secret empty renegotiation_info 00 Ciphers: [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [009D] TLS_RSA_WITH_AES_256_GCM_SHA384 [009C] TLS_RSA_WITH_AES_128_GCM_SHA256 [003D] TLS_RSA_WITH_AES_256_CBC_SHA256 [003C] TLS_RSA_WITH_AES_128_CBC_SHA256 [0035] TLS_RSA_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [0038] TLS_DHE_DSS_WITH_AES_256_SHA [0032] TLS_DHE_DSS_WITH_AES_128_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA Compression: [00] NO_COMPRESSION Cortana STILL alive.
What program made those connections? Cortana could be disabled via GP. SearchUI.exe in the same directory just integrated in the Cortana but not Cortana, it could be disabled by via FW.
Cortana is the search app. It's supposed to use the internet. There's no point in having cortana if you don't want it to use the internet. It's entire function is to search the web for you. If you want to mirror the old functionality of the offline search box from win7, you need to disable cortana, block search from firewall settings, and disable the reg key for web search. Even then, you'd likely also need to disable the app toast telemetry.
StartIsBack++ has it's own search functionality that's basically identical to Windows 7's and is independent of SearchUI.exe and ShellExperienceHost.exe. I'm never going to use Cortana. Ever. So why not just permanently remove Cortana instead disabling and firewalling it?
Try to add it with reg. file but i don't see change in registry !!! admin right and path are good, Strange ! Can you export it from firewall interface in txt format please ? Many thks.
ClassicShell too, but their functionality does not mean that standard win components are free to behave like junk, for obvious reasons.
Spoiler Code: Name Group Profile Enabled Action Override Program Local Address Remote Address Protocol Local Port Remote Port Authorized Computers Authorized Local Principals Local User Owner Application Package Block All Out traffic from Explorer All Yes Block No %SystemRoot%\explorer.exe Any Any Any Any Any Any Any Any Any Block All Out traffic from WinDefend All Yes Block No %ProgramFiles%\Windows Defender\MsMpEng.exe Any Any Any Any Any Any Any Any Any Block Out from MRT All Yes Block No %SystemRoot%\System32\MRT.exe Any Any Any Any Any Any Any Any Any Microsoft Blocklist IP All Yes Block No Any Any 8.18.0.0/16, 23.45.0.0/16, 23.99.0.0/16, 23.102.0.0/16, 23.203.0.0/16, 64.4.0.0/16, 64.20.0.0/16, 65.52.0.0/16, 65.55.0.0/16, 69.172.0.0/16, 74.125.0.0/16, 93.184.0.0/16, 131.253.0.0/16, 134.170.0.0/16, 137.117.0.0/16, 161.69.0.0/16, 168.62.0.0/16, 178.255.0.0/16, 191.236.0.0/14, 199.166.0.0/16, 204.79.0.0/16 Any Any Any Any Any Any Any Microsoft Malware Protection Command Line Utility All Yes Block No C:\program files\windows defender\mpcmdrun.exe Any Any Any Any Any Any Any Any Any Microsoft Windows Search Indexer All Yes Block No C:\windows\system32\searchindexer.exe Any Any Any Any Any Any Any Any Any Process for Windows Services [IKEEXT] All Yes Block No C:\windows\system32\svchost.exe Any Any Any Any Any Any Any Any Any Search and Cortana application All Yes Block No C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe Any Any Any Any Any Any Any Any microsoft.windows.cortana_cw5n1h2txyewy Search application All Yes Block No C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe Any Any Any Any Any Any Any Any Any SIH Client All Yes Block No C:\windows\system32\sihclient.exe Any Any Any Any Any Any Any Any Any Windows Applications (auto) All Yes Block No C:\Windows\system32\wwahost.exe Any Any Any Any Any Any Any Any Any Windows Defender User Interface All Yes Block No C:\program files\windows defender\msascui.exe Any Any Any Any Any Any Any Any Any Windows Dmwappushservice All Yes Block No C:\windows\system32\svchost.exe Any Any Any Any Any Any Any Any Any Windows host process (Rundll32) All Yes Block No C:\windows\system32\rundll32.exe Any Any Any Any Any Any Any Any Any Windows Problem Reporting All Yes Block No C:\windows\system32\wermgr.exe Any Any Any Any Any Any Any Any Any Windows Telemetry All Yes Block No C:\windows\system32\svchost.exe Any Any Any Any Any Any Any Any Any
Do you think this will work? here is my idea: Make a proxy (pfsense etc.) and allow the internet only via that proxy. So any programs that I use I will put in the proxy (Firefox, Steam etc). Will this method solve this spying/telemetry issue? Since windows itself won't have access to the internet...
It might help your privacy, but it's not a solution for the masses. Millions of people can't start using proxies. Also, a lot of sites ban proxies; which causes a lot of grief if you're using one.
What about a local proxy. Only on the local network...? or am i not understating proxies correctly? So websites will still see my public ip and not a proxy...?
It depends on the proxy. Some proxies are transparent. I'm not sure what you mean by local proxy. I would think that anything local would defeat the purpose of using a proxy as they'd know where you are. we'll figure out the best ways to handle these privacy settings. It just needs a little more time. If none of us had anything else to do we could sit here and fiddle with the settings, but sadly a lot of us are busy.