Discussion in 'Windows 10' started by Yen, Aug 4, 2015.
You need to login to view this posts content.
No I am not. What's with your 404 link, lol?!?
The list from first post is incomplete with reference to LTSC2019 which has been released half year ago. It communicates to different / additional endpoints.
Lists from first post do already work and WUs are available. LTSB2016 and LTSC2019.
But -as said- for LTSC it's not complete.
My list is not 'generated'. They are real DNS resolution requests from LTSC monitored via pi-hole. (plus a few from MSFT documentation).
It seems it is complete for now AND both lists from my post are actually sufficient for LTSC if you still want WU.
I also had other requests in focus (*.prod.do.dsp.mp.microsoft.com) but they are WU managing related and should not be blocked...
Pi-hole in combination with unbound is my own local DNS. As soon as there is something new I'll update the list...
I have the impression you did not read my post. It's an approach HOW to deal with it...by monitoring DNS resolution requests and blocking URLs. (adding to hosts file or using pi-hole)
My main OS is Kubuntu BTW.....
If you create only one firewall rule, example;
dir=out action=allow program=svchost.exe protocol=UDP remoteport=53 remoteip=184.108.40.206,220.127.116.11
and block all other UDP connection query you do not need anything more.
Yen's Remarks List on the caveats of blocking certain addresses is really useful.
You need to login to view this posts content.
.. don't suppose you would care to share your complete HOSTS list
I'm only running the already shared list from post #959 Spoiler Push me. Both lists posted combined and applied for LTSC2019, though.
I try to be careful when blocking anyway with focus on privacy.
The posted list there may change gathering more info and experiences.
Any other blocks I use are not w10 related. Since I block on my pi-hole my own personal list there concerns any device of my network.
There's primarily focus on ads and android.
If one wants a network wide solution one might want to get interested in running an own pi-hole.
Another way is just to apply own host file on the client's side..
This is the reason why I thought I could share the LTSC2019 related hosts here.
So this list is not for LTSB2016 and will break WU?
Thank you for attention. I solved the problem by simply installing Pfsense
My list is obtained by monitoring LTSC2019.
The list does not break WUs. Neither at LTSB2016 nor at LTSC2019.
I don't know if it is sufficient for LTSB2016, though.
The lists from first post (OP) do also NOT break WUs. (LTSB2016 and LTSC2019)
BUT there are lists out there who break WU, but not on MDL.
For instance : crazymax/windowsspblocker and firebog/airelle-trc
I have corrected my posts. Sorry for the misunderstanding.
My OS is LTSB 2016
I added the list you posted in my Host file and only one of the URLs blocked the internet, meaning I ran out of internet access ...
I do not know if this is normal or not, but to correct this I just delete this url and everything is back to normal.
Thank you for your work!
Was it just a warning or did internet access really not work? Have you tried to open a site via your browser and it did not work?
Yes. Blocking this leads to a yellow triangle and message no internet access. But internet should work anyway. (I have posted that at my remarks list). I have tested it. I have just opened FF and internet was available and the yellow triangle vanished.
Anytime when you reboot windows checks internet connectivity by connecting to MSFT via dns.msftncsi.com.
This solution has the same effect but without alarming no internet:
Disable the service via group policy (Turn off Windows Network Connectivity Status Indicator active tests to Enabled)
-run gpedit.msc (WIN+R)
Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings.
ENABLE there Turn off Windows Network Connectivity Status Indicator active tests
Now you can additionally block dns.msftncsi.com just in case.
Yes, some sites were running normally. But there was the yellow triangle warning that there was no internet access (that's the reason for my doubt).
I did a new test, now with version 18362.86 and I have internet access, although the network icon shows that I do not have internet access.
So I can keep this setup and I will have normal access to the internet?
Yes. The triangle vanishes later anyway when continuing browsing and anything is completely reachable except your self-blocked sites...(if the triangle is disturbing change the policy)
The logic on that is: W10 checks internet connectivity by connecting certain predefined servers (dns.msftncsi.com.)
If not reachable w10 concludes there is no internet.
It's actually a no-go for a default behavior of an OS and should be changed by either group policy or by blocking.....why should M$ know whether one has internet access or not and when?
Okay, now it's clearer to me.
Thank you very much for your attention and your explanations!
Does anyone still use PeerBlock? Some say it work good, some say it does not. I'm not using it for torrents but for ads and spyware. Why did the lists decide to go premium?
Tremendous mess with those puzzle links that lead to different places.