Hey, I don't think the Windows hosts file is capable of IP range blocking. That's just one of the reasons that I've been using PeerBlock instead. PeerBlock gives you IP range filtering and you can deny outbound traffic via specific ports. It doesn't depend on the Windows firewall at all either. If you block explorer.exe with the Windows firewall then you'll see that the msnbot connection is made by a different executable instead. That doesn't happen if you use PeerBlock. I've also noticed that if you block a specific IP range then the Windows store will work, but if you were to click on an app that's actually installed then the store will close on you.
I don't think it's possible with the built-in hosts as it doesn't support wildcards and ip ranging. The built-in hosts file is very explicit in nature. Unless you actually note each hostname you want blocked, it won't be. There are, however, 3rd party DNS filters that come with their own hosts file that do have such features. Maybe something to consider?
Open up TCPView and you'll see the connection via explorer.exe is killed and then it's passed to wermgr.exe instead. If you block the connection via PeerBlock then you shouldn't see any new activity. You just see that it was killed in the PeerBlock log, so it appears to do a much better job.
I also blocked explorer.exe with Windows Firewall. However, in my Enterprise LTSB VM, TCPView didn't register any new msnbot connections from any executable, nor didn't it register explorer.exe's connection automatically being killed and passed to another executable. However, completely unrelated to explorer.exe TCPView did register an executable I hadn't seen before making an akami connection: CompatTelRunner.exe. Not sure if we should be blocking this one too because Murphy said to be careful with the akami connections.
- never seen, what would happen if you make a rule not associated with executables but block IP range? "{1148A4CD-D946-46D6-B07C-339C55269332}"="v2.24|Action=Block|Active=TRUE|Dir=Out|RA4=191.232.139.0/255.255.255.0|Name=msnbot.search.msn.com|"
Thanks again, I will try to create an autounattended.xml with WinReducer for W8.1 & W10 Home ISO's which should include the code to change the values later tonight or by tomorrow. Will post them once I have them.
I was testing this on real hardware with Windows 10 Home, just to see how it behaves. Both amazonaws and akamaitechnologies should be fine. They're used for content delivery and store stuff. Maybe blocking outbound only would work though Some things do and some things don't. @shewolf I've not tried it yet since I've been trying to build a PeerBlock list designed to target only the tracking. Shouldn't it be this though: Code: "{1148A4CD-D946-46D6-B07C-339C55269332}"="v2.24|Action=Block|Active=TRUE|Dir=Out|RA4=191.232.139.0-191.232.139.255|Name=msnbot.search.msn.com|"
Yeah it's wrong. (edit: This script adds its own 0.0.0.0 but the hosts you copy/paste already has the 0.0.0.0) Change: Code: echo $a += "0.0.0.0 $i">>%ps1file% to Code: echo $a += "$i">>%ps1file% empty your hosts file and start the script again.
NO, when you tipe 191.232.139.0/24 it conwert in registry to 191.232.139.0/255.255.255.0 if you enter this rule Code: "{1148A4CD-D946-46D6-B07C-339C55269332}"="v2.24|Action=Block|Active=TRUE|Dir=Out|RA4=191.232.139.0/255.255.255.0|Name=msnbot.search.msn.com|" in windows firewall you can see like 191.232.139.0/24
That's yet another thing within Windows that makes absolutely no sense then. I can't say that I'm not surprised at this point.
- if you enter in widows firewall 191.232.139.0/191.232.139.255 says wrong IP, when you enter 191.232.139.0/255.255.255.0 accept and show like 191.232.139.0/24
I think you've actually set it up wrong. I just done it and checked for myself and it's this: Code: v2.24|Action=Block|Active=TRUE|Dir=Out|RA4=191.232.139.0-191.232.139.255|Name=msnbot.search.msn.com| You've selected an address/subnet. Under that is the option for an IP range.
The original powershell snippet uses to add 0.0.0.0 whereas the part i use doesn't. Just got the manual addition of adresses from a given list to work. The list needs to be in the form of the ones given in OP. The manual Task Scheduler Tasks disable is also working here, apparently for the list applies same rule as for hosts file additions.