the /s switch doesn't seem to be working. The monitor didn't start minimized last boot. As for the ADPM lag, there has to be some lag. It is not realtime but close. Maybe it only reads the log ever 5 seconds or so. And the log being written is slightly lagged too.
IMO maybe its the ADPM's bug Checked it on the FILE menu but it doesn't work Maybe the ADPM developer should be contacted about this one? So its not just me having this lag ehh.. On my PC just about 10-15 seconds lag
Thanks thorin0815! I considered augmenting Acrylic with PeerBlock and looked at the solutions being offered on MDL that use it; however .... One Perspective I'm raining on my own parade here I know ... but all this stuff ... Acrylic, PeerBlock, dnscrypt even if it's being maintained ... the perspective is sooo last decade! And even if the solution is somewhat current, these are small operations run with maybe a few top-notch programmers, but MS has an army! One could argue that blocked is blocked, hosts files and IP (firewalls) block traffic, but--in my opinion--to really know, you would need to sniff the traffic further down stream of your device. The latest threats, including the privacy invasion from MS, is sophisticated mid-2010 stuff. Of all the corporations out there, MS has to be on top of the latest threats! One can certainly argue that they've done a crap job securing windows, but most security analysts have said that each OS upgrade since XP was shown improvement. So they're fairly up-to-date with the latest penetration and data extraction trends. If you understand how Trojans work--which they must--they surely understand and design and build into they're own OS a sophisticated means of getting the telemetry they want home! One possible solution is to use the same solutions that the bigger corporations use. Big Corporation (BC) have to try and control the data streams in and out of their corporate devices--data streams which include MS telemetry. BC don't only buy enterprise OSs versions either. BC may not have "home" versions, but they have to control surface, and android and apple stuff as well. I'm still researching It seems that there are a number of big time protection players who service banks and such, that also offer 'private use only' versions of their-seemingly Linux based-solutions. Some of them only slightly cripple the offerings. The only difficulty is that you're going to need a spare computer. It doesn't need to be high spec, head to your local tip and grab a chucked out core 2 or something that weak. I'm still researching this. It doesn't look like running the solutions on a virtual machine works. I'm still researching ... but I think you need real hardware. Unfortunately, this isn't the answer I was seeking. Mainly because it means spending precious time doing more research, but at least it "feels" like I'm on a better path and "has" to lead to more up-to-date solution. The security companies providing solutions that protect banks and major corporations are paid well and can hire another army of programmers. So it's their army against MS's army. The field is beginning to even! And I'll leave you with a cliche ... people are all down on cliche's but there is often truth in a cliche ... anyway ... "What's good for the goose is good for the gander" Well, it's sort of applicable anyway ...
I don't want to crap super hard on my own offered privacy solution, but I'm coming to the realization that Acrylic is more of a 'fun tool' to see what MS is up to, then a genuine MS telemetry killer! In fact, what I just wrote there is going to be the new subtitle for the OP!! On a positive note, putting together this thread has directed me on a better path that I think leads to a true telemetry killer, but I'm no longer convinced that Acrylic is the answer I once thought it was. As for what you're seeing with all the MS telemetry call-outs ... this is not necessarily that MS is sending back a heap of your personal data, but that it's trying and trying and trying to get home with the same data. Then--and this is the part of the story that I regret sharing--I suspect MS uses alternative pathways to get the data home! Acrylic only 'sees' DNS names. MS has far more ways than that to get it's data mining home! I'm not a security expert I'm just a ordinary citizen soldier fighting for my privacy using whatever tools I have at my disposal and the I'm slowly coming to the realization that Acrylic isn't the right tool! RADITZDJ, for your own case, you may still be in luck! As was pointed out to you earlier, transmission of your data should be controlled and managed by your corporate IT further down the supply chain. On the down-side, in order for you to implement a 'personally-controlled-by-you' solution to your branch office gear using some type of external PC router-replacement will more than likely incur the wrath of your IT department!! And really you shouldn't have to be doing anything to control your MS telemetry if your IT people have even half-a-clue.
Yes i think acrylic is NOT telemetry killer, but at least we can rely (at this moment) on its ability to block via DNS And yes I'm sure MS absolutely has a thousands way to calling home Yet since I saw theres so many svchost.exe that running and some suspicious task running But just looks like you, I also not a programmer or IT guys I'm just an ordinary worker that concerned about my privacy even theres nothing on my PC that needs to be hide there I'm lack of the ability to observe such as svchost or any background things that running and which part of the exe or registry involved Or even the more difficult to observe the connections via port UDP or TCP Unfortunately, I think my network administrator didn't take his job seriously As far as I knew he just blocking the torrent connections While I still be able to browse to p0rn sites or warez site No, I don't think so that my network administrator care about my privacy So I need to set how my privacy as I need
Hi RADITZDJ, I'm glad you understand the limitations of Acrylic to totally block MS. For the purposes of blocking DNS, its easier to manage than a basic hosts file. Plus, you can see it in working live or review the hit-log whenever you want. I wish I could help you with your IT department, but maybe their sloppiness will eventually work to your advantage. They might just ignore what you do to your office PC if/when a proper MS killing solution comes along. Bye for now!
@RADITDJ The only way you will get near to achieving this on a standalone PC is: Run the latest script from our learned member S1ave77 removing / disabling the CRAPPS & Telemetry services. Run the latest O&O Shut Up utility & disable all. Install a third party firewall that allows you to correctly customise rules by IP’s & stop anything from amending them. Run TCPView util from SysInternals to check what’s going out to assist creating or amending firewall rules. Run PeerBlock with the MS domain’s list included to assist creating or amending firewall rules. When finished with the correct FW filters in place you should have no unwanted traffic passing through.
Maybe the fwpuclnt.dll needs to be modified in the same manner as the dnsapi.dll file? ------ Thanks for this lil' app along with the very impressive tutorial. It must've been a hair-pulling experience to get it all on screen! Having a VPN or not when setting Acrylic up is irrelevant. I have a look at both connections, which also allows confirmation that nothing leaks in relation to LAN vs VPN. I did run into an issue, but after a day of troubleshooting and restoring backups, I manage to flush out the root cause. The Properties button in Network Adapter TCPIPv4 Advanced Settings was greyed out. Command line was the only way to modify IP/DNS/WINS etc... Turns out a setting, the new feature in SpyShelter 10.1 was the culprit, the "Protected Files/Folders" feature. I was using it to restrict read/write access on dnsapi.dll and denied Windows Explorer access to it when receiving the prompt.
I was half expecting the telemetry ones to produce the letter B as in blocked... what would generate a B response? The hardcoded domain names are called by 1 of 3 Windows Services via svchost.exe (Cryptographic Services, Network Location Awareness, DNS Cache). For months I have been accumulating IP ranges that pop up via Windows Firewall Control notification prompts that are triggered by svchost.exe and adding them to a outbound block rule created for each of those Services. Still no dice. I have also added IP Ranges produced by the telemetry domain names. Still no dice. Fiddler worked, but I use a VPN which kicked apart the proxy feature it has, so I call that "Still no dice" as well. It seems Acrylic is more VPN friendly, so sticking with this for the moment, till the proper approach of buying a flashable router and a 2nd PC is achieved. Otherwise, we're just chasing our own tails really... This didn't help much in regards to shushing the callouts, but it did tighten the PC up nicely... hxxp://hardenwindows7forsecurity.com/Harden%20Windows%207%20Home%20Premium%2064bit%20-%20Standalone.html hxxp://hardenwindows10forsecurity.com/Harden%20Windows%2010%20Home.html Is this person still playing hardball with the solution, or is it just an attention-seeking stunt?