In Win 10 a lot of stuff is hardcoded in the DDLs directly. In that case the hosts file is useless. Rerouting is the better way, see the telemetry repo for info.
i found the section on rerouting but it doesn't say much, are there any instructions? all i see is one command line and a list of ip's.
The best would be a Hardware Firewall, like a Cisco Netscreen or whatsoever, just those a terribly expensive. A cheap way would be to create your own Hardware Firewall with an old computer as a base, Monitor an keyboard only need for the basic installation but later on! Some very good Freeware available like Pfsense and Smoothwall Express 3.1, which both running on their own included OS. Those apps are replacing the Router (of you Modem) and are locate after the WAN (Modem) and before the LAN (Switch) and control the in-and outgoing traffic fully, depending on the configuration! How good or bad those are, is depending on the config! That Config isn't done on one day, it's always expanded, depending on your needs! I use the Smoothwall Express for years already with great success, for my own company and my customers as well. All you'll need is an older low-level computer with 3-4 NIC's and DVD Reader or USB Flash Reader for to set up the system. After done that, the real config is done from any machine in the Network via a Web-Browser like Firefox, Chrome, Edge or so, Monitor and Keyboard are not used anymore. Useful hint: BIOS should be set to auto-recover power after power loss, so that machine start's with no interaction needed if the power was gone/cut/off! Just a word about that 3-4 NIC's: 1 is needed for the WAN (from Modem) connection, 2. is needed for the LAN (wired Network) connection, 3. is needed for WiFi connection and 4. for a Server if also some are used. Servers are mainly connected to the DMZ so they're available for any incoming connection to it from the Internet. This is just some basic info in case you're really looking for to have a secure Internet connection. Check out the websites from Smoothwall Express and/or Pfsense for more information.