Windows 19043 - Certificate Network Retrieval - New Telemetry

Discussion in 'Windows 10' started by DirtyAngelicaSecured, Feb 26, 2021.

  1. DirtyAngelicaSecured

    Mar 30, 2020
    101
    17
    10
    Before update 19043.844, it was possible to disable Certificate Network Retrieval for Certificate Path Validation in Security Configuration Management. Windows validates certificate path via ctldl.windowsupdate.com. Disabling Network Retrieval in 19043.844 prevented internet from working and blacklisting ctldl.windowsupdate.com domain resolution prevented successful login to some non-Microsoft applications and accounts. Certificate Revocation could still be disabled without problems, but not Certificate Network Retrieval. Windows Update and related services were all disabled. Installing AllowedCert.cab and DisallowedCert.cab did not resolve the problem. Changing related settings in Internet Explorer was also fruitless.

    This happened across all 4 laptops that were updated to Windows 10 19043.844. Certificate Network Retrieval via ctldl.windowsupdate.com became a new type of telemetry...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. xkp

    xkp MDL Novice

    Oct 28, 2017
    40
    8
    0
    Setup firewall to block all outgoing communications and allow only ones that you like :)
    And with few tools to add ip's to hosts file you are the man in power :)
     
  3. DirtyAngelicaSecured

    Mar 30, 2020
    101
    17
    10
    As I mentioned, blocking ctldl.windowsupdate.com domain resulted in some programs refusing to login because they somehow verify certificates.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. DirtyAngelicaSecured

    Mar 30, 2020
    101
    17
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...