Using a static block list in DNSBL / Blocking MS Telemetry and other BS



  • I found a script which i manually edited… Small excerpt below...

    #  Manually extracted from the script:  Debloat-Windows-10/scripts/block-telemetry.ps1
    #  This script blocks telemetry related domains via the hosts file and related IPs via Windows Firewall.
    #  Source: https://github.com/W4RH4WK/Debloat-Windows-10/blob/master/scripts/block-telemetry.ps1

    #  Main Download Page: https://github.com/W4RH4WK/Debloat-Windows-10/tree/master/scripts
    #  2236687 Sep 24, 2016 - @W4RH4WK W4RH4WK Fix most of anniversary stuff - 175 lines (169 sloc) 5.17 KB

    a-0001.a-msedge.net
    a-0002.a-msedge.net
    a-0003.a-msedge.net
    a-0004.a-msedge.net
    a-0005.a-msedge.net

    How can I use this in pfBlockerNG so that the DNS resolver black holes these addresses?


  • Moderator

    Those domains are hardcoded in those scripts… You could copy those and place them in a DNSBL Custom list. Just be sure to remove the quotation marks...  I have not tested adding those Domains to a blocklist. User beware...



  • https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist

    Been running that for a while, works great.  Looking at it, hasn't been updated in a bit but at least should be enough



  • That list includes many domains that have no relation to telemetry.

    e.g. at least one of those domains is owned by google.

    The original source of that list is now offline, basically what happened is I think someone started monitoring traffic whilst the system was idle and decided that all of it was due to windows telemetry.

    I remember when I tested the list I couldnt get any updates on windows 10 either until the list got disabled.



  • Any suggestions as to how to sort the list out?

    In an ideal world, I would like to block all the tracking and telemetry (Windows 8.1 - I want no part of 10!), and have a quick an convenient way to periodically open as little as needed to get patches, get my patches and close the hole.

    I have absolutely no tolerance for letting Windows use my bandwidth to distribute updates, or arbitrary forcing me to reboot or taking over my system for extended periods of time to apply updates when it's not convenient.



  • I will post a much shortened list I ended up with which I got to by removing domains I know for sure are not for telemetry and also that broke other services.  The list is way shorter as expected.  But bear in mind its a game of whack a mole.  Microsoft at any point can change the domain names used or even connect directly to ip's.  This list I got here was last updated probably a year or so ago when I gave up on windows 10.

    choice.microsoft.com
    choice.microsoft.com.nsatc.net
    df.telemetry.microsoft.com
    diagnostics.support.microsoft.com
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    reports.wes.df.telemetry.microsoft.com
    services.wes.df.telemetry.microsoft.com
    settings-sandbox.data.microsoft.com
    settings-win.data.microsoft.com
    sqm.df.telemetry.microsoft.com
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    survey.watson.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    telemetry.appex.bing.net
    telemetry.microsoft.com
    telemetry.urs.microsoft.com
    vortex.data.microsoft.com
    vortex-sandbox.data.microsoft.com
    vortex-win.data.microsoft.com
    watson.ppe.telemetry.microsoft.com
    wes.df.telemetry.microsoft.com
    

Log in to reply