Using a static block list in DNSBL / Blocking MS Telemetry and other BS

guardian · Jan 14, 2017, 8:40 AM

I found a script which i manually edited… Small excerpt below...

# Manually extracted from the script: Debloat-Windows-10/scripts/block-telemetry.ps1
# This script blocks telemetry related domains via the hosts file and related IPs via Windows Firewall.
# Source: https://github.com/W4RH4WK/Debloat-Windows-10/blob/master/scripts/block-telemetry.ps1
#
# Main Download Page: https://github.com/W4RH4WK/Debloat-Windows-10/tree/master/scripts
# 2236687 Sep 24, 2016 - @W4RH4WK W4RH4WK Fix most of anniversary stuff - 175 lines (169 sloc) 5.17 KB
#
a-0001.a-msedge.net
a-0002.a-msedge.net
a-0003.a-msedge.net
a-0004.a-msedge.net
a-0005.a-msedge.net

How can I use this in pfBlockerNG so that the DNS resolver black holes these addresses?

BBcan177 · Jan 16, 2017, 5:32 PM

Those domains are hardcoded in those scripts… You could copy those and place them in a DNSBL Custom list. Just be sure to remove the quotation marks... I have not tested adding those Domains to a blocklist. User beware...

shinzo · Jan 19, 2017, 6:48 AM

https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist

Been running that for a while, works great. Looking at it, hasn't been updated in a bit but at least should be enough

chrcoluk · Jan 19, 2017, 7:25 AM

That list includes many domains that have no relation to telemetry.

e.g. at least one of those domains is owned by google.

The original source of that list is now offline, basically what happened is I think someone started monitoring traffic whilst the system was idle and decided that all of it was due to windows telemetry.

I remember when I tested the list I couldnt get any updates on windows 10 either until the list got disabled.

guardian · Jan 19, 2017, 5:50 PM

Any suggestions as to how to sort the list out?

In an ideal world, I would like to block all the tracking and telemetry (Windows 8.1 - I want no part of 10!), and have a quick an convenient way to periodically open as little as needed to get patches, get my patches and close the hole.

I have absolutely no tolerance for letting Windows use my bandwidth to distribute updates, or arbitrary forcing me to reboot or taking over my system for extended periods of time to apply updates when it's not convenient.

chrcoluk · Jan 19, 2017, 10:29 PM

I will post a much shortened list I ended up with which I got to by removing domains I know for sure are not for telemetry and also that broke other services. The list is way shorter as expected. But bear in mind its a game of whack a mole. Microsoft at any point can change the domain names used or even connect directly to ip's. This list I got here was last updated probably a year or so ago when I gave up on windows 10.

choice.microsoft.com
choice.microsoft.com.nsatc.net
df.telemetry.microsoft.com
diagnostics.support.microsoft.com
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
reports.wes.df.telemetry.microsoft.com
services.wes.df.telemetry.microsoft.com
settings-sandbox.data.microsoft.com
settings-win.data.microsoft.com
sqm.df.telemetry.microsoft.com
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
survey.watson.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.microsoft.com
telemetry.urs.microsoft.com
vortex.data.microsoft.com
vortex-sandbox.data.microsoft.com
vortex-win.data.microsoft.com
watson.ppe.telemetry.microsoft.com
wes.df.telemetry.microsoft.com