Stop Windows 10 spying on you using just Windows Firewall

It is not a secret to anyone who uses Windows 10 that this operating system is collecting a lot of private information and sending it back to Microsoft so they get more telemetry data. Many users are not happy that Windows 10 is spying on them and constantly seeking a way to stop it. While this is not the first time that we are referring to this issue, today I would like to share a different way to prevent Windows 10 from collecting your sensitive data using only the built-in Windows Firewall.


In my previous article, How to disable Telemetry and Data Collection in Windows 10, I widely described what is telemetry and how Microsoft is collecting your data. Besides that, the article comes with a solution against collecting data without your approval.

Before we start, I definitely should mention one fact. Beware Windows 7/Windows 8 users, your operating system might be spying on you as well! See the following article: Telemetry and Data Collection are coming to Windows 7 and Windows 8 too

Now, let's see what we can do to prevent Windows 10 from spying on you using just Windows Firewall. The main idea behind this method is to block the well known list of Microsoft servers using the appropriate rules of Windows Firewall. This does not involve any third party tool in the process, which is also good. You will see and control what you are doing.

Let's see the following example:

netsh advfirewall firewall add rule name="telemetry_watson.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.43,65.52.108.29 enable=yes

The command above adds and activates a new rule which blocks outgoing connections to the server "telemetry_watson.telemetry.microsoft.com". Blocking will be performed using these IP addresses: 65.55.252.43,65.52.108.29.

This command should be executed in an elevated command prompt. This is not too hard. But when you need to block all telemetry servers, you can get tired running all the required command one by one. Just look at the complete list (a PowerShell snippet) below!

Set-NetFirewallProfile -all

netsh advfirewall firewall add rule name="telemetry_vortex.data.microsoft.com" dir=out action=block remoteip=191.232.139.254 enable=yes

netsh advfirewall firewall add rule name="telemetry_telecommand.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.92 enable=yes

netsh advfirewall firewall add rule name="telemetry_oca.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.63 enable=yes

netsh advfirewall firewall add rule name="telemetry_sqm.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.93 enable=yes

netsh advfirewall firewall add rule name="telemetry_watson.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.43,65.52.108.29 enable=yes

netsh advfirewall firewall add rule name="telemetry_redir.metaservices.microsoft.com" dir=out action=block remoteip=194.44.4.200,194.44.4.208 enable=yes

netsh advfirewall firewall add rule name="telemetry_choice.microsoft.com" dir=out action=block remoteip=157.56.91.77 enable=yes

netsh advfirewall firewall add rule name="telemetry_df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.7 enable=yes

netsh advfirewall firewall add rule name="telemetry_reports.wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.91 enable=yes

netsh advfirewall firewall add rule name="telemetry_wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.93 enable=yes

netsh advfirewall firewall add rule name="telemetry_services.wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.92 enable=yes

netsh advfirewall firewall add rule name="telemetry_sqm.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.94 enable=yes

netsh advfirewall firewall add rule name="telemetry_telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.9 enable=yes

netsh advfirewall firewall add rule name="telemetry_watson.ppe.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.11 enable=yes

netsh advfirewall firewall add rule name="telemetry_telemetry.appex.bing.net" dir=out action=block remoteip=168.63.108.233 enable=yes

netsh advfirewall firewall add rule name="telemetry_telemetry.urs.microsoft.com" dir=out action=block remoteip=157.56.74.250 enable=yes

netsh advfirewall firewall add rule name="telemetry_settings-sandbox.data.microsoft.com" dir=out action=block remoteip=111.221.29.177 enable=yes

netsh advfirewall firewall add rule name="telemetry_vortex-sandbox.data.microsoft.com" dir=out action=block remoteip=64.4.54.32 enable=yes

netsh advfirewall firewall add rule name="telemetry_survey.watson.microsoft.com" dir=out action=block remoteip=207.68.166.254 enable=yes

netsh advfirewall firewall add rule name="telemetry_watson.live.com" dir=out action=block remoteip=207.46.223.94 enable=yes

netsh advfirewall firewall add rule name="telemetry_watson.microsoft.com" dir=out action=block remoteip=65.55.252.71 enable=yes

netsh advfirewall firewall add rule name="telemetry_statsfe2.ws.microsoft.com" dir=out action=block remoteip=64.4.54.22 enable=yes

netsh advfirewall firewall add rule name="telemetry_corpext.msitadfs.glbdns2.microsoft.com" dir=out action=block remoteip=131.107.113.238 enable=yes

netsh advfirewall firewall add rule name="telemetry_compatexchange.cloudapp.net" dir=out action=block remoteip=23.99.10.11 enable=yes

netsh advfirewall firewall add rule name="telemetry_cs1.wpc.v0cdn.net" dir=out action=block remoteip=68.232.34.200 enable=yes

netsh advfirewall firewall add rule name="telemetry_a-0001.a-msedge.net" dir=out action=block remoteip=204.79.197.200 enable=yes

netsh advfirewall firewall add rule name="telemetry_statsfe2.update.microsoft.com.akadns.net" dir=out action=block remoteip=64.4.54.22 enable=yes

netsh advfirewall firewall add rule name="telemetry_sls.update.microsoft.com.akadns.net" dir=out action=block remoteip=157.56.77.139 enable=yes

netsh advfirewall firewall add rule name="telemetry_fe2.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.58.121,134.170.58.123,134.170.53.29,66.119.144.190,134.170.58.189,134.170.58.118,134.170.53.30,134.170.51.190 enable=yes

netsh advfirewall firewall add rule name="telemetry_diagnostics.support.microsoft.com" dir=out action=block remoteip=157.56.121.89 enable=yes

netsh advfirewall firewall add rule name="telemetry_corp.sts.microsoft.com" dir=out action=block remoteip=131.107.113.238 enable=yes

netsh advfirewall firewall add rule name="telemetry_statsfe1.ws.microsoft.com" dir=out action=block remoteip=134.170.115.60 enable=yes

netsh advfirewall firewall add rule name="telemetry_pre.footprintpredict.com" dir=out action=block remoteip=204.79.197.200 enable=yes

netsh advfirewall firewall add rule name="telemetry_i1.services.social.microsoft.com" dir=out action=block remoteip=104.82.22.249 enable=yes

netsh advfirewall firewall add rule name="telemetry_feedback.windows.com" dir=out action=block remoteip=134.170.185.70 enable=yes

netsh advfirewall firewall add rule name="telemetry_feedback.microsoft-hohm.com" dir=out action=block remoteip=64.4.6.100,65.55.39.10 enable=yes

netsh advfirewall firewall add rule name="telemetry_feedback.search.microsoft.com" dir=out action=block remoteip=157.55.129.21 enable=yes

netsh advfirewall firewall add rule name="telemetry_rad.msn.com" dir=out action=block remoteip=207.46.194.25 enable=yes

netsh advfirewall firewall add rule name="telemetry_preview.msn.com" dir=out action=block remoteip=23.102.21.4 enable=yes

netsh advfirewall firewall add rule name="telemetry_dart.l.doubleclick.net" dir=out action=block remoteip=173.194.113.220,173.194.113.219,216.58.209.166 enable=yes

netsh advfirewall firewall add rule name="telemetry_ads.msn.com" dir=out action=block remoteip=157.56.91.82,157.56.23.91,104.82.14.146,207.123.56.252,185.13.160.61,8.254.209.254 enable=yes

netsh advfirewall firewall add rule name="telemetry_a.ads1.msn.com" dir=out action=block remoteip=198.78.208.254,185.13.160.61 enable=yes

netsh advfirewall firewall add rule name="telemetry_global.msads.net.c.footprint.net" dir=out action=block remoteip=185.13.160.61,8.254.209.254,207.123.56.252 enable=yes

netsh advfirewall firewall add rule name="telemetry_az361816.vo.msecnd.net" dir=out action=block remoteip=68.232.34.200 enable=yes

netsh advfirewall firewall add rule name="telemetry_oca.telemetry.microsoft.com.nsatc.net" dir=out action=block remoteip=65.55.252.63 enable=yes

netsh advfirewall firewall add rule name="telemetry_reports.wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.91 enable=yes

netsh advfirewall firewall add rule name="telemetry_df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.7 enable=yes

netsh advfirewall firewall add rule name="telemetry_cs1.wpc.v0cdn.net" dir=out action=block remoteip=68.232.34.200 enable=yes

netsh advfirewall firewall add rule name="telemetry_vortex-sandbox.data.microsoft.com" dir=out action=block remoteip=64.4.54.32 enable=yes

netsh advfirewall firewall add rule name="telemetry_pre.footprintpredict.com" dir=out action=block remoteip=204.79.197.200 enable=yes

netsh advfirewall firewall add rule name="telemetry_i1.services.social.microsoft.com" dir=out action=block remoteip=104.82.22.249 enable=yes

netsh advfirewall firewall add rule name="telemetry_ssw.live.com" dir=out action=block remoteip=207.46.101.29 enable=yes

netsh advfirewall firewall add rule name="telemetry_statsfe1.ws.microsoft.com" dir=out action=block remoteip=134.170.115.60 enable=yes

netsh advfirewall firewall add rule name="telemetry_msnbot-65-55-108-23.search.msn.com" dir=out action=block remoteip=65.55.108.23 enable=yes

netsh advfirewall firewall add rule name="telemetry_a23-218-212-69.deploy.static.akamaitechnologies.com" dir=out action=block remoteip=23.218.212.69 enable=yes

So, to make this easy for you so you can add these rules quickly, I prepared a batch file for you. Run "add rules.cmd" and confirm the UAC prompt.

Download Block Telemetry Rules file for Windows 10

After that, you should see the following in Windows Firewall:

Windows 10 disable spying with Firewall

Windows 10 will not spy on you anymore. No third party tools were involved.

Now, go to Services and Applications -> Services in the left pane. In the Services list, disable the following services:

Diagnostics Tracking Service
dmwappushsvc

Double click the mentioned services and pick "Disabled" for the startup type:

Windows 10 disable telemetry You need to restart Windows 10 for changes to take effect.

This last step will disable "keylogger", which might be sending data that you type. This step is not actually necessary, as all the servers are already blocked. However, when you update Windows 10, the server list might be changed by Microsoft and new servers might be added. So, by disabling the mentioned services, you can be sure that the OS will not collect and send the data secretly.

That's it. I am open to your questions. If you haven't understood something, let me know in the comments.

88 thoughts on “Stop Windows 10 spying on you using just Windows Firewall

  1. GenialityOfEvil

    A note on the Windows 7/8 telemetry update. If you already disabled the data collection option then those updates actually reduce the number of calls Windows makes to the Telemetry servers (not sure why it still makes any but whatever).

    Well-loved. Like or Dislike: Thumb up 5 Thumb down 0

    Reply
    1. Charly Parker

      I follow the instructions given but i really don´t believe that Bill will be fooled by this rather “naive blocking thing”… Bill is to nasty to fall in this trap.

      Like or Dislike: Thumb up 2 Thumb down 0

      Reply
      1. Nostromov

        Of course, there is (hardware) encrypted data which is sent obfuscated through different protocols, diffused, so that it can’t be caught in billions of bytes, even if someone is looking for it. The “visible” stuff is there just to confuse and make things seem legit.

        *This is the only way to run Windows 10, with everything disabled: i.imgur.com/R1tbqMS.png :)

        Like or Dislike: Thumb up 0 Thumb down 0

        Reply
        1. Sergey Tkachenko Post author

          Very radical way, isn’t it?

          Like or Dislike: Thumb up 1 Thumb down 0

          Reply
          1. Nostromov

            It’s a major pain. :( Half of the web does not load in the browsers, blah.

            Like or Dislike: Thumb up 0 Thumb down 0

        2. Nostromov

          ^^ Can’t edit, just to clarify – by saying “hardware encrypted” I mean that the Micro$oft operating system is working in tandem with companies like Intel and various (xEFI) BIOS manufacturers (& others!) in order to produce the capabilities to perform amazing backdoors (like Monty Python’s Flying Circus. :))

          Things such as “Secure Boot” and many, many, other nowhere documented channels (perhaps some engineers might be able to recognize machine code, where such actions may be allowed; when looking at the CPU micro-architecture diagrams and whatnot, but even that is -very- doubtful).

          It’s “deep undercover”, like Eddie Murphy in Beverly Hills Cop – and, also, just as ridiculous; except, much less entertaining, heh. xD

          @https://www.youtube.com/watch?v=Oq3cGgqbWG8

          Like or Dislike: Thumb up 2 Thumb down 0

          Reply
  2. David H Johnson

    If Windows were truly spying, this might be useful. But, since Windows is definitely not spying on us, I don’t find it useful at all.

    Poorly-rated. Like or Dislike: Thumb up 4 Thumb down 204

    Reply
    1. EBIN

      Found the M$ employee.

      Well-loved. Like or Dislike: Thumb up 93 Thumb down 2

      Reply
      1. Sergey Tkachenko Post author

        haha

        Well-loved. Like or Dislike: Thumb up 29 Thumb down 2

        Reply
    2. GenialityOfEvil

      Then they won’t mind.

      Well-loved. Like or Dislike: Thumb up 30 Thumb down 1

      Reply
    3. Charly Parker

      Cortana will be remember as the most evil character of all times. You my friend, poor fellow.. God bless you.

      Well-loved. Like or Dislike: Thumb up 7 Thumb down 0

      Reply
  3. Techie Bear

    Hi Sergey,
    I used the previous article for the two non-insider computers without a problem, and very much appreciate the ability to block data being transmitted to Microsoft. My question is this: Is one method preferable over the other? If it matters to your answer, I have Zemana anti-keylogger software installed.

    For myself, I’d rather make a change to the Registry, with a backed-up Restore available, than mess around with a firewall and not be able to access anything or get online.

    And as always, thanks for all your excellent work!
    Regards,
    Techie Bear

    Like or Dislike: Thumb up 3 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      Well, in this method more servers will be blocked.
      You can avoid the Registry editing.
      Personally, I liked this method more than the previous one.

      Like or Dislike: Thumb up 1 Thumb down 0

      Reply
      1. AC

        Problem is they can easily revert back to spying and make it more difficult to subvert with an update or just change their server IPs. Going to boycott windows altogether this year.

        Well-loved. Like or Dislike: Thumb up 11 Thumb down 1

        Reply
        1. Sergey Tkachenko Post author

          Yep yo are right. I also avoid Windows 10 on my PCs :)

          Well-loved. Like or Dislike: Thumb up 10 Thumb down 0

          Reply
    2. yanta

      Where do you think firewall rules are stored…. Yes, in the registry :)

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
  4. mr.ed

    DWS_lite does all this and more, is free, and constantly updated.

    Like or Dislike: Thumb up 3 Thumb down 2

    Reply
  5. Clayton Carney

    After adding firewall rules, Windows Update reports ‘We couldn’t get online to download your updates.’ If I remove the rules, Update works again.

    Like or Dislike: Thumb up 2 Thumb down 2

    Reply
    1. Charly Parker

      Who is afraid of Windows update? That´s paranoia. I´ve working on W7 from the beginning without a single update. Not a single damn issue. The big problem with all Windows versions is just Windows updates!

      Like or Dislike: Thumb up 4 Thumb down 1

      Reply
  6. Clayton Carney

    Using TCPView, tracked the problem to 134.170.51.190. Removed that IP from rules.ps1 and Update works again.

    Well-loved. Like or Dislike: Thumb up 8 Thumb down 0

    Reply
    1. Mikhoul

      Lot of other IP in this list are mandatory to receive Upgrades, other service and diagnostic from Microsoft.

      Some Paranoid grabbed all MSFT domain on the net and put it in a list.

      One of those day you will lose lot of time to find why some Microsoft services don’t work ;-)

      Hot debate. What do you think? Thumb up 5 Thumb down 3

      Reply
      1. Sergey Tkachenko Post author

        Quite possible.

        Like or Dislike: Thumb up 0 Thumb down 0

        Reply
      2. j

        Other than updates that I reserve the right to control MS can suck it. Any services I would take from them should be voluntary and not crammed down my throat.

        Like or Dislike: Thumb up 2 Thumb down 0

        Reply
  7. marcello russo

    sorry my English is translated with Google, I performed the entire procedure, everything went well, I can not enter the site Microsoft Answer Italian, can ‘be a firewall port blocked?

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      Quite possible.
      Please tell me the url/link which you are trying to access?

      Like or Dislike: Thumb up 1 Thumb down 1

      Reply
      1. marcello

        the site is this
        http://answers.microsoft.com/it-it?auth=1
        not me access to my account and I favedere posts in all sections,
        other Microsoft sites are fine, If these firewall rules we found that the site does not spy visit

        thanks and sorry for my english

        Like or Dislike: Thumb up 0 Thumb down 0

        Reply
        1. Sergey Tkachenko Post author

          Let’s see it its IP address is in the blocking list.

          Like or Dislike: Thumb up 0 Thumb down 0

          Reply
          1. marcello russo

            I understand, I leave it,
            the important thing is that the other Microsoft sites work well,
            thank you

            Like or Dislike: Thumb up 0 Thumb down 0

  8. Al

    blocking this ip 68.232.34.200 breaks web.skype.com

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
    1. Al

      isn’t adding domains into hosts file a better solution?

      Like or Dislike: Thumb up 1 Thumb down 0

      Reply
      1. Sergey Tkachenko Post author

        Try to spy the traffic.
        Windows 10 can BYPASS the hosts file for telemetry!
        WireShark can prove it.

        Well-loved. Like or Dislike: Thumb up 4 Thumb down 0

        Reply
        1. Al

          wow, Microsoft is going in hard. Thx for your service man. I guess i’ll have to manage ip blocking on the case by case basis, e.g. when i’ll need access to some features i’ll disable the rules but will leave them enabled by default

          Like or Dislike: Thumb up 1 Thumb down 0

          Reply
          1. AC

            They are corporatists after all. Into Biotech death panels, elitism and will do the NSA work, just as Google and all other tech companies are happy to oblige. If not then they’d not be in business, but then they don’t even try to protect our privacy. We have nothing to hide, privacy is our natural born right and our choice. It is time we be more assertive over the control others have over OUR life’s.

            Well-loved. Like or Dislike: Thumb up 7 Thumb down 0

        2. Jon Grah

          Can MS bypass windows firewall?

          I always thought the firewall was independent of other processes. I am using windows 7 / Win 2008 64 bit. But I suppose in later versions of windows or with a patch, MS could just hack their own firewall. Do you recommend a 3rd party firewall or using an additional firewall on top of the windows firewall? If so, which one?

          Like or Dislike: Thumb up 1 Thumb down 0

          Reply
          1. Sergey Tkachenko Post author

            I am big fan of Zone Alarm.
            Few years ago it was really great app.

            Like or Dislike: Thumb up 0 Thumb down 1

          2. nikolai

            an additional firewall on top of the ‘windows firewall’ – Zone Alarm will work.
            most other firewalls will disable ‘windows firewall’.

            Zone Alarm Free Firewall is not what it used to be, some features have been removed, a bit more buggy.

            Like or Dislike: Thumb up 0 Thumb down 0

    2. Conny

      Blocking this IP also breaks access to Technet.

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
  9. Al

    Tip: how to disable “development mode” http://answers.microsoft.com/en-us/windows/forum/windows_10-files/bug-windows-10-file-explorer-reopens-after-getting/596553df-3af6-4a96-ab52-0fedba4df1bd

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  10. Fred E

    WIndows Update won’t work if the firewall is set to block outgoing connection telemetry_fe2.update.microsoft.com.akadns.net.

    If you simply remove that one firewall block that’s in your script, Windows Update will work again.

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
  11. nabucco

    After appling this trick, I cannot access to bing.com or bing.maps

    I finally found I need to remove the block of:
    – telemetry_a-0001.a-msedge.net
    – telemetry_pre.footprintpredict.com
    – telemetry_pre.footprintpredict.com (it is repeated in Windows Firewall)

    (with the help of Control panel -> trobleshooting -> connect to Internet -> help me to connect to a specific page)

    Sorry for my english, I hope you understand me

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
  12. chromax

    Please remove “telemetry_fe2.update.microsoft.com.akadns.net” and the other ones from nabucco.
    This is not very helpful if it blocks nearly everything. The list has to be updated.

    PS.: Something blocks the locations search in the weather app.

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
    1. Shakti

      Disable “Explorer.EXE_BLOCK” and “204.79.197.200_Block” IP for weather to work properly

      Like or Dislike: Thumb up 2 Thumb down 0

      Reply
  13. Mark

    You don’t need to remove them altogether, juste change the value “enabled=yes” to “enabled=no” at the end of each line in the file, with powershell.

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  14. Zebediah Boss

    Doing this to your firewall also blocks windows updates from accessing the web to update – DOH!

    Like or Dislike: Thumb up 1 Thumb down 1

    Reply
    1. Rotozaza

      No, it doesn’t on Win 10.

      Like or Dislike: Thumb up 1 Thumb down 1

      Reply
    2. paul

      That’s good. I can actually look at Windows updates before microsoft forces them down my computer.

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
  15. Rotozaza

    Outbound block on IP 68.232.34.200, intended for:

    cs1.wpc.v0cdn.net
    az361816.vo.msecnd.net

    blocks get: http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.1.min.js from answers.microsoft.com

    http://answers.microsoft.com/en-us/feedback/forum/fdbk_commsite-bug/answersmicrosoftcom-doesnt-work-on-firefox-if-free/55a938e8-a06c-47c6-b241-72bd1d55a5a6?tm=1447152774954

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  16. Nhat

    Is there a script to reverse this block? I think i used it to block windows but now my workplace requires me to setup airwatch and connect to their servers but i’m not able to connect. I’m wondering if something in this process is blocking connection to airwatch as well.

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      Remove all custom rules from Firewall.

      Like or Dislike: Thumb up 2 Thumb down 0

      Reply
      1. nikolai

        Windows Firewall, Restore Defaults.

        Like or Dislike: Thumb up 0 Thumb down 0

        Reply
    2. Roger Vernon

      So – now Bing won’t work after running the batch file. For some searches Bing is better than Google, so whilst I don’t like data gathering by either, I’d like to know which specific item to unblock for Bing to work.

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
  17. meso

    why use an OS that spies on you and you go out of your way to block everything it tries to send out?

    Be honest to yourself, if you dont want to get spied on use an other OS, otherwise stop nagging about privacy.

    Poorly-rated. Like or Dislike: Thumb up 1 Thumb down 28

    Reply
    1. Leo

      This is right, but there are people who are still hesitating going over to linux apparently. So these mitigating steps are a beginning, not a cure.

      Well-loved. Like or Dislike: Thumb up 7 Thumb down 0

      Reply
    2. LarryNG

      A lot of small businesses are forced to use Internet Explorer and other Windows features (usually caused by programmers only programming business apps for Windows that are not compatible with Linux, Firefox, or any other open source). Some government websites still only work with Internet Explorer, and the small businesses are required by law to access the websites, so the businesses have to use Windows or else go out of business. Home users usually have a choice, but all of my business customers are locked into Windows regardless of how much they hate Microsoft. On my personal PCs I use Windows for work, and Linux for fun. Someday when I quit my business and retire, I hope to only use Linux.

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
  18. Piyush Singh

    I have windows 10 64-bit OS (Fresh Installation). Amount these services I found 2 one but didn’t found first one in services…….?
    1) Diagnostics Tracking Service
    2) dmwappushsvc

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  19. Piyush Singh

    I think Microsoft renamed it to “Connected User Experiences and Telemetry service”. Is information correct…..?

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      yep, you are right.

      Like or Dislike: Thumb up 1 Thumb down 0

      Reply
  20. tachibana

    I don’t use windows firewall,can I just add *.microsoft.com *.live.com,etc. to third party firewall?

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      Sure you can

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
  21. Jon Grah

    Also have another question. Is there a way to delete/disable/freeze, etc certain processes, at the local computer level? I think this would be a more robust approach than only blocking firewall. Especially if updates are needed from time to time, I can

    But I need a master list of all the Win 10 ‘spy’ exe’s, what they do, and how to block (disable) them. Of course microsoft is not going to tell us this, so it is up to the White Hat hackers and tech folks to compile this list.

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  22. Paul Klee

    Hello:

    Thank you so much for providing info on how to restrain this data mining and tracking virus called Windows 10. There is one thing I would still like to get from microsoft, the latest windows defender virus definitions. If I follow these instructions, can someone kindly tell me what to unblock to permit defender to talk to the mothership, but nothing else?

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  23. nobody

    “Diagnostics Tracking Service” is no longer in the list of services.

    There is
    Diagnostic Policy Service
    Diagnostic Service Host
    Diagnostic System Host

    Which one should be disabled?

    Thanks

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      You need to disable “Connected User Experiences and Telemetry”

      Like or Dislike: Thumb up 1 Thumb down 0

      Reply
    2. Sergey Tkachenko Post author

      disable this one: Connected User Experiences and Telemetry

      Like or Dislike: Thumb up 2 Thumb down 0

      Reply
  24. Stuferus

    ok and now the same please for linux/freebsd firewalls.. i think using a linux router and firewall may work even better as it may happen that m$ adds a bypass in windows for this.

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  25. Aniket

    Ever since i got a new dial up, my windows 10 was downloading stuff from akamai and others at like 10Mbps and it was really annoying. your post really helped me. although your program was for outbound blocking and my problem was more inboung, so a little tweak and the problem was solved
    thanks a lot though.

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  26. Kevan Goddard

    Ran the batch file and confirmed the prompt – but rules do not appear in the firewall outbound rules section ????

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  27. azdps

    Microsoft explains what windows telemetry collects and how to LIMIT but not stop what Microsoft actually collects and sends back. Windows Defender is even a involved. I would suspect that the services run can bypass the Windows firewall. Microsoft is determined to collect this information.

    https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-telemetry-in-your-organization

    Like or Dislike: Thumb up 2 Thumb down 0

    Reply
    1. Charly Parker

      I follow the instructions given but i really don´t believe that Bill will be fooled by this rather “naive blocking thing”… Bill is to nasty to fall in this trap.

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
      1. David

        Do you mean Satya?

        Like or Dislike: Thumb up 0 Thumb down 0

        Reply
  28. Scarint

    I created a simple BASH script to add these to a Linux firewall (iptables). I’ve commented the concerns mentioned in the posts above.

    With the Windows Update group NOT blocked, I am able to run Windows Update on Windows 10 and Server 2012.
    I have not checked Bing or Weather or Skype, I don’t care about those. I also don’t care about Cortana, so I’m not testing that.

    https://dl.dropboxusercontent.com/u/59306089/telemetry.txt

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  29. Michael Kargl

    Thank you for the cool table of telemetry servers! I felt like playing so I parsed your cool list into a powershell script that you can easily adapt and extend.
    https://paste.ubuntu.com/21128315/

    In case the pastebin is being deleted, here the script I used to setup the rules on my computer:
    @(
    @{ RemoteAddress=’191.232.139.254′; Name=’telemetry_vortex.data.microsoft.com’ }
    @{ RemoteAddress=’65.55.252.92′; Name=’telemetry_telecommand.telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.55.252.63′; Name=’telemetry_oca.telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.55.252.93′; Name=’telemetry_sqm.telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.55.252.43′; Name=’telemetry_watson.telemetry.microsoft.com’ }
    @{ RemoteAddress=’194.44.4.200′; Name=’telemetry_redir.metaservices.microsoft.com’ }
    @{ RemoteAddress=’157.56.91.77′; Name=’telemetry_choice.microsoft.com’ }
    @{ RemoteAddress=’65.52.100.7′; Name=’telemetry_df.telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.52.100.91′; Name=’telemetry_reports.wes.df.telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.52.100.93′; Name=’telemetry_wes.df.telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.52.100.92′; Name=’telemetry_services.wes.df.telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.52.100.94′; Name=’telemetry_sqm.df.telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.52.100.9′; Name=’telemetry_telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.52.100.11′; Name=’telemetry_watson.ppe.telemetry.microsoft.com’ }
    @{ RemoteAddress=’168.63.108.233′; Name=’telemetry_telemetry.appex.bing.net’ }
    @{ RemoteAddress=’157.56.74.250′; Name=’telemetry_telemetry.urs.microsoft.com’ }
    @{ RemoteAddress=’111.221.29.177′; Name=’telemetry_settings-sandbox.data.microsoft.com’ }
    @{ RemoteAddress=’64.4.54.32′; Name=’telemetry_vortex-sandbox.data.microsoft.com’ }
    @{ RemoteAddress=’207.68.166.254′; Name=’telemetry_survey.watson.microsoft.com’ }
    @{ RemoteAddress=’207.46.223.94′; Name=’telemetry_watson.live.com’ }
    @{ RemoteAddress=’65.55.252.71′; Name=’telemetry_watson.microsoft.com’ }
    @{ RemoteAddress=’64.4.54.22′; Name=’telemetry_statsfe2.ws.microsoft.com’ }
    @{ RemoteAddress=’131.107.113.238′; Name=’telemetry_corpext.msitadfs.glbdns2.microsoft.com’ }
    @{ RemoteAddress=’23.99.10.11′; Name=’telemetry_compatexchange.cloudapp.net’ }
    @{ RemoteAddress=’68.232.34.200′; Name=’telemetry_cs1.wpc.v0cdn.net’ }
    @{ RemoteAddress=’204.79.197.200′; Name=’telemetry_a-0001.a-msedge.net’ }
    @{ RemoteAddress=’64.4.54.22′; Name=’telemetry_statsfe2.update.microsoft.com.akadns.net’ }
    @{ RemoteAddress=’157.56.77.139′; Name=’telemetry_sls.update.microsoft.com.akadns.net’ }
    @{ RemoteAddress=’134.170.58.121′; Name=’telemetry_fe2.update.microsoft.com.akadns.net’ }
    @{ RemoteAddress=’157.56.121.89′; Name=’telemetry_diagnostics.support.microsoft.com’ }
    @{ RemoteAddress=’131.107.113.238′; Name=’telemetry_corp.sts.microsoft.com’ }
    @{ RemoteAddress=’134.170.115.60′; Name=’telemetry_statsfe1.ws.microsoft.com’ }
    @{ RemoteAddress=’204.79.197.200′; Name=’telemetry_pre.footprintpredict.com’ }
    @{ RemoteAddress=’104.82.22.249′; Name=’telemetry_i1.services.social.microsoft.com’ }
    @{ RemoteAddress=’134.170.185.70′; Name=’telemetry_feedback.windows.com’ }
    @{ RemoteAddress=’64.4.6.100′; Name=’telemetry_feedback.microsoft-hohm.com’ }
    @{ RemoteAddress=’157.55.129.21′; Name=’telemetry_feedback.search.microsoft.com’ }
    @{ RemoteAddress=’207.46.194.25′; Name=’telemetry_rad.msn.com’ }
    @{ RemoteAddress=’23.102.21.4′; Name=’telemetry_preview.msn.com’ }
    @{ RemoteAddress=’173.194.113.220′; Name=’telemetry_dart.l.doubleclick.net’ }
    @{ RemoteAddress=’157.56.91.82′; Name=’telemetry_ads.msn.com’ }
    @{ RemoteAddress=’198.78.208.254′; Name=’telemetry_a.ads1.msn.com’ }
    @{ RemoteAddress=’185.13.160.61′; Name=’telemetry_global.msads.net.c.footprint.net’ }
    @{ RemoteAddress=’68.232.34.200′; Name=’telemetry_az361816.vo.msecnd.net’ }
    @{ RemoteAddress=’65.55.252.63′; Name=’telemetry_oca.telemetry.microsoft.com.nsatc.net’ }
    @{ RemoteAddress=’65.52.100.91′; Name=’telemetry_reports.wes.df.telemetry.microsoft.com’ }
    @{ RemoteAddress=’65.52.100.7′; Name=’telemetry_df.telemetry.microsoft.com’ }
    @{ RemoteAddress=’68.232.34.200′; Name=’telemetry_cs1.wpc.v0cdn.net’ }
    @{ RemoteAddress=’64.4.54.32′; Name=’telemetry_vortex-sandbox.data.microsoft.com’ }
    @{ RemoteAddress=’204.79.197.200′; Name=’telemetry_pre.footprintpredict.com’ }
    @{ RemoteAddress=’104.82.22.249′; Name=’telemetry_i1.services.social.microsoft.com’ }
    @{ RemoteAddress=’207.46.101.29′; Name=’telemetry_ssw.live.com’ }
    @{ RemoteAddress=’134.170.115.60′; Name=’telemetry_statsfe1.ws.microsoft.com’ }
    @{ RemoteAddress=’65.55.108.23′; Name=’telemetry_msnbot-65-55-108-23.search.msn.com’ }
    @{ RemoteAddress=’23.218.212.69′; Name=’telemetry_a23-218-212-69.deploy.static.akamaitechnologies.com’ }
    ) | ForEach-Object {
    New-NetFirewallRule @_ -DisplayName $_.Name -Direction Outbound -Enabled True -Action Block

    }

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      Thank you Michael.

      Like or Dislike: Thumb up 1 Thumb down 0

      Reply
    2. Michael Kargl

      Dang it, I missed the fact that some netsh commands are using multiple IPs in their remoteip arguments. I made some modifications:
      https://paste.ubuntu.com/21140900/

      It probably doesn’t make anything easier without a proper script-file but maybe it’ll help somebody. Haven’t been programming for half a year now and had to hack something up to quench my thirst :P.

      Like or Dislike: Thumb up 1 Thumb down 0

      Reply
  30. reader_winaero

    The script add ruels.cmd works fine.

    Is it usefull adding rules in microsoft firewall if kapersky internet security 2016 is installed on the computer ?

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  31. TheOriginalGiga

    As much as I was hoping this would work, it does not. I’ve been on a mission to block microsoft from communicating from my personal network. I’m currently using a Palo Alto PA-4050 firewall for the network which allows me to see the logs. I’ve identified the IP ranges below as Microsoft owned IP addresses. I’m working from the standpoint that since microsoft rotates it’s IP addresses and not all of the metrics gathering have an FQDN I decided to block all of the Microsoft owned IP addresses. I applied both the rules above as well as the IP subnets I’ve identified so far as firewall rules and monitored from my firewall, I can still see the computer attempt to communicate with microsoft after these rules were applied. I wish I had a better solution but all I know is this solution doesn’t work.

    Here’s the IP subnets I’ve identified as owned by MS so far. I don’t claim this to be a complete list, but identified from the traffic I’ve monitored and cross referenced with this site: http://www.tcpiputils.com/browse/ip-address
    13.64.0.0/11
    13.96.0.0/13
    13.104.0.0/14
    23.96.0.0/13
    64.4.0.0/18
    65.52.0.0/14
    66.119.144/20
    94.245.64.0/18
    104.40.0.0/13
    104.146.0.0/15
    104.208.0.0/13
    131.107.0.0/16
    131.253.1.0/24
    131.253.3.0/24
    131.253.5.0/24
    131.253.6.0/24
    131.253.8.0/24
    131.253.12.0/22
    131.253.16.0/23
    131.253.18.0/24
    131.253.21.0/24
    131.253.22.0/23
    131.253.24.0/21
    131.253.32.0/20
    131.253.61.0/24
    131.253.62.0/23
    131.253.64.0/18
    131.253.128.0/17
    134.170.0.0/16
    157.54.0.0/15
    157.56.0.0/16
    204.79.195.0/24
    204.79.196.0/23

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
  32. ohyonghao

    I have the Win 10 Anniversary update and had added rules to the firewall before the update. I ran the telemetry script found here and then went to take a look at the firewall today and noticed that ALL windows apps had explicitly set ALLOW for themselves. I had to go through each one changing ALLOW to BLOCKED. Tested with Microsoft Edge and when I open the app it complains about no internet connection, like I want it to.

    Same thing for inbound rules now, they have gone through and set every one of their apps to explicitly have INBOUND set to ACCEPT. I hope none of their apps have some kind of remote execution vulnerability. I might have to go through and set my router to disable these so Microsoft can’t keep writing exceptions for themselves like the Clintons.

    Like or Dislike: Thumb up 1 Thumb down 1

    Reply
  33. Bill P

    There are only 19,593,984 ip addresses owned by Microsoft (as of 9/2013, per ipinfo.io), to route the data through. Even the ip addresses for the monthly updates change regularly. Blocking ip addresses is a waste of time!!

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
    1. Bill P

      Microsoft currently as the following AS numbers: 3598,8072,8068,26222,8069,13811,20046,6182,8075,23468.

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
  34. Thomas Joseph

    I am a novice in regardds programming and this kind of work sdo it is a little hard for me to follow. If I understand not omly the original post, but the many responses my conclusion is that blocking ports is not any guarantee of stopping this telemetry. I may try it anyway in the abscense of another solution. But. would like to ask is DWS lite any good?
    It claims to block the telemetry. Can you more experienced folks comment on this for me please?
    Thank you all for your comments. I would add that it seems rather odd to me that anyone would suggest let alone adamently state that MS is not spying when they are using a key logger? how can this be n any way justified?

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  35. Gary King

    Great solution, I wish there was a way to test it. I did and image before I applied this just in case. Thanks Sergey

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
  36. Gary King

    I have zero problems with Windows Update, all of you people that are doubting this and/or think a 3rd party app is better then use it, there is no need to post negative BS about this process, use the like or dislike button and grow up.

    Like or Dislike: Thumb up 1 Thumb down 1

    Reply
  37. Fadi R

    If Macroshaft have decided to spy on their users and have made Windows 10 a lean mean spying wouldn’t you think they would have built in loopholes into the native Firewall to prevent exactly what you are proposing? Your best bet is going with a 3rd party Firewall and even then it’s not 100% foolproof. This is not some Russian hacker trying to run a bitcoin client off your PC injected through some shady freeware, these are the guys who wrote the entire operating system the PC is running on. God know how many backdoors they’ve left for themselves.

    You want a real solution? Reverse Engineer Direct X 12 and port an open source variant to Windows 7/8, MacOSX and Linux. Option 2, improve Vulkan to the point that it offers the same features as DX12. Make an open source version of Cortana that runs through some hive mind setup the way torrents do. Run it anonymously through Torr and DuckDuckGo. DX12 and Cortana are the king and queen of the MS chess pieces, you take them out of 10 and 10 will become irrelevant.

    Like or Dislike: Thumb up 3 Thumb down 0

    Reply
  38. nancy

    I’m not real good with computers but I typed in “add rules.cmd ” & a message pooped up stating Can’t find add check your spelling ?( I have a new desk top windows 10 computer.)

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  39. Marc Neudorf

    I found out that the ip address of a-0001.a-msedge.net changes every few minutes from 204.79.197.200 to 13.107.21.200. The latter ip address is not on the list meaning that the server is reachable when it has this ip address exactly then when something shall be transferred to it.
    I found this incidently but this could of course be so with any other server as well.

    Another option:
    I have a router that can act as a DNS-server and there is also an option to set a DNS filter so that any DNS queries to the servers on the filter list won’t be resolved. If I activate this option and set the router as the only DNS server in all client computers (manual or using DHCP), this should solve the problem with changing ip addresses, right?

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  40. anon

    you can use the MS domain names and others and stick them in your custom hosts file and redirect back to yourself, should have same effect and block those domains, for the guy who said the firewall block did not work regardless of the rules then maybe the hosts file edit will work unless they use some service to sneak past somehow. Maybe a router firewall is more secure… i think UNIX is the way forward and just do a dual boot and keep windows only for what you really need it for

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  41. Atoz

    What about the service called “Microsoft (R) Diagnostics Hub Standard Collector Service”?

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  42. Lee James

    Thank you Winaero for this excellent script! :)

    Also, I want people to know I found a similar script which blocks a bigger list of servers:
    httр://sеrvilоn.соm/hоw-tо-disаblе-tеlеmеtry-оn-windоws-10/

    I’ve run both scripts on my machine for maximum protection! :)

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *