• 8.1 and telemetry…

    Home » Forums » AskWoody support » Windows » Windows 8.1 » Questions: Win 8.1 (and Win 8) » 8.1 and telemetry…

    Tags:

    Author
    Topic
    a
    AskWoody Plus
    September 14, 2019 at 2:13 pm #1951345

    So you have my attention. A couple days ago woody said that the 09 patches were going to actually add telemetry.

    So I grabbed the first 5 pages of https://gist.github.com/xvitaly/eafa75ed2cb79b3bd4e9 and checked my new system. removed and hid kb3044374 and kb2976978. Left kb3138615. Then I did control panel
    administrative tools
    task scheduler
    disable these:
    \Microsoft\Windows\Application Experience\ProgramDataUpdater
    \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
    \Microsoft\Windows\Application Experience\AitAgent

    But the more I read, the more I am told that there is no way to stop telemetry and still get updates. And this seems to change moment to moment, and opinion to opinion.

    What to do?  Thanks!

    Reply | Quote
    Viewing 11 reply threads
    Author
    Replies
    • Microfix
      AskWoody MVP
      September 15, 2019 at 2:50 am #1951815

      Unfortunately we can’t stop all the telemetry although we can prevent it from reaching it’s destination 😉

      Blocking certain IP’s via any firewall has benefits!
      Tip: Backup your existing firewall settings prior to making any changes.

      There are 3rd party programs out there that can assist in this area such as WPD
      I’ve used this in the past to good effect in windows 7/8.1 and 10, however, I did encounter a site that I use which was blocked by default and freed myself such as outlook 13.107.42.11

      Once I was happy with the firewall ruleset, I exported it for safe keeping as a backup for each OS.

      There are other settings within WPD that will require investigation on your part that also help neutralize unsavoury issues. But for now, look at your firewall rules is my advice.

      (Disclaimer: I have no affiliation with WPD etc..)

      Windows - commercial by definition and now function...
      1 user thanked author for this post.
      a
      Reply | Quote
      • a
        AskWoody Plus
        September 15, 2019 at 11:56 am #1952114

        Many thanks!!  Running 8.1 Pro with windows firewall and BitDefender – ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, Win8.1 Pro x64, 8GB(15GB/s), Sammy 250GB SSD. I downloaded and ran WPD but it doesn’t seem to do anything. I do not have windows defender probably because I am using bitdefender. I tried switching on in WPD windows filtering platform, but neither seems to block the first one in the list 134.170.58.0 – it just times out. Or do I need to turn windows firewall off and turn bitdefender off and turn windows defender on and hope that WPD will function as a firewall (which someone somewhere seemed to indicate it would). Many thanks!!!  Or I suppose I could put the list in hosts but that apparently is easily gotten around by MS.

        • This reply was modified 5 years, 7 months ago by a.
        Reply | Quote
    • a
      AskWoody Plus
      September 15, 2019 at 2:10 pm #1952160

      reply to myself (I talk to myself a lot) I looked in windows firewall/oubound rules and at the top is “WPD MS Telemetry IP Block V35” with all the definitions therin. I do not know if I had to click “copy rules” in WPD but I did so a bunch of times(also to paste into notepad so I have a copy). I note that WPD says spy(checked) ON Windows defender firewall – even though I do not have windows defender running (probably since bitdefender is running?)
      I am only using Blocker/spy.
      When I test the addys in FF it immediately returns with “unable to connect”.
      So I believe I am set. Just run it occasionally to get an update.
      Correct me if I am wrong, please! Thanks!!!

      • This reply was modified 5 years, 7 months ago by a.
      Reply | Quote
    • Microfix
      AskWoody MVP
      September 15, 2019 at 2:36 pm #1952171

      Ok I see you have achieved the ruleset import cool! 🙂
      For the benefit of others and yourself in future:
      Once you have downloaded WPD,
      run it (whilst online) and click the following selections with the red arrow:

      1

      2

      This will download the firewall ruleset for windows firewall.
      Once done, check the windows firewall to see if the following ruleset has been applied by going to:
      Control Panel/ Windows Firewall/ Advanced Settings/ Outbound rules

      3WF

      My screenshot shows WPD MS Telemetry IP Block V31, yours shows V35 as I have edited mine and not updated for a while.
      I had been following crazymax for a while on github who has his own equivalent IP SpyBlocker but preferred WPD for it’s simplicity and crazymax IP block findings. Best of both IMO

      Windows - commercial by definition and now function...
      1 user thanked author for this post.
      a
      Reply | Quote
    • Microfix
      AskWoody MVP
      September 15, 2019 at 2:54 pm #1952179

      Double clicking on the Firewall Ruleset for WPD MS Telemetry IP Block V35 and going to scope tab (as shown)

      FWscope

      By clicking on ‘these IP addresses’ one can edit/add or remove IP’s you need to access. When you need to access a site that won’t load, this is where to come to search for the corresponding IP to delete it. This doesn’t take that long comparing to your bookmarks/ favorites IP addresses.

      Once this is all done and your happy, export the firewall settings somewhere safe.

      Note: Not only does this work for Win 8.1 but also for Win7 and 10

      Windows - commercial by definition and now function...
      1 user thanked author for this post.
      a
      Reply | Quote
    • anonymous
      Guest
      September 15, 2019 at 4:19 pm #1952191

      I went a different route (prefer doing as much as possible manually or without additional software), so used abbodi86’s guide (here) to disable telemetry tasks and services for my Windows 7 and 8.1 systems. It has worked well so far as all tasks and services stay disabled even after installing monthly rollups.

      For the Windows firewall, I went a little further and set it to block ALL outbound traffic then added a few outbound rules for only items that need it (ex. Firefox, Outlook, Windows Update, TCP port 445 to map a network drive on a local NAS, etc.).

      Reply | Quote
      • KP
        AskWoody Plus
        September 23, 2019 at 2:18 pm #1962605

        I also use abbodi86’s Guide – Manual Method; I think there are no ill-effects.

        What sounded interesting is the WPD software.

        Reply | Quote
        • a
          AskWoody Plus
          September 23, 2019 at 4:10 pm #1962667

          There are lots of manual approaches out there, each of which speak to different areas – KBs, telemetry, etc etc etc. They all require I know something – know a lot, actually. The nice thing about WPD is that I don’t have to know anything , particularly about telemetry, as i have no idea which ip to block. I installed WPD and let the first section be as it defaults. For the 3rd section, I deleted all of the apps since I need none of them. For the 2nd, telemetry blocker, section, I use only the “spy” section. That puts about 170 into the windows firewall and I don’t have to do any thinking at all unless something is blocked that I need.  I did separately disable 3 things in task scheduler and uninstall 2 KBs. Easy, and I AM into lazy!!!  I have had nothing be blocked that I needed. easy. Not that it matters but I don’t answer any GRC pings.

          • This reply was modified 5 years, 7 months ago by a.
          1 user thanked author for this post.
          Microfix
          Reply | Quote
          • Microfix
            AskWoody MVP
            September 23, 2019 at 4:30 pm #1962676

            The ‘Privacy’ section also works well without looking for GPedit/ Registry/ Task Scheduler settings 😉
            I’ve also done abbodi86’s guide and completely removed the Diagtrack service to no ill effects on our 3 Win7/8.1 Pro systems.

            Windows - commercial by definition and now function...
            Reply | Quote
            • a
              AskWoody Plus
              September 23, 2019 at 6:40 pm #1962726

              edit: bad initial answer. changed: Thanks. Yeah, I allowed it (the first section of WPD) to default. Should I be changing things in there? Thanks @Microfix !!!

              EDIT: okay, I stopped and disabled the Diagnostics Tracking service and rebooted. we’ll see if it causes me any probs. Thanks! I’ll add that to my little list!

              • This reply was modified 5 years, 7 months ago by a.
              • This reply was modified 5 years, 7 months ago by a.
              • This reply was modified 5 years, 7 months ago by a.
              Reply | Quote
            • a
              AskWoody Plus
              September 23, 2019 at 7:18 pm #1962744

              continuation of above post: much of the stuff recommended by abbodi86 scares me – like the registry stuff, particularly because I feel that at some point in time this may be/have been correct, but since MS is continually trying to outsmart us, it will continually need to be changed. The makers of WPD seem to be involved in keeping it current – I assume that means a lot of continual packet sniffing. I do not see that this command stack is being kept up to date.

              Reply | Quote
    • a
      AskWoody Plus
      September 15, 2019 at 4:38 pm #1952198

      @Microfix! Many many thanks for that very clear guide! WPD should have that in their FAQ! I wish woodys could pin that somewhere! I printed it and also saved the pertinent part to a PDF so I will always have easy access to that in future years. Q: how do you keep it from updating? It seems as though just starting it causes/allows it to update?


      @anon       would that really do it ? or might some stuff sneak by 445 etc? I truly don’t know – just wondering.

      Reply | Quote
    • anonymous
      Guest
      September 15, 2019 at 7:01 pm #1952226

      “@anon would that really do it ? or might some stuff sneak by 445 etc? I truly don’t know – just wondering.”

      No, TCP port 445 doesn’t have anything to do with telemetry. It’s part of the Server Message Block (SMB) protocol used to access network file shares (ex. on a local network server).

      Reply | Quote
    • Gordski
      AskWoody Plus
      September 25, 2019 at 5:27 am #1964307
      Microfix wrote:

      Unfortunately we can’t stop all the telemetry although we can prevent it from reaching it’s destination 😉

      Blocking certain IP’s via any firewall has benefits!
      Tip: Backup your existing firewall settings prior to making any changes.

      There are 3rd party programs out there that can assist in this area such as WPD
      I’ve used this in the past to good effect in windows 7/8.1 and 10, however, I did encounter a site that I use which was blocked by default and freed myself such as outlook 13.107.42.11

      Once I was happy with the firewall ruleset, I exported it for safe keeping as a backup for each OS.

      There are other settings within WPD that will require investigation on your part that also help neutralize unsavoury issues. But for now, look at your firewall rules is my advice.

      (Disclaimer: I have no affiliation with WPD etc..)

      Hi,

      You might want to take a look at the freebie app from SpyBot, ‘Spybot Anti-Beacon’.
      This lists out all Microsoft telemetry gubbins secreted on your PC and enables you to select them all individually and disable them. In the event of updates / patches adding back the telemetry features on restart SpyBot AntiBeacon pushes them off. If need be you can switch individual telemetry enties back on.

      SpyBot Anti-Beacon found 143 entries on my laptop all of which are now ‘immunised’.

      Comment from SPYBOT …….

      Why do you need anti-telemetry?
      We at Safer-Networking Ltd (SpyBot) respect Microsoft’s wish to get feedback from users to improve their operating system, but we firmly believe it is the user’s right to choose how much of their data they wish to share.
      While Microsoft have included the ability to disable certain telemetry options in Windows 10, it can be quite difficult to disable all of these manually. For this reason, we have created a tool that will do this with the click of a button, and can be updated to include telemetry additions added by Microsoft in the future.
      Why should I choose Spybot Anti-Beacon?
      It’s sincere – Spybot Anti-Beacon is transparent and open in what is does, listing details of the changes it makes to your system for those interested.
      It’s affordable – Actually, it’s free! And it’s created by a passionate, privacy-concerned team. There are a lot of anti-telemetry instructions, scripts and tools on the Internet, but we’re careful to include only the real things.
      We are comprehensive – Spybot Anti-Beacon lists optional features to block on a separate page. Our team uses cutting-edge technology and have extensive experience working with malware and spyware.
      It’s flexible – if you’re the family tech guy, you can simply pick up the Portable Edition and carry it on your thumb drive.
      It’s user friendly – press one button and you’re done!
      A simple but clever solution.

      1 user thanked author for this post.
      GoneToPlaid
      Reply | Quote
      • GoneToPlaid
        AskWoody Lounger
        September 25, 2019 at 5:43 am #1964389

        Interesting. I will have to check out their other utilities as well. Their Spybot Identity Monitor utility has caught my interest. Spybot’s web site states that they are located in Ireland. The actual company name is Safer-Networking Ltd. Note that I have not yet tried any of their utilities.

        Reply | Quote
    • anonymous
      Guest
      September 25, 2019 at 8:01 am #1964544

      ? says:

      does “spybot.” still modify the Hosts file?

      https://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/

      1 user thanked author for this post.
      Microfix
      Reply | Quote
      • Microfix
        AskWoody MVP
        September 25, 2019 at 8:02 am #1964548

        One of the main reasons I dropped spybot anti-beacon a good while back in favor of WPD.

        Windows - commercial by definition and now function...
        1 user thanked author for this post.
        a
        Reply | Quote
        • EP
          AskWoody_MVP
          September 25, 2019 at 11:03 am #1964716

          I still use spybot anti-beacon portable edition (not the normal or installable one) to turn off some of the telemetry (not all of it) on my dad’s Toshiba based Win8.1 laptop

          Reply | Quote
    • anonymous
      Guest
      September 25, 2019 at 8:15 am #1964565

      ? says:

      thank you, Microfix! i do my best to keep the base os stock and when i installed Spybot on XP last decade was supprised to see what was in the Hosts file as i used to visit it occasionally to check for outside modification(s). good to know WPD leaves the Hosts file as is…

      Reply | Quote
    • a
      AskWoody Plus
      September 25, 2019 at 10:34 am #1964681

      Glad this thread is getting some mileage!

      Spybot was actually the first thing I tried and they wanted money but when I tried to paypal them they (spybot) required my address etc, so I emailed spybot and uninstalled spybot. Then i got @Microfix ‘s info about WPD and the rest is history.


      @Microfix       : I just let the first WPD section default – it says it’s doing 14 basic and 2 additional – do I need to ad anything there? ; in the Blocker section I just use “spy” because I do use Skype occasionally. so that’s about 170 IPs. WPD must be doing an awful lot of packet sniffing to keep up with MS!!! – and that is precisely what I wanted to avoid and why I like WPD: no endless packet sniffing on my end. I deleted all of the MS apps in the 3rd section so no problem there.

      But repeating a concern I mentioned earlier about all the registry mods in abbodi86 ‘s script would often/occasionally need to be changed to keep up with MS I would think, but then I don’t know!

      Reply | Quote
    • Microfix
      AskWoody MVP
      September 25, 2019 at 10:49 am #1964684

      You can activate the ‘spy section’ and it will add more firewall rulesets, if however, you run into problems accessing some sites, you need to get the IP of that site and remove it from the WPD Spy IP Block V35 ruleset added to your firewall. This is done within the Scope section.

      It takes time and effort to do so but, IMO it’s worth it on an individual end-user basis.

      Windows - commercial by definition and now function...
      1 user thanked author for this post.
      a
      Reply | Quote
    Viewing 11 reply threads
    Reply To: 8.1 and telemetry…

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.