Disable win10 update service. (Pro / Enterprise Edition required)
#Step 2:
Download & open Firewall App Blocker (Fab) v1.6 .
Switch to the Whitelist Mode, add the applications you want to use to the whitelist.
#Step3:
Open windows firewall settings, add custom rules (e.g. add dns server, proxy server, gate to the allowlist/whitelist, block some LAN ip etc.), disable some default rules.#Step4:
Open the Wireshark, observe & record the DNS query traffics , then block those domain names queried by win10 or other apps in the ‘C:\WINDOWS\system32\drivers\etc\hosts’ file as follows:
# [start - Block m$]
127.0.0.1 win10.ipv6.microsoft.com
127.0.0.1 dns.msftncsi.com
127.0.0.1 client.wns.windows.com
127.0.0.1 c.urs.microsoft.com
127.0.0.1 v10.vortex-win.data.microsoft.com
127.0.0.1 www.msftconnecttest.com
127.0.0.1 v4ncsi.msedge.net
127.0.0.1 ncsi.4-c-0003.c-msedge.net
127.0.0.1 4-c-0003.c-msedge.net
127.0.0.1 travel.tile.appex.bing.com
127.0.0.1 cdn.content.prod.cms.msn.com
127.0.0.1 cdn.content.prod.cms.msn.com.edgekey.net
127.0.0.1 e10663.g.akamaiedge.net
127.0.0.1 iecvlist.microsoft.com
127.0.0.1 ie9comview.vo.msecnd.net
127.0.0.1 cs9.wpc.v0cdn.net
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 asimov-win.settings.data.microsoft.com.akadns.net
127.0.0.1 geo.settings.data.microsoft.com.akadns.net
127.0.0.1 hk2.settings.data.microsoft.com.akadns.net
127.0.0.1 go.microsoft.com
127.0.0.1 go.microsoft.com.edgekey.net
127.0.0.1 e11290.dspg.akamaiedge.net
127.0.0.1 displaycatalog.mp.microsoft.com
127.0.0.1 displaycatalog.md.mp.microsoft.com.akadns.net
127.0.0.1 displaycatalog-asia.md.mp.microsoft.com.akadns.net
127.0.0.1 hk2.displaycatalog.md.mp.microsoft.com.akadns.net
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 modern.watson.data.microsoft.com.akadns.net
127.0.0.1 sway-cdn.com
127.0.0.1 cdn.onenote.net
127.0.0.1 weather.services.appex.bing.com
127.0.0.1 candycrushsoda.king.com
127.0.0.1 go.microsoft.com
127.0.0.1 www.bing.com ####
# [end - Block m$]
No comments:
Post a Comment