Blocking Telemetry in Windows 7 and 8.1

on


Microsoft pushed patches to devices running Windows 7 and 8.1 in recent time that collect information and transfer data to Microsoft regularly.
One of the main issues that Windows users may have with telemetry is that Microsoft does not reveal what it is collecting, and what is included when telemetry data is transferred to the company.
The following tutorial provides suggestions on limiting Windows data collecting and transferring. There is no guarantee that nothing is collected and/or submitted after making privacy related changes to the operating system, but a guarantee that data collecting is severely limited at the very least.
Information taken from various places around the Internet including this Ask Woody comment, this German forum post, and Günter Born's post.
Update: Eric @ Tweakhound created scripts that you can download and run. It is recommended that you go through the scripts first before you execute them.

The following Windows updates are related to telemetry and diagnostic data.
  • KB971033-- Description of the update for Windows Activation Technologies
  • KB2952664 -- Compatibility update for keeping Windows up-to-date in Windows 7
  • KB2976978 -- Compatibility update for keeping Windows up-to-date in Windows 8.1 and Windows 8
  • KB2990214 -- Update that enables you to upgrade from Windows 7 to a later version of Windows
  • KB3021917 -- Update to Windows 7 SP1 for performance improvements
  • KB3022345 -- Update for customer experience and diagnostic telemetry
  • KB3035583 -- Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
  • KB3044374 -- Update that enables you to upgrade from Windows 8.1 to Windows 10
  • KB3068708 --  Update for customer experience and diagnostic telemetry
  • KB3075249 -- Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
  • KB3080149 -- Update for customer experience and diagnostic telemetry
  • KB3123862 -- Updated capabilities to upgrade Windows 8.1 and Windows 7
You can remove any of the patches using two methods:
  1. Tap on the Windows-key, type Windows Update, and hit the Enter-key.
  2. Select Installed Updates on the window that opens.
  3. Right-click on updates and select uninstall to remove them from the system.
Second method uses the command line instead:
  1. Tap on the Windows-key, type cmd.exe, hold down Shift and Ctrl, and hit the Enter-key. This opens an elevated command prompt.
  2. Use the command wusa /uninstall /kb:3080149 /quiet /norestart to remove updates.
  3. Replace the number after kb: with the update that you want to remove.
Make sure you hide any update that you have removed, as it will be picked up by Windows again the next time Windows Update checks for update.

The Windows\System32\CompatTel folder

The CompatTel folder is still there after you remove the telemetry updates on the machine. One change that you may notice is that the older Telemetry client, diagtrackrunner.exe is in that folder, and not the newer compattelrunner.exe.
You cannot remove the folder or files directly, as you need ownership first for that.

Turn off the Customer Experience Improvement Programcustomer experience improvement program

We have posted a tutorial already that explains how to turn off the Customer Experience Improvement Program.
Basically, what you do is click on Start, type customer experience, and select the "change customer experience improvement program settings" result. Select "No, I don't want to participate in the program" when the new settings window opens.

Remove the Telemetry service

Next thing on the list is to remove the Diagnostic Tracking service. It may not exist anymore already, but I suggest you run the commands below just to make sure.
Open an elevated command prompt -- if it is not still open -- and run the following commands:
  1. sc stop Diagtrack
  2. sc delete Diagtrack
The first command stops the Diagtrack service, the second deletes it.

Blocking Microsoft Servers

Caution: Some servers and IP addresses may be used by other Windows services. If you notice that some are not working anymore, disable them one by one until you find the culprit that you need to exclude from the blocking.
Note: the following servers cannot be blocked using the hosts file. You need to block them using another means, e.g. router firewall or installed firewall.
  • onesettings-hk2.metron.live.com.nsatc.net
  • onesettings-bn2.metron.live.com.nsatc.net
  • onesettings-cy2.metron.live.com.nsatc.net
  • vortex-hk2.metron.live.com.nsatc.net
  • vortex-db5.metron.live.com.nsatc.net
Other servers you may want to block:
  • 134.170.30.202
  • 137.116.81.24
  • 204.79.197.200
  • 23.218.212.69
  • 65.39.117.230
  • 65.55.108.23
  • a-0001.a-msedge.net
  • choice.microsoft.com
  • choice.microsoft.com.nsatc.net
  • compatexchange.cloudapp.net
  • corp.sts.microsoft.com
  • corpext.msitadfs.glbdns2.microsoft.com
  • cs1.wpc.v0cdn.net
  • df.telemetry.microsoft.com
  • diagnostics.support.microsoft.com
  • fe2.update.microsoft.com.akadns.net
  • feedback.microsoft-hohm.com
  • feedback.search.microsoft.com
  • feedback.windows.com
  • i1.services.social.microsoft.com
  • i1.services.social.microsoft.com.nsatc.net
  • oca.telemetry.microsoft.com
  • oca.telemetry.microsoft.com.nsatc.net
  • pre.footprintpredict.com
  • redir.metaservices.microsoft.com
  • reports.wes.df.telemetry.microsoft.com
  • services.wes.df.telemetry.microsoft.com
  • settings-sandbox.data.microsoft.com
  • settings-win.data.microsoft.com
  • sls.update.microsoft.com.akadns.net
  • sqm.df.telemetry.microsoft.com
  • sqm.telemetry.microsoft.com
  • sqm.telemetry.microsoft.com.nsatc.net
  • statsfe1.ws.microsoft.com
  • statsfe2.update.microsoft.com.akadns.net
  • statsfe2.ws.microsoft.com
  • survey.watson.microsoft.com
  • telecommand.telemetry.microsoft.com
  • telecommand.telemetry.microsoft.com.nsatc.net
  • telemetry.appex.bing.net
  • telemetry.appex.bing.net:443
  • telemetry.microsoft.com
  • telemetry.urs.microsoft.com
  • vortex.data.microsoft.com
  • vortex-sandbox.data.microsoft.com
  • vortex-win.data.microsoft.com
  • watson.live.com
  • watson.microsoft.com
  • watson.ppe.telemetry.microsoft.com
  • watson.telemetry.microsoft.com
  • watson.telemetry.microsoft.com.nsatc.net
  • wes.df.telemetry.microsoft.com

Deleting Scheduled Tasks

Windows 7 and 8.1 run a lot of tasks that send data to Microsoft.
  1. Tap on the Windows-key, type Task Scheduler, and hit the Enter-key.
  2. Navigate to Microsoft > Windows in the task hierarchy, and delete (or disable) the following tasks:
  3. All tasks with Application Experience.
  4. All tasks with Autochk.
  5. All tasks with Customer Experience Improvement Program.
  6. DiskDiagnosticDataCollector under DiskDiagnostic.
  7. WinSAT under Maintenance.
  8. Deactivate all Media Center tasks.

Closing Words

There is always the chance that new updates will add new services or tasks. This is why it is recommended to set Windows Update to inform but not download and install automatically.
Summary
Article Name
Blocking Telemetry in Windows 7 and 8.1
Description
This guide provides you with detailed instructions on how to disable telemetry and data collecting services on Windows 7 and Windows 8.1 PCs.
Author
Publisher
Ghacks Technology News
Logo

Responses to Blocking Telemetry in Windows 7 and 8.1
Excellent, Martin. Personally I go even further, but the essentials are all in your article.
Telemetry relates to privacy and another Windows (7 Up or did it start with Vista?) is the infamous Webcache folder which collects the user's history and is problematic to clean, another Microsoft fantasy.

If you wish to be able, more than to empty that folder but to stop Windows from filling it up in the first place, then have a look at the article which explains how to proceed. Works for Win10 as well as for Win7. I just cannot stand not being able to empty a cache, especially Windows' ...

Disable WebCache : https://www.tenforums.com/general-support/37841-disable-webcachev01-dat.html#post_538631

Works great here. WebCache folder no longer gets whatever. Empty, zero bytes, the end (yours) my friend (because I remain polite) Microsoft.

Beware, what is mentioned in the article includes editing the Registry and as such requires attention. AVOID if you don't know what you're doing. If you do know then the method is radically efficient.
==========
I tried the disabling WebCache things, and that kills the ability of Microsoft Outlook from displaying any web hosted HTML content. :-( Putting the registry entries back, and restarting the task then allows Outlook to properly display HTML emails.
==========
I followed these steps to disable WebCache... unfortunately, this causes explorer.exe to crash on every startup.

On the events viewer i can see the following error:

Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
...etc

So, i'd advice not to do this. Instead, i did moved/symlinked the WebCache folder to a RAMDisk, so it doesn't mess with my SSD.

(ps: explorer.exe auto resumes itself, so you may don't notice the crash beyond an increased startup delay)
==========
@diegocr, all I can say is that I've experienced no issue myself, here with Win7 64-BIT, that I don't use Outlook as Albert McCann above. Not sure twinui.dll is in whatever way related to this WebCache, Anyway for anyone such as me who avoids built-in Windows applications, no problem, but otherwise, as Albert and maybe as yourself, it may be likely that Windows does call this WebCache for its own applications. It's always the same scenario : if you use Windows and a given (Outlook i.e.)/some/all its components out of the box then think twice before tweaking its spaghetti coding, from the registry to the files.
==========
'MS servers' is a wide denomination.

MS servers dedicated to tracking are mentioned in the article, perhaps a tougher approach even with,
- WindowsSpyBlocker : https://github.com/crazy-max/WindowsSpyBlocker
- Ancille : https://bitbucket.org/matthewlinton/ancile/
- BlackBird : http://www.getblackbird.net/
- Destroy-Windows-10-Spying - https://github.com/Nummer/Destroy-Windows-10-Spying

I'd advise caution, except for WindowsSpyBlocker, because some settings (block/removable) may be arguable, IMO.
Here I don't run the scripts and batch processing provided by the above mentioned sites, but rather extract IP ranges and urls then add the former to a personal filters list I add to the PeerBlock application and the latter to a domain blocking blacklist I use with DNSCrypt-Proxy.

Concerning PeerBlock and your question, wybo, if you,
- install the application (free), available at https://code.google.com/archive/p/peerblock/
- add a dedicates Microsoft blocking list available at https://www.iblocklist.com/lists (see 'Microsoft' in the list on that page),
then you should have most of Microsoft's servers blocked, but that means harmless servers as well : only if you've decided to ban Microsoft, totally, which is a very personal choice, mine as well need to say. I wouldn't advise to ban whatever company except dedicated ad/tracking servers. My choice is a blend of efficiency and deep irritation, not at all a calm way of proceeding. But I've had it with Microsoft.
==========
There is updated Peerblock Microsoft IP Blocklist list here: https://encrypt-the-planet.com/windows-10-anti-spy-host-file/
==========
You might want to check C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl

If the ADL is present you can disable it via these registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener\{DD17FA14-CDA6-7191-9B61-37A28F7A10DA}

'Modify the Enabled key to 0 (zero) to disable it for both.

Once you've done that, you can delete the AutoLogger-Diagtrack-Listener.etl
==========
I use Ancile. It's updated regularly. Read the ghacks article here:
http://www.ghacks.net/2016/09/12/ancile-block-spying-on-windows-7-and-8/
==========

Comments

Post a Comment