windows 10 logo

HOW TO DISABLE TELEMETRY ON WINDOWS 10

With Solitaire, Microsoft taught users how to use the mouse. Now with Windows 10 they are teaching us to read the license agreement.

After the launch of Windows 10 the internet was flooded with messages about the collection of users’ personal data followed by multiple discussions about how to tackle the issue. The user community instantly came up with a list of major servers that collect data and tried to block them via the HOSTS file. However, the OS ignores all those lines and it was revealed the list of servers was hardcoded into system files. To further complicate matters, Microsoft can always update its IP addresses through Windows Update making the whole procedure useless.

In this post, we would like to share our experience in disabling telemetry through built-in Windows Firewall. This is an alternative approach that has been proven to be effective.

The Test

To perform the procedure, we assembled a simple test:

Two laptops. One with Windows 10 connected to the internet through another laptop using internet sharing. The second laptop was acting as a NAT router with Wireshark installed allowing us to track outgoing traffic from the first machine.

The Outcome:

Yes. Windows 10 DOES collect and send your data.

The list of telemetry IP addresses almost coincides with the ones mentioned here: https://forum.unsystem.net/t/microsoft-windows-10-spy-infraestructure/561 and here forums.untangle.com/web-filter/35894-blocking-windows-10-spying-telemetry.html;

Built-in Windows Firewall allows for the blocking of data transmission to these servers.

Firewall Rules

  • After the acquisition of IP addresses and checking the effectiveness of blocking them, you can include them into the settings using Powershell script. To add a rule into Firewall, it is necessary to run the following command (let’s take watson.telemetry.microsoft.com server as an example):
netsh advfirewall firewall add rule name="telemetry_watson.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.43 enable=yes
  • Where:
    name – the name of the rule and concurrently the name of Microsoft server.
    dir = out – parameter indicating that the rule only applies to the outgoing traffic.
    action=block – network packets indicated in this rule will be blocked by Firewall.
    remoteip – IP address of the receiver of the outgoing network packets.
    enable=yes – indicates that the rule is being enabled at the moment.

Eventually the script will look like this:


Set-NetFirewallProfile -all
netsh advfirewall firewall add rule name="telemetry_vortex.data.microsoft.com" dir=out action=block remoteip=191.232.139.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_telecommand.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.92 enable=yes
netsh advfirewall firewall add rule name="telemetry_oca.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.63 enable=yes
netsh advfirewall firewall add rule name="telemetry_sqm.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.93 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.43 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson2.telemetry.microsoft.com" dir=out action=block remoteip=65.52.108.29 enable=yes
netsh advfirewall firewall add rule name="telemetry_redir.metaservices.microsoft.com" dir=out action=block remoteip=194.44.4.200 enable=yes
netsh advfirewall firewall add rule name="telemetry_redir2.metaservices.microsoft.com" dir=out action=block remoteip=194.44.4.208 enable=yes
netsh advfirewall firewall add rule name="telemetry_choice.microsoft.com" dir=out action=block remoteip=157.56.91.77 enable=yes
netsh advfirewall firewall add rule name="telemetry_df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.7 enable=yes
netsh advfirewall firewall add rule name="telemetry_reports.wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.91 enable=yes
netsh advfirewall firewall add rule name="telemetry_wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.93 enable=yes
netsh advfirewall firewall add rule name="telemetry_services.wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.92 enable=yes
netsh advfirewall firewall add rule name="telemetry_sqm.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.94 enable=yes
netsh advfirewall firewall add rule name="telemetry_telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.9 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson.ppe.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.11 enable=yes
netsh advfirewall firewall add rule name="telemetry_telemetry.appex.bing.net" dir=out action=block remoteip=168.63.108.233 enable=yes
netsh advfirewall firewall add rule name="telemetry_telemetry.urs.microsoft.com" dir=out action=block remoteip=157.56.74.250 enable=yes
netsh advfirewall firewall add rule name="telemetry_settings-sandbox.data.microsoft.com" dir=out action=block remoteip=111.221.29.177 enable=yes
netsh advfirewall firewall add rule name="telemetry_vortex-sandbox.data.microsoft.com" dir=out action=block remoteip=64.4.54.32 enable=yes
netsh advfirewall firewall add rule name="telemetry_survey.watson.microsoft.com" dir=out action=block remoteip=207.68.166.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson.live.com" dir=out action=block remoteip=207.46.223.94 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson.microsoft.com" dir=out action=block remoteip=65.55.252.71 enable=yes
netsh advfirewall firewall add rule name="telemetry_statsfe2.ws.microsoft.com" dir=out action=block remoteip=64.4.54.22 enable=yes
netsh advfirewall firewall add rule name="telemetry_corpext.msitadfs.glbdns2.microsoft.com" dir=out action=block remoteip=131.107.113.238 enable=yes
netsh advfirewall firewall add rule name="telemetry_compatexchange.cloudapp.net" dir=out action=block remoteip=23.99.10.11 enable=yes
netsh advfirewall firewall add rule name="telemetry_sls.update.microsoft.com.akadns.net" dir=out action=block remoteip=157.56.77.139 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe2.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.58.121 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe23.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.58.123 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe24.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.53.29 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe25.update.microsoft.com.akadns.net" dir=out action=block remoteip=66.119.144.190 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe26.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.58.189 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe27.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.58.118 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe28.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.53.30 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe29.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.51.190 enable=yes
netsh advfirewall firewall add rule name="telemetry_diagnostics.support.microsoft.com" dir=out action=block remoteip=157.56.121.89 enable=yes
netsh advfirewall firewall add rule name="telemetry_statsfe1.ws.microsoft.com" dir=out action=block remoteip=134.170.115.60 enable=yes
netsh advfirewall firewall add rule name="telemetry_i1.services.social.microsoft.com" dir=out action=block remoteip=104.82.22.249 enable=yes
netsh advfirewall firewall add rule name="telemetry_feedback.windows.com" dir=out action=block remoteip=134.170.185.70 enable=yes
netsh advfirewall firewall add rule name="telemetry_feedback.microsoft-hohm.com" dir=out action=block remoteip=64.4.6.100 enable=yes
netsh advfirewall firewall add rule name="telemetry_feedback2.microsoft-hohm.com" dir=out action=block remoteip=65.55.39.10 enable=yes
netsh advfirewall firewall add rule name="telemetry_feedback.search.microsoft.com" dir=out action=block remoteip=157.55.129.21 enable=yes
netsh advfirewall firewall add rule name="telemetry_rad.msn.com" dir=out action=block remoteip=207.46.194.25 enable=yes
netsh advfirewall firewall add rule name="telemetry_preview.msn.com" dir=out action=block remoteip=23.102.21.4 enable=yes
netsh advfirewall firewall add rule name="telemetry_dart.l.doubleclick.net" dir=out action=block remoteip=173.194.113.220 enable=yes
netsh advfirewall firewall add rule name="telemetry_dart2.l.doubleclick.net" dir=out action=block remoteip=173.194.113.219 enable=yes
netsh advfirewall firewall add rule name="telemetry_dart3.l.doubleclick.net" dir=out action=block remoteip=216.58.209.166 enable=yes
netsh advfirewall firewall add rule name="telemetry_ads.msn.com" dir=out action=block remoteip=157.56.91.82 enable=yes
netsh advfirewall firewall add rule name="telemetry_ads2.msn.com" dir=out action=block remoteip=157.56.23.91 enable=yes
netsh advfirewall firewall add rule name="telemetry_ads3.msn.com" dir=out action=block remoteip=104.82.14.146 enable=yes
netsh advfirewall firewall add rule name="telemetry_ads6.msn.com" dir=out action=block remoteip=8.254.209.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_a.ads1.msn.com" dir=out action=block remoteip=198.78.208.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_a.ads1.msn.com" dir=out action=block remoteip=185.13.160.61 enable=yes
netsh advfirewall firewall add rule name="telemetry_global.msads.net.c.footprint.net" dir=out action=block remoteip=207.123.56.252 enable=yes
netsh advfirewall firewall add rule name="telemetry_ssw.live.com" dir=out action=block remoteip=207.46.101.29 enable=yes
netsh advfirewall firewall add rule name="telemetry_msnbot-65-55-108-23.search.msn.com" dir=out action=block remoteip=65.55.108.23 enable=yes
netsh advfirewall firewall add rule name="telemetry_a23-218-212-69.deploy.static.akamaitechnologies.com" dir=out action=block remoteip=23.218.212.69 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft.com" dir=out action=block remoteip=104.96.147.3 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft01.com" dir=out action=block remoteip=11.221.29.253 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft02.com" dir=out action=block remoteip=111.221.64.0-111.221.127.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft03.com" dir=out action=block remoteip=131.253.40.37 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft04.com" dir=out action=block remoteip=134.170.165.248 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft05.com" dir=out action=block remoteip=134.170.165.253 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft06.com" dir=out action=block remoteip=134.170.30.202 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft07.com" dir=out action=block remoteip=137.116.81.24 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft08.com" dir=out action=block remoteip=137.117.235.16 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft09.com" dir=out action=block remoteip=157.55.130.0-157.55.130.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft10.com" dir=out action=block remoteip=157.55.133.204 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft11.com" dir=out action=block remoteip=157.55.235.0-157.55.235.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft12.com" dir=out action=block remoteip=157.55.236.0-157.55.236.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft13.com" dir=out action=block remoteip=157.55.52.0-157.55.52.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft14.com" dir=out action=block remoteip=157.55.56.0-157.55.56.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft15.com" dir=out action=block remoteip=157.56.106.189 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft16.com" dir=out action=block remoteip=157.56.124.87 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft17.com" dir=out action=block remoteip=191.232.139.2 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft18.com" dir=out action=block remoteip=191.232.80.58 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft19.com" dir=out action=block remoteip=191.232.80.62 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft20.com" dir=out action=block remoteip=191.237.208.126 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft21.com" dir=out action=block remoteip=195.138.255.0-195.138.255.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft22.com" dir=out action=block remoteip=2.22.61.43 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft23.com" dir=out action=block remoteip=2.22.61.66 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft24.com" dir=out action=block remoteip=207.46.114.58 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft25.com" dir=out action=block remoteip=212.30.134.204 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft26.com" dir=out action=block remoteip=212.30.134.205 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft27.com" dir=out action=block remoteip=213.199.179.0-213.199.179.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft28.com" dir=out action=block remoteip=23.223.20.82 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft29.com" dir=out action=block remoteip=23.57.101.163 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft30.com" dir=out action=block remoteip=23.57.107.163 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft31.com" dir=out action=block remoteip=23.57.107.27 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft32.com" dir=out action=block remoteip=64.4.23.0-64.4.23.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft33.com" dir=out action=block remoteip=65.39.117.230 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft34.com" dir=out action=block remoteip=65.52.108.33 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft35.com" dir=out action=block remoteip=65.55.138.114 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft36.com" dir=out action=block remoteip=65.55.138.126 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft37.com" dir=out action=block remoteip=65.55.223.0-65.55.223.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft38.com" dir=out action=block remoteip=65.55.138.186 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft39.com" dir=out action=block remoteip=65.55.29.238 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft40.com" dir=out action=block remoteip=77.67.29.176 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_1-a.ads1.msn.com" dir=out action=block remoteip=206.33.58.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_2-a.ads1.msn.com" dir=out action=block remoteip=8.12.207.125 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_3-a.ads1.msn.com" dir=out action=block remoteip=8.253.37.126 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0002.a-msedge.net" dir=out action=block remoteip=204.79.197.201 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0004.a-msedge.net" dir=out action=block remoteip=204.79.197.206 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0005.a-msedge.net" dir=out action=block remoteip=204.79.197.204 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0006.a-msedge.net" dir=out action=block remoteip=204.79.197.208 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0007.a-msedge.net" dir=out action=block remoteip=204.79.197.209 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0008.a-msedge.net" dir=out action=block remoteip=204.79.197.210 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0009.a-msedge.net" dir=out action=block remoteip=204.79.197.211 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ac3.msn.com" dir=out action=block remoteip=131.253.14.76 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ad.doubleclick.net" dir=out action=block remoteip=172.217.20.230 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_adnexus.net" dir=out action=block remoteip=37.252.169.43 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_01.auth.nym2.appnexus.net" dir=out action=block remoteip=68.67.155.138 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_01.auth.lax1.appnexus.net" dir=out action=block remoteip=68.67.133.169 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_01.auth.ams1.appnexus.net" dir=out action=block remoteip=37.252.164.5 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns1.gslb.com" dir=out action=block remoteip=8.19.31.10 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns2.gslb.com" dir=out action=block remoteip=8.19.31.11 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ads.msn.com" dir=out action=block remoteip=65.55.128.80 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ads1.msn.com" dir=out action=block remoteip=192.221.106.126 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_de-1.ns.nsatc.net" dir=out action=block remoteip=198.78.208.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_es-1.ns.nsatc.net" dir=out action=block remoteip=8.254.34.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_b.ns.nsatc.net" dir=out action=block remoteip=8.254.92.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_nl-1.ns.nsatc.net" dir=out action=block remoteip=4.23.39.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_uk-1.ns.nsatc.net" dir=out action=block remoteip=8.254.119.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_aidps.msn.com.nsatc.net" dir=out action=block remoteip=131.253.14.121 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns1.a-msedge.net" dir=out action=block remoteip=204.79.197.1 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns2.a-msedge.net" dir=out action=block remoteip=204.79.197.2 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns3.a-msedge.net" dir=out action=block remoteip=131.253.21.1 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_apps.skype.com" dir=out action=block remoteip=95.100.177.217 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_az512334.vo.msecnd.net" dir=out action=block remoteip=50.63.202.65 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_bs.serving-sys.com" dir=out action=block remoteip=82.199.80.141 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_65choice.microsoft.com" dir=out action=block remoteip=65.55.128.81 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_db3aqu.atdmt.com" dir=out action=block remoteip=94.245.121.176 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_choice.microsoft.com.nsatc.net" dir=out action=block remoteip=94.245.121.177 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_c.msn.com" dir=out action=block remoteip=94.245.121.178 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_c2.msn.com" dir=out action=block remoteip=94.245.121.179 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_diagnostics.support.microsoft.com" dir=out action=block remoteip=134.170.52.151 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_fe2.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.10.58.118 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns1.msft.net" dir=out action=block remoteip=208.84.0.53 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns3.msft.net" dir=out action=block remoteip=192.221.113.53 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns4.msft.net" dir=out action=block remoteip=208.76.45.53 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_flex.msn.com" dir=out action=block remoteip=207.46.194.8 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_g.msn.com" dir=out action=block remoteip=207.46.194.14 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_i1.services.social.microsoft.com" dir=out action=block remoteip=23.74.190.252 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_lb1.www.ms.akadns.net" dir=out action=block remoteip=65.55.57.27 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_live.rads.msn.com" dir=out action=block remoteip=40.127.139.224 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m.adnxs.com" dir=out action=block remoteip=37.252.170.82 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m1.adnxs.com" dir=out action=block remoteip=37.252.170.81 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m2.adnxs.com" dir=out action=block remoteip=37.252.170.141 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m3.adnxs.com" dir=out action=block remoteip=37.252.170.142 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m4.adnxs.com" dir=out action=block remoteip=37.252.170.80 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m5.adnxs.com" dir=out action=block remoteip=37.252.170.140 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m6.adnxs.com" dir=out action=block remoteip=37.252.170.1 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m.hotmail.com" dir=out action=block remoteip=134.170.3.199 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_msedge.net" dir=out action=block remoteip=204.79.19.197 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_msntest.serving-sys.com" dir=out action=block remoteip=2.21.246.8 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_msnbot-65-55-108-23.search.msn.com" dir=out action=block remoteip=2.21.246.10 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_redir.metaservices.microsoft.com" dir=out action=block remoteip=2.21.246.42 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_redir2.metaservices.microsoft.com" dir=out action=block remoteip=2.21.246.58 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_s0.2mdn.net" dir=out action=block remoteip=172.217.21.166 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_db5.skype.msnmessenger.msn.com.akadns.net" dir=out action=block remoteip=191.232.139.13 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_schemas.microsoft.akadns.net" dir=out action=block remoteip=65.54.226.187 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure.adnxs.com" dir=out action=block remoteip=37.252.163.207 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure1.adnxs.com" dir=out action=block remoteip=37.252.163.3 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure2.adnxs.com" dir=out action=block remoteip=37.252.163.244 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure3.adnxs.com" dir=out action=block remoteip=37.252.162.216 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure4.adnxs.com" dir=out action=block remoteip=37.252.163.215 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure5.adnxs.com" dir=out action=block remoteip=37.252.162.228 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure6.adnxs.com" dir=out action=block remoteip=37.252.163.106 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure7.adnxs.com" dir=out action=block remoteip=37.252.163.88 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure.flashtalking.com" dir=out action=block remoteip=95.101.244.134 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_settings-sandbox.data.microsoft.com" dir=out action=block remoteip=191.232.140.76 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_sls.update.microsoft.com.akadns.net" dir=out action=block remoteip=157.56.96.58 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_statsfe1.ws.microsoft.com" dir=out action=block remoteip=207.46.114.61 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_statsfe2.ws.microsoft.com" dir=out action=block remoteip=65.52.108.153 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_telemetry.appex.bing.net" dir=out action=block remoteip=168.61.24.141 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_telemetry.urs.microsoft.com" dir=out action=block remoteip=65.55.44.85 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_view.atdmt.com" dir=out action=block remoteip=179.60.192.10 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_www.msftncsi.com" dir=out action=block remoteip=2.21.246.26 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_www.msftncsi2.com" dir=out action=block remoteip=2.21.246.24 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0003.a-msedge.net" dir=out action=block remoteip=204.79.197.203 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_cs697.wac.thetacdn.net" dir=out action=block remoteip=192.229.233.249 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_db5.settings.data.microsoft.com.akadns.net" dir=out action=block remoteip=191.232.139.253 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_co4.telecommand.telemetry.microsoft.com.akadns.net" dir=out action=block remoteip=65.55.252.190 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_oca.telemetry.microsoft.com.nsatc.net" dir=out action=block remoteip=64.4.54.153 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_telemetry.appex.search.prod.ms.akadns.net" dir=out action=block remoteip=65.52.161.64 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_t.urs.microsoft.com.nsatc.net" dir=out action=block remoteip=64.4.54.167 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_watson.microsoft.com.nsatc.net" dir=out action=block remoteip=65.52.108.154 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_statsfe2.ws.microsoft.com.nsatc.net" dir=out action=block remoteip=131.253.14.153 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_sls.update.microsoft.com.akadns.net" dir=out action=block remoteip=157.56.77.138 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_dart.l.doubleclick.net" dir=out action=block remoteip=172.217.20.134 enable=yes
netsh advfirewall firewall add rule name="telemetry_ssw.live.com.nsatc.net" dir=out action=block remoteip=207.46.7.252 enable=yes
netsh advfirewall firewall add rule name="telemetry_urs.microsoft.com.nsatc.net" dir=out action=block remoteip=192.232.139.180 enable=yes
netsh advfirewall firewall add rule name="telemetry_urs.microsoft.com.nsatc.net" dir=out action=block remoteip=157.55.233.125 enable=yes
netsh advfirewall firewall add rule name="telemetry_geo-prod.dodsp.mp.microsoft.com.nsatc.net" dir=out action=block remoteip=191.232.139.212 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_c.microsoft.akadns.net" dir=out action=block remoteip=134.170.188.139 enable=yes

Running the Created Script

To avoid this long path of running the power shell script with admin rights, it is easier to create a .bat file and run it. Then UAC itself will request admin rights approval.

@echo off
cls
echo Telemetry
echo Rules of Firewall
echo.
echo press any key to continue...
pause > NUL
echo Rules of Firewall
echo.
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%~dp0.\script-new.ps1""' -Verb RunAs}"
echo Rules included in Firewall...
echo.
pause

Where script-new.ps1 – is the name of the .ps1 file you created that contains the PowerShell commands.

Download power shell script

Download .bat file

After that is completed, the added rules will be displayed in Windows Firewall as it is shown in the screenshot below:

skreen1

Here is additional information not directly related to firewall but related to telemetry and data collection.

It is worth noting that users of Windows 7 /8 / 8.1 received updates that extend the capabilities of the system to collect and send telemetry data. Accordingly, these users can also apply the recommendations provided in this article or simply remove the updates.

Keylogger

Disable Diag Track (collection of data in Windows components) and dmwappushservice (push messages routing service). To do this, run the command prompt as administrator and disable the service:

sc stop DiagTrack
sc stop dmwappushservice

Or do they remove:

sc delete DiagTrack
sc delete dmwappushservice

Task Scheduler

In the console Taskschd.msc necessary to prohibit the following tasks:

REM *** Task that collects data for SmartScreen in Windows ***
schtasks /Change /TN "Microsoft\Windows\AppID\SmartScreenSpecific" /Disable
REM *** Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program ***
schtasks /Change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /Disable
REM *** Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program ***
schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable
REM *** Aggregates and uploads Application Telemetry information if opted-in to the Microsoft Customer Experience Improvement Program ***
schtasks /Change /TN "Microsoft\Windows\Application Experience\AitAgent" /Disable
REM *** This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program ***
schtasks /Change /TN "Microsoft\Windows\Autochk\Proxy" /Disable
REM *** If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft ***
schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /Disable
REM *** The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft. ***
REM *** If the user has not consented to participate in Windows CEIP, this task does nothing ***
schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /Disable
REM *** The Bluetooth CEIP (Customer Experience Improvement Program) task collects Bluetooth related statistics and information about your machine and sends it to Microsoft ***
REM *** The information received is used to help improve the reliability, stability, and overall functionality of Bluetooth in Windows ***
REM *** If the user has not consented to participate in Windows CEIP, this task does not do anything.***
schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\BthSQM" /Disable
REM *** Create Object Task ***
schtasks /Change /TN "Microsoft\Windows\CloudExperienceHost\CreateObjectTask" /Disable
REM *** The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program ***
schtasks /Change /TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /Disable
REM *** Measures a system's performance and capabilities ***
schtasks /Change /TN "Microsoft\Windows\Maintenance\WinSAT" /Disable
REM *** Network information collector ***
schtasks /Change /TN "Microsoft\Windows\NetTrace\GatherNetworkInfo" /Disable
REM *** Initializes Family Safety monitoring and enforcement ***
schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyMonitor" /Disable
REM *** Synchronizes the latest settings with the Family Safety website ***
schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyRefresh" /Disable
REM *** SQM (Software Quality Management) ***
schtasks /Change /TN "Microsoft\Windows\IME\SQM data sender" /Disable
REM *** This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions ***
schtasks /Change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack" /Disable
REM *** This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer ***
schtasks /Change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn" /Disable

We also recommend switching off all suspicious tasks in the Planner:

REM *** Scans startup entries and raises notification to the user if there are too many startup entries ***
schtasks /Change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /Disable
REM *** Protects user files from accidental loss by copying them to a backup location when the system is unattended 
***
schtasks /Change /TN "Microsoft\Windows\FileHistory\File History (maintenance mode)" /Disable
REM *** This task gathers information about the Trusted Platform Module (TPM), Secure Boot, and Measured Boot ***
schtasks /Change /TN "Microsoft\Windows\PI\Sqm-Tasks" /Disable
REM *** This task analyzes the system looking for conditions that may cause high energy use ***
schtasks /Change /TN "Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" /Disable

The above mentioned method cannot be classified as a 100% perfect solution but should be considered an alternative method to turn off telemetry in your Windows system and protect your sensitive information.

Please note that the list of IP addresses has been updated. The updated script version is available for download.