spy\131.253.61.0-131.253.61.255 blocks "login.live.com" (131.253.61.100)

Can you say something about that two entries?

crl.microsoft.com (https://www.reddit.com/r/privacy/comments/50pa9c/real_windows_7_spying_blocklist/d76iq7k)

#207.46.114.58 (https://www.reddit.com/r/privacy/comments/50pa9c/real_windows_7_spying_blocklist/d76ixib)

I'm sure this is wrong place to ask this but could you possible add support for Simple Dnscrypt so that I don't have to manually parse your proxifier files for each new release?

Hi,

I currently testing WindowsSpyBlocker and I have a problem when I do a test on the IP firewall rules ...

• Test IPs ...
  C: \ Users \ globy \ AppData \ Local \ Temp \ firewallBlockWindowsSpy.vbs (6, 13) Microsoft VBScript runtime error: ActiveX component can not create object: 'InternetExplorer.Application'

Steps to reproduce this issue

1. Turn on winspy on OpenWRT "adblock" package (this downloads data/hosts/win10/spy.txt)
2. Xbox One store does not download games/apps

Expected Behaviour

Winspy turned off.

Downloading Games and Apps on the Xbox One Store works. (Tried with different demos)

Actual Behaviour

Winspy turned on.

Downloading a demo does not work, took me a while to trace it back to me turning on winspy on the OpenWRT adblock opkg package. This downloads your list from https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt

Configuration

Country (ex. United-States) :
Switzerland

Operating system (ex. Windows 10 Pro 64 bits) :
Xbox One (Xbox Store)

Winver screenshot :
Does not apply

hosts/win10/spy.txt

If you REM out this line it works fine otherwise Windows update will be blocked.
0.0.0.0 fe3.delivery.mp.microsoft.com

Configuration

• Western United States
• Windows 10 Pro Insider Preview Build 14352

Hi
Instead of having
address=/domainexample.com/0.0.0.0
Using it like this
server=/domainexample.com/
OpenWRT forum quote user Middling

The "server" directive tells dnsmasq to forward DNS requests for that domain to the DNS server on the specified IP. By not specifying an IP you're telling dnsmasq that it's in charge of that domain and should get the info for it from /etc/hosts or it's dhcp config.
Since there's no hostname-IP mapping for that domain on the router it'll respond with an nxdomain and the browser won't make any connection attempts anywhere.

I have tested this and it is better, ping the "domainexample.com" will display unknown host intead of 'pinging itself' (0.0.0.0)

Sorry, but I don't get it. As far as I know it's just a support forum.
Is there any outgoing automated request from Windows 10 to that host or some shady connection through a troubleshooter? It's blocked from Windows 10 spy file.

Need to move 134.170.51.187 and 134.170.51.188 to update rules

[FYI] Add the following info to README.md

What is contained into telemetry data sent by the OS to various servers?
You can read a list here or look at the original info from the Corporation.

Steps to reproduce this issue

1. Apply hosts from hosts/win10/spy.txt.
2. Launch Windows Store.
3. Try to install any app.

Expected Behaviour

Apps should be successfully downloaded and installed.

Actual Behaviour

Error: Try the download again.

Configuration

Country : Ukraine

Operating system : Windows 10 Pro 64 bits

Winver screenshot :

Steps to reproduce this issue

1. update win10 to build 1607
2. start store

Expected Behaviour

Windows App store should load

Actual Behaviour

Dies with a connection error due to "storeedgefd.dsx.mp.microsoft.com" being actively blocked

Configuration

Germany , windows 10 pro 32bit
Build 1607 (Build 14393.351)

Hello.

So I did every step from your instructions on Windows 10 64bit except "DNSCrypt" and "Proxifier". I did not do those two.

When I did the Hosts-File,
I only used the "windowsX_spy.txt" and "windowsX_extra.txt".
I did not use "windowsX_update.txt", as I still want to receive updates.

Now, when I go to Settings/Update&Security/Windows Update and then click on "Check for updates",
it only takes about 1 second before the following message appears:

"We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet."

I never had this before.

So what could I do to still be able to receive Updates?

• rewrite diff.bat
• rewrite firewall.bat
• rewrite ncsi.bat
• rewrite proxifier.bat
• rewrite sysmon.bat
• rewrite wireshark.bat
• embed data folder in the binary
• review online api for whois and resolutions
• add codacy review
• add appveyor CI
• drive processes with ant
• update README and wiki with build requirements
• add editorconfig
• outsource libs (sysmon, logparser, etc...)

I'm suggesting to remove m.hotmail.com from the list as this is the address used for email synchronisation with any email software and any MS email domain.

As well add others menus to :

• List network interfaces
• Install Npcap

It would be nice to allocate separate list of hosts needed for Windovs Store and online search.
Thanks.

Hi,

Sorry to use the issue section when I wish only to know if this very nice and complete WindowsSpyBlocker, if its rules concern only Windows 10 or if they are applicable, pertinent to all Windows versions, even if some rules may concern only Windows 10.

I've added hostsBlockWindowsSpy.txt to my HostsMan's sources and installed the outbound rules for Windows' Firewall. I guess it can't do no harm... in fact I believe it already does a lot of good!

Windows 7SP1 x-64 here.

Thanks.

Hi there
Current data for openwrt is split into win7; win8.1; win10 and then spy; update and extra.
This is the same for all platforms, but doesn't make much sense for openwrt routers.
Routers generally have multiple computers with different OS connected, so, we will probably need all rules for windows 7, 8.1 and 10, this can be a pain in the a to get/update all rules!

I think it would be wise to merge them all in one dnsmasq.conf file and in one firewall.user file.
About the 'spy , update, extra', I would also vote to include them all.
Would be necessary to make sure there aren't duplicates.
You could add this as another method... like this /data/openwrt/all

Let me know what you think.
Thanks.

UPDATE:
A couple days ago I wrote a very 'simple script' that can run directly on Openwrt routers, it downloads, merges all in one firewall.user/dnsmasq.conf and even apply the rules by restarting firewall and dnsmasq.
It uses curl to download, cat for merging all together, sed for cleaning comments and empty lines, sed again for deleting old rules from files (eg. it deletes all entries below #winspy, so all entries above are preserved) and cat again to add (append) them to the actual /etc/firewall.user or dnsmasq.conf file without deleting any comments or custom entries in those files, the "#winspy" works as a flag, everything below will be deleted.

Some Windows Update queries interact with third party network companies and it seems Limelight Network is one of them and redirects llnw.net to windowsupdate.com.

If you've got information leave a comment!

Mature enough, wildcard, regexp DNS filter.
You can use wildcards microsoft, whole domain >microsoft.com
or even more advanced regexp.
Configurable caching time of DNS requests.
Using of external hosts.

Major benefits:

1 - Blocking of spying domains before they change after windows updates.
Rule examples:
0.0.0.0 microsoft -download.microsoft.com
a rule like this will block everything with microsoft in the name but except download.microsoft.com
a useful download entry for win update.
0.0.0.0 >bing.com
farewell bing 😄

2 - Compacting, less maintenance of hosts
3 - Decrease bandwith use on independent DNScrypt providers.

Practical example:
https://github.com/crazy-max/WindowsSpyBlocker/blob/master/data/hosts/win10/spy.txt

0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 a-0010.a-msedge.net
0.0.0.0 a-0011.a-msedge.net
0.0.0.0 a-0012.a-msedge.net
0.0.0.0 a-msedge.net
0.0.0.0 msedge.net
0.0.0.0 www.msedge.net

15 rules become 1 with further scope for other potential hosts/domains:
If they own a domain, assume all of it compromised, as time passes new hosts will pop up, it's been proven.

0.0.0.0 *msedge.net
or more aggressive
0.0.0.0 msedge.
or even more paranoid (who uses msedge anyway?)
0.0.0.0 msedge -msedgesux.org -msedgefail.net

Steps to reproduce this issue

1. Install office 365 desktop apps
2. Activate the spy blocker hostfile
3. Try to log in to activate and use your licensed product

Expected Behaviour

You should be able to sign into your office 365 desktop apps and keep them working

Actual Behaviour

You cannot sign in and access the configuration

Configuration

0.0.0.0 officeclient.microsoft.com

Fix

# 0.0.0.0 officeclient.microsoft.com

Country : Germany

Operating system : Windows 10 Pro 64 bit

Winver : Version 1607 OS Build 14393.0

• Native apps
• Windows update
• Explorer
• ...

Hi,

we're using your list in our openwrt/LEDE based adblock package. Thanks for your efforts to provide this kind of block list!

Just a small suggestion: Please keep the github link to your list more stable and it would be nice - whenever you add domains for winX - to provide one overall list.

Thanks again!

Many thanks for your work. I think there's something in the latest spy IP list (data/firewall/win10/spy.txt) that causes problems to Skype, which now only partially works. The status icon keeps spinning (always "Connecting") and only some friends are available. Disabling these rules in my Firewall makes the problem go away after a Skype restart.

Tried several Skype for Windows versions, including the current 7.31.0.104 (the client's auto-update does yet push v.7.32, available on FileHippo etc. - also tried that).

Win 10 x64 (1607 / 14393.693)

I see closed Issue #15. This seems related.

Is there a reason login.live.com is listed here and here which are the extra.txt files under Win10/ and Win81/?

Reason I ask is, this domain is required for Skype login.

https://github.com/crazy-max/WindowsSpyBlocker/blob/master/data/openwrt/win10/spy/dnsmasq.conf

address=/answers.microsoft.com/0.0.0.0

Are we really should block this address? Blocking it leads to inaccessible of Microsoft Community Forums. For example, this URL cannot be opened (IE tells "enable TLS", Firefox tells "error occurred while establishing a secure connection").

false alarm, wrong list, sorry

Hi Crazy-M
A big thank for your time and effort on this project. On routers using the openwrt os, man are already using your host list via the adblock project ( https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md ), enabling to block things at the network level for all win10 plugged in.

To do the same for static IP and so for you firewall list, would it be possible that you create a sh script to set up iptables rules using your static IP files? That'd be great!

Regards
WB

Please first

• Read the FAQ : https://github.com/crazy-max/WindowsSpyBlocker/wiki/FAQ
• Search for existing issues : https://github.com/crazy-max/WindowsSpyBlocker/issues

Steps to reproduce this issue

Expected Behaviour

Tell me what should happen

Actual Behaviour

Tell me what happens instead

Configuration

Country (ex. United-States) :

Operating system (ex. Windows 10 Pro 64 bits) :

Winver screenshot :

Open a command prompt and type winver then
take / save the screenshot of the window and
drag the image file in this issue.
For example: https://goo.gl/03d7gI

Following one of the latest spy rules updates - MS OneNote isn't able to sync notebooks.

Possibly because of:

• 0.0.0.0 nexus.officeapps.live.com
• 0.0.0.0 officeclient.microsoft.com
• 0.0.0.0 mobile.pipe.aria.microsoft.com

Windows check a Microsoft site for connectivity, using the Network Connectivity Status Indicator site.

• NCSI performs a DNS lookup on www.msftncsi.com, then requests http://www.msftncsi.com/ncsi.txt. This file is a plain-text file and contains only the text Microsoft NCSI.
• NCSI sends a DNS lookup request for dns.msftncsi.com. This DNS address should resolve to 131.107.255.255. If the address does not match, then it is assumed that the internet connection is not functioning correctly.

If you want to implement your own NCSI, check this link
More info : https://technet.microsoft.com/en-us/library/cc766017%28WS.10%29.aspx

Hi,

WindowsSpyBlocker-3.4.4 on Windows 7SP1 64-BIT

When performing \scripts\ncsi\ncsi.bat Option 5 - Test Internet connection, I receive the information hereafter. The same information is displayed whether I've ran previously
1 - Apply WindowsSpyBlocker NCSI (local) or 2 - Apply Microsoft NCSI (local)

IPv4 web probe failed.
IPv6 web probe failed.
Le terme « Resolve-DnsName » n'est pas reconnu comme nom d'applet de commande, fonction, fichier de script ou programme exécutable. Vérifiez l'orthographe du nom, ou si un chemin d'accès existe, vérifiez que le chemin d'accès est correct et réessayez.
Au niveau de D:\My Data\WindowsSpyBlocker\WindowsSpyBlocker-3.4.4\scripts\ncsi\testConnection.ps1 : 21 Caractère : 21

• if( (Resolve-DnsName <<<< -Type A -ErrorAction SilentlyContinue (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet).ActiveDnsProbeHost).IPAddress -eq
  • CategoryInfo : ObjectNotFound: (Resolve-DnsName:String) [], CommandNotFoundException
  • FullyQualifiedErrorId : CommandNotFoundException

No idea if this is important or not.
I do not have a "No Internet access" warning in my system tray : OK
Moreover, I did not have as well a "No Internet access" warning in my system tray before running ncsi.bat although I had
added \data\hosts\win7\extra.txt to my HOSTS file
and
ran \scripts\firewall\firewall.bat with Option 1 - Add extra rules (local)

Thanks for your advice (merci d'avance) !

134.170.185.* IPs range are assigned to Microsoft Hotfix downloads and feedback.