Introduction

Windows Telemetry data is always in discussion among security geeks. But before moving forward lets first understand what is Telemetry Data with respect to Windows. Telemetry data present in every windows machine. According to ethical hacking researcher of International Institute of Cyber Security, this telemetry data is system diagnostics information, system details, and logs of how frequently Windows user is using some applications, features & some more details internal to Microsoft.

So today we will talk about a Windows spy blocker a tool, used for spying and tracking the network traffic on your Windows system. This is completely built on go language. We can use this tool in windows 7, 8 and 10.

Environment

OS: Windows 10 64 bit
Version: Microsoft Windows [Version 10.0.18363.720]

Installation steps

Firstly we have to download the windows spy blocker on your windows machine.
Use this link to download the spy blocker, https://github.com/crazy-max/WindowsSpyBlocker/releases/download/4.28.0/WindowsSpyBlocker.exe
Open the spy blocker tool, after downloading the file.

In the main menu we see two options.
- 1- Telemetry
- 2- Dev

Telemetry Option

Now choose option 1-Telemetry. In the telemetry, we have 2 classifications.
- 1- Firewall
- 2- NCSI (Network Connection Status Icon).

Telemetry > Firewall Option

A firewall is used to protect our system from unauthorized access. We can use this firewall in software and hardware form.

In the firewall option we five different options like add extra rules, add spy rules, add update rules, remove windows spy blocker rules and, display your current windows spy blocker rules.
We can run these options by selecting the required option’s number.
Now, choose option 2-Add spy rules

When we choose, these options add extra rules and add spy rules, it downloads 3 different files as shown in below picture.
This will be stored in windows Spy Blocker’s folder.

Windows Spy Blocker's Folder — Windows Spy Blocker’s Folder

In the above picture, we see Adding outbound firewall rules.
All these IP’s belong to Microsoft.
Now let’s check in our search engine, by choosing an IP from the List.

In this tool, we have an option called extract data. When we use that option, it collects all the data and stores in a file depending on the data.
We can see extract data option at the final step.

Telemetry > Network Connection Status Indicator (NCSI) Option

Now, choose option 2-NCSI (Network Connection Status Indicator).

What is NCSI?

The main purpose of the Network Connection Status Indicator in windows is to provide network connection information.

In NCSI we have four options to display your current NCSI values, Apply WindowsSpyBlocker NCSI, Apply Microsoft NCSI and Test the internet connection.
Choose option 4-Test the connection.

Now, choose option 1-Display your current NCSI values.

The aim of this NCSI tool is to check the internet connection.

DEV Option

What is DEV?

DEV, it is used for tracking files. In the Dev, we have 7 options to track the hardware files proxifier, sysmon, Wireshark, test, Diff, merge and, extract data.

Dev > Wireshark Option

Choose option 3-Wireshark, to capture all the traffic.
First we have to install Npcap to capture any details.
After installing the Npcap choose the required option.

The captured data file stored in the Temp file in windows Spy Blocker.

Dev > Extract Data Option

Next, choose option 7-To extract data

Extracted data is stored on this path.
Let’s see the extracted data.

Now, let’s open any folder to check the data files.

Now lets show another tool to disable telemetry data on your Windows system.

Disable Telemetry

We can also disable telemetry data.
For this, we need to download DisablewinTracking.exe file from the below link https://github.com/10se1ucgo/DisableWinTracking/releases/
Now, extract the zip file.
Then we see DisablewinTracking.exe file.
Run the file as an Administrator.

Here, select the telemetry option.
Select service method and click on go.
It will disable the telemetry option.

Conclusion

By using Windows spy blocker tool we can capture the network traffic to track our telemetry data and act upon it. This tool can also be used for auditing purpose.

Jitender Narula

Cyber Security Specialist with 18+ years of industry experience . Worked on the projects with AT&T, Citrix, Google, Conexant, IPolicy Networks (Tech Mahindra) and HFCL. Constantly keeping world update on the happening in Cyber Security Area.

Stop Windows from Spying into your computer or laptop

Introduction

Environment

Installation steps

Telemetry Option

Telemetry > Firewall Option

Telemetry > Network Connection Status Indicator (NCSI) Option

DEV Option

Dev > Wireshark Option

Dev > Extract Data Option

Disable Telemetry

Conclusion

The 11 Essential Falco Cloud Security Rules for Securing Containerized Applications at No Cost

Hack-Proof Your Cloud: The Step-by-Step Continuous Threat Exposure Management CTEM Strategy for AWS & AZURE

Web-Based PLC Malware: A New Technique to Hack Industrial Control Systems

The API Security Checklist: 10 strategies to keep API integrations secure

11 ways of hacking into ChatGpt like Generative AI systems

How to send spoof emails from domains that have SPF and DKIM protections?

Silent Email Attack CVE-2023-35628 : How to Hack Without an Email Click in Outlook

How to Bypass EDRs, AV with Ease using 8 New Process Injection Attacks

Cyber Security Channel