@echo off title "Disable Windows 7/8/8.1 Telemetry" endlocal & setlocal EnableDelayedExpansion rem Script created by <github.com/tarampampam> # 2015 rem Github: <https://gist.github.com/tarampampam/a0db45fb0de5976300b1> rem OS: Windows 7/8/8.1 rem Version 0.2.1 echo. echo *************************************************************************** echo * * echo * Disable Windows 7/8/8.1 Telemetry (+bonus) service * echo * * echo *************************************************************************** echo * * echo * Script support arguments: * echo * * echo * -kb ^| -hotfixes Do NOT uninstall ^& disable updates * echo * -t ^| -tasks Do NOT disable tasks * echo * -s ^| -services Do NOT disable services * echo * -i ^| -ip Do NOT block IP addresses using route * echo * -f ^| -firewall Do NOT block IP addresses using firewall * echo * -h ^| -hosts Do NOT add domains to hosts file * echo * -u ^| -updates Do NOT change windows update settings * echo * -e ^| -exit Exit when work is complete * echo * * echo * Latest version you can find here: ^<http://goo.gl/1MzPtW^> * echo * * echo *************************************************************************** echo * * echo * PLEASE DISABLE YOUR ANTIVIRUS SOFTWARE BEFORE^^! * echo * (Sometimes it block access to hosts file, etc) * echo * * echo *************************************************************************** echo. rem Setup default script settings + declare variables set ExitOnComplete=0 set UninstallUpdates=1 set DisableTasks=1 set DisableServices=1 set BlockIPaddresses=1 set BlockIPaddressesWithFirewall=1 set AddDomainsToHosts=1 set DisableAutomaticUpdates=1 set FirewallIPlist= rem Parse passed arguments to script arse_passed_params if "%~1"=="" goto end_parse_passed_params if "%~1"=="-e" set ExitOnComplete=1 if "%~1"=="-exit" set ExitOnComplete=1 if "%~1"=="-kb" set UninstallUpdates=0 if "%~1"=="-hotfixes" set UninstallUpdates=0 if "%~1"=="-t" set DisableTasks=0 if "%~1"=="-tasks" set DisableTasks=0 if "%~1"=="-s" set DisableServices=0 if "%~1"=="-services" set DisableServices=0 if "%~1"=="-i" set BlockIPaddresses=0 if "%~1"=="-ip" set BlockIPaddresses=0 if "%~1"=="-f" set BlockIPaddressesWithFirewall=0 if "%~1"=="-firewall" set BlockIPaddressesWithFirewall=0 if "%~1"=="-h" set AddDomainsToHosts=0 if "%~1"=="-hosts" set AddDomainsToHosts=0 if "%~1"=="-u" set DisableAutomaticUpdates=0 if "%~1"=="-updates" set DisableAutomaticUpdates=0 shift & goto parse_passed_params :end_parse_passed_params goto:checkPermissions :begin if %UninstallUpdates%==1 ( call:title "Uninstall evil M$ updates.." call:uninstall_update "3080149" call:uninstall_update "3075249" call:uninstall_update "2952664" call:uninstall_update "3035583" call:uninstall_update "3050265" call:uninstall_update "3068708" call:uninstall_update "3022345" call:uninstall_update "3021917" call:uninstall_update "2876229" call:uninstall_update "2976978" call:uninstall_update "3044374" call:uninstall_update "2990214" call:uninstall_update "3075853" call:uninstall_update "3065987" call:uninstall_update "971033" call:uninstall_update "2902907" call:uninstall_update "2976987" ) if %DisableTasks%==1 ( call:title "Disable some windows tasks.." call:disable_task "\Microsoft\Windows\Application Experience\AitAgent" call:disable_task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" call:disable_task "\Microsoft\Windows\Application Experience\ProgramDataUpdater" call:disable_task "\Microsoft\Windows\Autochk\Proxy" call:disable_task "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" call:disable_task "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" call:disable_task "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" call:disable_task "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" call:disable_task "\Microsoft\Windows\PI\Sqm-Tasks" call:disable_task "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" call:disable_task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" call:disable_task "\Microsoft\Windows\Maintenance\WinSAT" call:disable_task "\Microsoft\Windows\Media Center\ActivateWindowsSearch" call:disable_task "\Microsoft\Windows\Media Center\ConfigureInternetTimeService" call:disable_task "\Microsoft\Windows\Media Center\DispatchRecoveryTasks" call:disable_task "\Microsoft\Windows\Media Center\ehDRMInit" call:disable_task "\Microsoft\Windows\Media Center\InstallPlayReady" call:disable_task "\Microsoft\Windows\Media Center\mcupdate" call:disable_task "\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" call:disable_task "\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" call:disable_task "\Microsoft\Windows\Media Center\OCURActivate" call:disable_task "\Microsoft\Windows\Media Center\OCURDiscovery" call:disable_task "\Microsoft\Windows\Media Center\PBDADiscovery" call:disable_task "\Microsoft\Windows\Media Center\PBDADiscoveryW1" call:disable_task "\Microsoft\Windows\Media Center\PBDADiscoveryW2" call:disable_task "\Microsoft\Windows\Media Center\PvrRecoveryTask" call:disable_task "\Microsoft\Windows\Media Center\PvrScheduleTask" call:disable_task "\Microsoft\Windows\Media Center\RegisterSearch" call:disable_task "\Microsoft\Windows\Media Center\ReindexSearchRoot" call:disable_task "\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" call:disable_task "\Microsoft\Windows\Media Center\UpdateRecordPath" ) if %DisableServices%==1 ( call:title "Disable services.." call:disable_service "Diagtrack" call:disable_service "dmwappushservice" set RegDataCollection="HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" reg query !RegDataCollection!>nul 2>&1 & if %errorLevel%==0 ( reg add !RegDataCollection! /v AllowTelemetry /t REG_DWORD /d 0 /f >nul ) ) if %BlockIPaddresses%==1 ( call:title "Block M$ servers IP addresses.." call:block_route "111.221.29.177" call:block_route "111.221.29.253" call:block_route "131.253.40.37" call:block_route "134.170.30.202" call:block_route "134.170.115.60" call:block_route "134.170.165.248" call:block_route "134.170.165.253" call:block_route "134.170.185.70" call:block_route "137.116.81.24" call:block_route "137.117.235.16" call:block_route "157.55.129.21" call:block_route "157.55.133.204" call:block_route "157.56.121.89" call:block_route "157.56.91.77" call:block_route "168.63.108.233" call:block_route "184.86.56.12" call:block_route "185.13.160.61" call:block_route "191.232.139.254" call:block_route "191.232.80.58" call:block_route "191.232.80.62" call:block_route "191.237.208.126" call:block_route "204.79.197.200" call:block_route "207.46.101.29" call:block_route "207.46.114.58" call:block_route "207.46.223.94" call:block_route "207.68.166.254" call:block_route "212.30.134.204" call:block_route "212.30.134.205" call:block_route "23.102.21.4" call:block_route "23.99.10.11" call:block_route "23.218.212.69" call:block_route "64.4.54.22" call:block_route "64.4.54.32" call:block_route "64.4.6.100" call:block_route "65.39.117.230" call:block_route "65.52.100.11" call:block_route "65.52.100.7" call:block_route "65.52.100.9" call:block_route "65.52.100.91" call:block_route "65.52.100.92" call:block_route "65.52.100.93" call:block_route "65.52.100.94" call:block_route "65.52.108.29" call:block_route "65.55.108.23" call:block_route "65.55.138.114" call:block_route "65.55.138.126" call:block_route "65.55.138.186" call:block_route "65.55.252.63" call:block_route "65.55.252.71" call:block_route "65.55.252.92" call:block_route "65.55.252.93" call:block_route "65.55.29.238" call:block_route "65.55.39.10" call:block_route "68.232.34.200" ) if %BlockIPaddressesWithFirewall%==1 ( call:title "Add blocked IP adressess to firewall rule.." rem For using this shit you must init IP addresses list by calling 'call:block_route "1.1.1.1"' first! call:block_routes_with_firewall "%FirewallIPlist%" ) if %AddDomainsToHosts%==1 ( call:title "Find and add M$ domains to HOSTS file (block).." call:add_to_hosts "--title--" call:add_to_hosts "a-0001.a-msedge.net" call:add_to_hosts "a1095.g2.akamai.net" call:add_to_hosts "ad.doubleclick.net" call:add_to_hosts "adnexus.net" call:add_to_hosts "adnxs.com" call:add_to_hosts "ads1.msads.net" call:add_to_hosts "ads1.msn.com" call:add_to_hosts "ads2.msn.com" call:add_to_hosts "a.ads1.msn.com" call:add_to_hosts "a.ads2.msn.com" call:add_to_hosts "ads2.msn.com.c.footprint.net" call:add_to_hosts "ads.msn.com" call:add_to_hosts "az361816.vo.msecnd.net" call:add_to_hosts "az512334.vo.msecnd.net" call:add_to_hosts "telemetry.microsoft.com" call:add_to_hosts "ca.telemetry.microsoft.com" call:add_to_hosts "choice.live.com" call:add_to_hosts "choice.microsoft.com" call:add_to_hosts "choice.microsoft.com.nsatc.net" call:add_to_hosts "compatexchange.cloudapp.net" call:add_to_hosts "corpext.msitadfs.glbdns2.microsoft.com" call:add_to_hosts "corp.sts.microsoft.com" call:add_to_hosts "cs1.wpc.v0cdn.net" call:add_to_hosts "df.telemetry.microsoft.com" call:add_to_hosts "diagnostics.support.microsoft.akadns.net" call:add_to_hosts "diagnostics.support.microsoft.com" call:add_to_hosts "e9946.g.akamaiedge.net" call:add_to_hosts "fe2.update.microsoft.com.akadns.net" call:add_to_hosts "microsoft-hohm.com" call:add_to_hosts "feedback.microsoft-hohm.com" call:add_to_hosts "feedback.search.microsoft.com" call:add_to_hosts "feedback.windows.com" call:add_to_hosts "i1.services.social.microsoft.com" call:add_to_hosts "i1.services.social.microsoft.com.nsatc.net" call:add_to_hosts "i.s1.social.ms.akadns.net" call:add_to_hosts "legacy-redirection-neurope-prod-hp.cloudapp.net" call:add_to_hosts "oca.telemetry.microsoft.com" call:add_to_hosts "oca.telemetry.microsoft.com.nsatc.net" call:add_to_hosts "onesettings-hk2.metron.live.com.nsatc.net" call:add_to_hosts "pre.footprintpredict.com" call:add_to_hosts "preview.msn.com" call:add_to_hosts "rad.msn.com" call:add_to_hosts "redirection.prod.cms.msn.com" call:add_to_hosts "redirection.prod.cms.msn.com.akadns.net" call:add_to_hosts "redir.metaservices.microsoft.com" call:add_to_hosts "redir.metaservices.microsoft.com.akadns.net" call:add_to_hosts "redir.metaservices.microsoft.com.edgesuite.net" call:add_to_hosts "wes.df.telemetry.microsoft.com" call:add_to_hosts "reports.wes.df.telemetry.microsoft.com" call:add_to_hosts "services.wes.df.telemetry.microsoft.com" call:add_to_hosts "settings.data.glbdns2.microsoft.com" call:add_to_hosts "settings.data.microsoft.com" call:add_to_hosts "settings-sandbox.data.glbdns2.microsoft.com" call:add_to_hosts "settings-sandbox.data.microsoft.com" call:add_to_hosts "settings-win.data.microsoft.com" call:add_to_hosts "siweb.microsoft.akadns.net" call:add_to_hosts "sls.update.microsoft.com.akadns.net" call:add_to_hosts "spynet2.microsoft.akadns.net" call:add_to_hosts "spynet2.microsoft.com" call:add_to_hosts "spynetalt.microsoft.akadns.net" call:add_to_hosts "spynetalt.microsoft.com" call:add_to_hosts "spyneteurope.microsoft.akadns.net" call:add_to_hosts "sqm.df.telemetry.microsoft.com" call:add_to_hosts "sqm.telemetry.microsoft.com" call:add_to_hosts "sqm.telemetry.microsoft.com.nsatc.net" call:add_to_hosts "ssw.live.com" call:add_to_hosts "ssw.live.com.nsatc.net" call:add_to_hosts "statsfe1.ws.microsoft.com" call:add_to_hosts "statsfe1.ws.microsoft.com.nsatc.net" call:add_to_hosts "statsfe2.update.microsoft.com.akadns.net" call:add_to_hosts "statsfe2.ws.microsoft.com" call:add_to_hosts "statsfe2.ws.microsoft.com.nsatc.net" call:add_to_hosts "support.msn.microsoft.akadns.net" call:add_to_hosts "watson.microsoft.com" call:add_to_hosts "survey.watson.microsoft.com" call:add_to_hosts "telecommand.telemetry.microsoft.com" call:add_to_hosts "telecommand.telemetry.microsoft.com.nsatc.net" call:add_to_hosts "telemetry.appex.bing.net" call:add_to_hosts "telemetry.appex.search.prod.ms.akadns.net" call:add_to_hosts "telemetry.urs.microsoft.com" call:add_to_hosts "t.urs.microsoft.com.nsatc.net" call:add_to_hosts "vortex.data.glbdns2.microsoft.com" call:add_to_hosts "vortex.data.metron.live.com.nsatc.net" call:add_to_hosts "vortex.data.microsoft.com" call:add_to_hosts "vortex-db5.metron.live.com.nsatc.net" call:add_to_hosts "vortex-sandbox.data.glbdns2.microsoft.com" call:add_to_hosts "vortex-sandbox.data.microsoft.com" call:add_to_hosts "vortex-win.data.metron.live.com.nsatc.net" call:add_to_hosts "vortex-win.data.microsoft.com" call:add_to_hosts "watson.live.com" call:add_to_hosts "watson.microsoft.com.nsatc.net" call:add_to_hosts "watson.ppe.telemetry.microsoft.com" call:add_to_hosts "watson.telemetry.microsoft.com" call:add_to_hosts "watson.telemetry.microsoft.com.nsatc.net" ) if %DisableAutomaticUpdates%==1 ( call:title "Disable automatic windows update (make search, but you must manually select updates to install)" set RegeditRoot="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" reg add !RegeditRoot! /v AUOptions /t REG_DWORD /d 2 /f>nul reg add !RegeditRoot! /v IncludeRecommendedUpdates /t REG_DWORD /d 0 /f>nul ) goto:end :log set message=%~1 echo [%time%] %message% exit /b :title set title=%~1 echo. & echo [i] %title% exit /b :checkPermissions if exist %SystemRoot%\System32\fsutil.exe ( fsutil dirty query %systemdrive%>nul 2>&1 ) else ( net session >nul 2>&1 ) if %errorLevel%==0 ( goto:begin ) else ( call:log "[Failure] Need administrative permissions" goto:end ) exit /b :uninstall_update set kb_id=%~1 rem Remove update start /wait wusa /uninstall /norestart /quiet /kb:%kb_id% if %errorlevel%==2359303 call:log "Update KB%kb_id% not installed" if %errorlevel%==1223 call:log "Uninstall cancelled" if %errorlevel%==3010 call:log "Update KB%kb_id% UNINSTALLED successfully" rem Add update to Windows Update exceptions (hide update) using PowerShell set GoodResultCode=100 powershell -ExecutionPolicy RemoteSigned -NoLogo -Noninteractive -Command "Import-Module PSWindowsUpdate; try { Hide-WUUpdate -KBArticleID KB%kb_id% -Confirm:$false; exit %GoodResultCode% } catch { exit 0; }">nul 2>&1 if %errorlevel%==%GoodResultCode% ( call:log "Update KB%kb_id% successfully DISABLED" ) else ( call:log "Cannot disable KB%kb_id%: Update your PowerShell or install PowerShell module 'PSWindowsUpdate'" ) exit /b :block_route set REDIRECT=0.0.0.0 set ip_addr=%~1 call:log "Block route to %ip_addr%" route -p ADD %ip_addr% MASK 255.255.255.255 %REDIRECT%>nul 2>&1 rem Add all addresses to single string variable (',' is delimiter) set FirewallIPlist=%FirewallIPlist%%ip_addr%, exit /b :block_routes_with_firewall set ip_list=%~1 if [!FirewallIPlist!] EQU [] ( call:log "Empty IP list. For add IP to firewall block list - block ip by route first" exit /b ) if exist %SystemRoot%\System32\netsh.exe ( set FirewallRuleName=Block MS Telemetry rem Add new rule not exists netsh advfirewall firewall show rule name="!FirewallRuleName!">nul if !errorlevel! NEQ 0 ( call:log "Add new firewall rule named '!FirewallRuleName!'" netsh advfirewall firewall add rule name="!FirewallRuleName!" dir=out interface=any action=block>nul ) else ( netsh advfirewall firewall set rule name="!FirewallRuleName!" new enable=yes>nul ) rem Check exists rule again, and add addresses to "black list" netsh advfirewall firewall show rule name="!FirewallRuleName!">nul if !errorlevel! EQU 0 ( call:log "Add/update IP adresses to rule '!FirewallRuleName!': '!ip_list:~1,-1!'" netsh advfirewall firewall set rule name="!FirewallRuleName!" new remoteip=!ip_list!>nul ) ) else ( call:log "Windows firewall not accessible (file 'netsh.exe' not exists)" ) exit /b isable_task set task_name=%~1 call:log "Disable task %task_name%" schtasks /Change /TN "%task_name%" /DISABLE>nul 2>&1 exit /b isable_service set service_name=%~1 set errors_counter=0 call:log "Disable service '%service_name%'" sc query "%service_name%">nul if %errorlevel% NEQ 1060 ( sc config "%service_name%" start= disabled>nul if %errorlevel% NEQ 0 set /a errors_counter=errors_counter+1 sc stop "%service_name%">nul if %errorlevel% NEQ 0 set /a errors_counter=errors_counter+1 if %errors_counter%==0 ( call:log "Service '%service_name%' disabled successful" ) ) else set /a errors_counter=errors_counter+1 & call:log "Service '%service_name%' not installed" exit /b :add_to_hosts set HOSTS=%SystemRoot%\system32\drivers\etc\hosts set REDIRECT=0.0.0.0 set block_title=## Block MS telemetry domain names set write_title=0 set host_name=%~1 if "%host_name%"=="--title--" ( set write_title=1 set host_name=%block_title% ) find /C /I "%host_name%" %HOSTS%>nul if %errorlevel% NEQ 0 ( if %write_title% EQU 1 ( echo.>>%HOSTS% echo.>>%HOSTS% echo %block_title%>>%HOSTS% ) else ( echo %REDIRECT% %host_name%>>%HOSTS% call:log "Domain %host_name% ADDED" ) ) else ( if %write_title% NEQ 1 ( call:log "Domain %host_name% ALREADY added" ) ) exit /b :end call:title "Exit after 60 seconds, or press any key for exit now" timeout /t 60>nul 2>&1 endlocal & if %ExitOnComplete%==1 (exit) echo on |