I have a question for users that configured their firewalls to block/allow specific Windows services and built-in applications from accessing internet. I would like to know which services you allowed to access internet and also which are safe to block from accessing it. So far I allowed: Dnscache, Nlasvc, Wuauserv and CryptSvc. I blocked: Wlidsvc, WpnService, Wisvc and DsmSvc. I also blocked this applications and tools: Smartscreen.exe, Taskhostw.exe, Devicecensus.exe, SpeechModelDownload.exe, SpeechRuntime.exe, SystemSettings.exe, WerFault.exe, wermgr.exe. Any additional suggestions and warnings are appreciated. EDIT 03.03.2020 - added new blocked tools to list
For starters and not exclusive, native SmartScreen needs Internet connectivity to update the white/black lists it uses.
I've disabled Smartscreen in Group policy, that's why I also blocked it using FW. Don't even know why it runs, since it's disabled.
