Blackbird V6 - Windows privacy, security and performance

Blackbird V6 (v1.0.75) Released (July 13, 2019)
Download
Changelog

Spoiler: Changelog v1.0.75

v1.0.75

- Blackbird 32bit may no longer disable all Autologgers on Windows 10 v1903+ due to security limitations.
64bit version in not affected.
- Nvidia telemetry is no longer removed if Geforce Experience is installed due to p[...] off gamers.
- Fixed App Manager showing a failed message when configuring folder permissions when it shouldn't.
- Fixed Blackbird failing to restore default service states on some Windows 10 versions.
- Fixed Outlook Exchange sometimes not working on Windows 10 after using the /L switch.*

* NOTE:
Special thanks goes out to Dr.Crunch for finding the solution.

 

Blackbird V6 (v1.0.78) Released (July 27, 2019)
Download
Changelog

 

Blackbird V6 (v1.0.79) Released (August 17, 2019)
Download
Changelog

 

Blackbird V6 (v1.0.79.2) Released (October 18, 2019)
Download
Changelog

Spoiler: Changelog

v1.0.79.2
- Blackbird is now forced to always run with Administrator rights (still testing this).
- Added more hosts to blacklist
- Disabled scheduled task: SQM Data Sender
- The /I switch will now also enable changing the user account picture on Windows 10.
- Fixed another bug that may cause Blackbird to crash when restoring a backup file.
v1.0.79.1
- Fixed Blackbird crashing when restoring a backup file. Feel bad about this one, no idea how I managed to miss it during testing.
- Fixed scheduled tasks sometimes not getting properly disabled.
- Fixed hosts always reported as blocked regardless of actual state.

 

Blackbird V6 (v1.0.79.3) Released (November 1, 2019)
Download
Changelog

 

Downloaded zip file looks OK, and correct hash.

But extracts empty. Anyone else get this?

May be due to 11/59 on VT, but not getting any blocks from my security softs on extraction.

 

No problem here in extracting of both zip files (...the VT-Score is much higher now)

 

WD now gives severe alert to v1.0.9.73 blackbird.exe: Trojan:Win32/Occamy.C3E

VT 26 / 73 ... FP?

 

Blackbird V6 (v1.0.80.1) Released (October 21, 2020)
Download
Changelog

Spoiler: Changes v1.0.80.1

v1.0.80.1 - Latest

- Supports Windows 10 v2004 update.
- Added more hosts to blacklist
- Changed the way Blackbird scans for installed KB updates and blocked hosts for performance reasons (still testing).
- Disabled End-of-Servicing notification tasks on Windows 7.
- Disabled scheduled task: Agent Activation Runtime, PcaPatchDbTask
- Fixed "ConfigureAppInstallControlEnabled" regkey set to wrong value. *
- Fixed Blackbird not recognizing OS version when running on Windows 10 v1909.
- Fixed Blackbird not backing up a few network interface settings.
- Fixed App Manager sometimes not properly restoring a previously blocked system application.
- Fixed App Manager not being able to block the latest Edge-Chromium browser.
- Fixed "Access denied" error appearing for some users when Blackbird failed to start with admin rights.
- Fixed /i switch service conflicts.

* NOTE:
Special thanks to rsoyxihnark for the tip.

 

Hi, can anyone help me to understand how the telemetry IP in Windows is blocked with the program blackbird? https://www.wilderssecurity.com/thr...dows-privacy-security-and-performance.389809/
I can't find any entries in the host file and the firewall. In the user temp folder blackbird creates a a cmd script.
below a section of it. Can anyone read and understand how the Windows telemetry Ips are blocked without host and firewall entries?

Thanks in advance

Spoiler: cmd script

Code:

)
    if not defined _RP_DNS_Resolving if defined _RP_ICMP_Resolving (
       set "_RP_PingDump_IPv4=" &set "_RP_PingDump_IPv6="
       for /f "Tokens=2 delims=[]" %%a in ('ping !_RP_RawHost! -4 -n 1 -l 1 -w 1 2^>Nul ^| findstr /r ".*[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*"') do (set _RP_PingDump_IPv4=%%a)
       for /f "Tokens=2 delims=[]" %%a in ('ping !_RP_RawHost! -6 -n 1 -l 1 -w 1 2^>Nul ^| findstr /r ".*\:.*\:.*\:.*"') do (set _RP_PingDump_IPv6=%%a)
       if defined _RP_PingDump_IPv4 (
           if !_RP_IFCounter! equ 1 (
               route -p -4 ADD !_RP_PingDump_IPv4! MASK !_RPanda_IPv4SubMask! !_RPanda_IPv4LoopBack! metric !_RPanda_debugMetric! IF !_RPandaIF1! >nul 2>&1
               route -p -4 ADD !_RP_PingDump_IPv4! MASK !_RPanda_IPv4SubMask! !_RPanda_IPv4LoopBack! metric !_RPanda_defaultMetric! IF !_RPandaIF1! >nul 2>&1
           ) else if !_RP_IFCounter! gtr 1 (for /l %%Z in (1 1 !_RP_IFCounter!) do (
                   route -p -4 ADD !_RP_PingDump_IPv4! MASK !_RPanda_IPv4SubMask! !_RPanda_IPv4LoopBack! metric !_RPanda_debugMetric! IF !_RPandaIF%%Z! >nul 2>&1
                   route -p -4 ADD !_RP_PingDump_IPv4! MASK !_RPanda_IPv4SubMask! !_RPanda_IPv4LoopBack! metric !_RPanda_defaultMetric! IF !_RPandaIF%%Z! >nul 2>&1
           ))
           if defined _flag-v (set /A "_RPanda_IPv4AdrCount=!_RPanda_IPv4AdrCount!+1" &set "_RP_NoAddress=" &<nul set /p ="!_RP_PingDump_IPv4!")
       )
       if defined _RP_PingDump_IPv6 (
           if !_RP_IFCounter! equ 1 (
               route -p -6 ADD !_RP_PingDump_IPv6!/128 !_RPanda_IPv6LoopBack! metric !_RPanda_debugMetric! IF !_RPandaIF1! >nul 2>&1
               route -p -6 ADD !_RP_PingDump_IPv6!/128 !_RPanda_IPv6LoopBack! metric !_RPanda_defaultMetric! IF !_RPandaIF1! >nul 2>&1
           ) else if !_RP_IFCounter! gtr 1 (for /l %%Z in (1 1 !_RP_IFCounter!) do (
                   route -p -6 ADD !_RP_PingDump_IPv6!/128 !_RPanda_IPv6LoopBack! metric !_RPanda_debugMetric! IF !_RPandaIF%%Z! >nul 2>&1
                   route -p -6 ADD !_RP_PingDump_IPv6!/128 !_RPanda_IPv6LoopBack! metric !_RPanda_defaultMetric! IF !_RPandaIF%%Z! >nul 2>&1
           ))
           if defined _flag-v (
               set /A "_RPanda_IPv6AdrCount=!_RPanda_IPv6AdrCount!+1" &set "_RP_NoAddress="
               if defined _RP_PingDump_IPv4 <nul set /p =", "
               <nul set /p ="!_RP_PingDump_IPv6!"
   )))
   if defined _flag-v (
       if defined _RP_NoAddress call :GUI 0E "Unable to resolve"
       <nul set /p ="] "
       if not defined _RP_NoAddress <nul set /p ="BLOCKED"
       echo.
   ) else (
       set RPandaGUISubREM=
       if !RPandaGUICount! geq 1000 (set "RPandaGUISubMOD=1000") else if !RPandaGUICount! geq 500 (set "RPandaGUISubMOD=100") else if !RPandaGUICount! geq 300 (set "RPandaGUISubMOD=70") else if !RPandaGUICount! geq 200 (set "RPandaGUISubMOD=50") else if !RPandaGUICount! geq 100 (set "RPandaGUISubMOD=20") else (set "RPandaGUISubMOD=10")
       set /a "RPandaGUISubREM=!RPandaGUICount! %% !RPandaGUISubMOD!"
       if !RPandaGUISubREM! equ 0 (
           if defined RPanda_GUI_IndexPA (set /A "RPanda_GUI_IndexPA=!RPanda_GUI_IndexPA!+1" &set /A "RPanda_GUI_IndexPB=!RPanda_GUI_IndexPA!+1") else (set /A "RPanda_GUI_IndexPA=!RPandaGUIFixedIndex!+1" &set /A "RPanda_GUI_IndexPB=!RPanda_GUI_IndexPA!+1")
           call :drawProgressBar !RPanda_GUI_IndexPA! "Blocking external hosts"
           for /l %%z in (!RPanda_GUI_IndexPA! 1 !RPanda_GUI_IndexPB!) do call :drawProgressBar %%z
   ))
   set "_RP_RawHost=" &set "_RP_PingDump_IPv4=" &set "_RP_PingDump_IPv6=" &set "_DNSHostDump=" &set "_DNSHostMultiDump="
)
goto RedPanda_FinalizeBlock
:RedPanda_Blacklist
if not defined _flag-v (
   call :drawProgressBar 58 "Blocking hosts"
   for /l %%f in (58 1 59) do ( call :drawProgressBar %%f )
)
if defined _flag-v ( call :GUI 0f " -- Applying internal host blacklist . . ." /n )
rem ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
set "RedPanda_HostList_A01=112.2o7.net 315a641cf1db62bed0a344c5b05b2292.clo.footprintdns.com 4d4a22d4d2d167314abccf8082f0ef35.clo.footprintdns.com 6to4.ipv6.microsoft.com a-0001.a-msedge.net a-0002.a-msedge.net a-0003.a-msedge.net a-0004.a-msedge.net a-0005.a-msedge.net a-0006.a-msedge.net a-0007.a-msedge.net a-0008.a-msedge.net a-0009.a-msedge.net a-0010.a-msedge.net a-0011.a-msedge.net a-0012.a-msedge.net a-ring-fallback.msedge.net a-ring.msedge.net a.ads1.msads.net a.ads1.msn.com a.ads2.msads.net a.ads2.msn.com a.ns.facebook.com aa.agkn.com aa5ca9ad60d84d6d2f64c41b26e503d9.clo.footprintdns.com ab59a6538d2abdcbd183e7feb407ba46.nrb.footprintdns.com ac3.msn.com acdn.adnxs.com activity.windows.com ad.doubleclick.net ad40d51ce44cd50387b82faade325052.clo.footprintdns.com adclick.g.doubleclick.net adfb1fb578a00c84b719d00af558ea1b.clo.footprintdns.com admeld.com ads.ak.facebook.com.edgesuite.net ads.api.vungle.com ads.eu.msn.com ads.exdynsrv.com ads.facebook.com ads.google.com"
set "RedPanda_HostList_A02=ads.msn.com ads.scorecardresearch.comads.youtube.com ads1.msads.net ads1.msn.com adservice.google.com adtrack.king.com adtrack1.midasplayer.com afs.googlesyndication.com ajax.microsoft.com ams1-ib.adnxs.com analytics.google.com analytics.live.com analytics.microsoft.com analytics.msn.com analytics.twitter.com analytics.yahoo.com api-s2s-emea.taboola.com api.cortana.ai api.taboola.com apprep.smartscreen.microsoft.com apprepsvc-ch1p.smartscreen.microsoft.com apps.skype.com arc.msn.com arc1.msn.com array605.prod.do.dsp.mp.microsoft.com array610.prod.do.dsp.mp.microsoft.com array612.prod.do.dsp.mp.microsoft.com array613.prod.do.dsp.mp.microsoft.com array618.prod.do.dsp.mp.microsoft.com array801.prod.do.dsp.mp.microsoft.com array802.prod.do.dsp.mp.microsoft.com array803.prod.do.dsp.mp.microsoft.com array804.prod.do.dsp.mp.microsoft.com array809.prod.do.dsp.mp.microsoft.com ars.smartscreen.microsoft.com asimov-win.settings.data.microsoft.com.akadns.net"
set "RedPanda_HostList_A03=assets.msn.com at.atwola.com atlassolutions.com auto.search.msn.com az361816.vo.msecnd.net az416426.vo.msecnd.net az512334.vo.msecnd.net az725175.vo.msecdn.net azwanp.trafficmanager.net b-ring.msedge.net b.codeonclick.com b.ns.facebook.com b.scorecardresearch.com bat.bing.com beacon.krxd.net bg.v4.emdl.ws.microsoft.com bgpdefault-vie.msedge.net bingads.microsoft.com bnpsa.g.comcast.net browser.events.data.microsoft.com browser.events.data.msn.com browser.pipe.aria.microsoft.com c-0001.c-msedge.net c-0002.c-msedge.net c-0003.c-msedge.net c-0004.c-msedge.net c-0005.c-msedge.net c-0006.c-msedge.net c-0007.c-msedge.net c-0008.c-msedge.net c-0009.c-msedge.net c-ring.msedge.net c.bing.com c.msn.com c.s-microsoft.com c.urs.microsoft.com c1.microsoft.com cache.datamart.windows.com candycrushsoda.king.com casual-solitaire.cloudapp.net cci.directline.botframework.com cdn.adnxs.com cdn.at.atwola.com cdn.content.prod.cms.msn.com cdn.fastclick.net cdn.krxd.net"
set "RedPanda_HostList_A04=cdn.onenote.net cdn.onesignal.com cdn.viglink.com cdpcs.microsoft.com ceuswatcab01.blob.core.windows.net ceuswatcab02.blob.core.windows.net checkappexec.microsoft.com choice.microsoft.com choice.microsoft.com.nsatc.net client-office365-tas.msedge.net cm.g.doubleclick.net coin-hive.com coinhive.com compass-ssl.xboxlive.com compatexchange.cloudapp.net concierge.live.com config.edge.skype.com config.office.microsoft.com config.teams.microsoft.com connect.facebook.com corp.sts.microsoft.com corpext.msitadfs.glbdns2.microsoft.com cp601.prod.do.dsp.mp.microsoft.com cp801.prod.do.dsp.mp.microsoft.com creative.ak.facebook.com creative.ak.fbcdn.net crl.microsoft.com cs1.wpc.v0cdn.net ctldl.windowsupdate.com cts.w55c.net cx.atdmt.com cy2.settings.data.microsoft.com.akadns.net cy2.vortex.data.microsoft.com.akadns.net d.agkn.com db5.settings.data.microsoft.com.akadns.net db5.vortex.data.microsoft.com.akadns.net db5sch101100831.wns.windows.com"
set "RedPanda_HostList_A05=db5sch101101001.wns.windows.com db5sch101101031.wns.windows.com db5sch101101221.wns.windows.com db5sch101101231.wns.windows.com db5sch101101338.wns.windows.com db5sch101101430.wns.windows.com db5sch101101640.wns.windows.com db5sch101101941.wns.windows.com db5sch101110331.wns.windows.com db5sch101110343.wns.windows.com db5sch101110438.wns.windows.com db5sch101110510.wns.windows.com db5sch101110541.wns.windows.com db5sch101110740.wns.windows.com db5sch101110810.wns.windows.com db5sch101110821.wns.windows.com db5sch101110929.wns.windows.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com df.telemetry.microsoft.com diagnostics.support.microsoft.com disc601.prod.do.dsp.mp.microsoft.com disc801.prod.do.dsp.mp.microsoft.com displaycatalog.mp.microsoft.com dmd.metaservices.microsoft.com download-ssl.msgamestudios.com dpm.demdex.net e-0001.e-msedge.net e-0002.e-msedge.net e-0003.e-msedge.net e-0004.e-msedge.net e-0005.e-msedge.net"
set "RedPanda_HostList_A06=e-0006.e-msedge.net e-0007.e-msedge.net e-0008.e-msedge.net e-0009.e-msedge.net e.nexac.com eaus2watcab01.blob.core.windows.net eaus2watcab02.blob.core.windows.net ecs.office.com edge.microsoft.com ei.rlcdn.com endpoint-quwfbp3teyq4e.azureedge.net eu.vortex-win.data.microsoft.com europe.smartscreen-prod.microsoft.com everydaymagic-windowsservices-tas.msedge.net evoke-windowsservices-tas.msedge.net external-frt3-1.xx.fbcdn.net external-frt3-2.xx.fbcdn.net external-veil-1.xx.fbcdn.net f24aea1ef289112ec08c775a9cce3bd4.clo.footprintdns.com fb4f06b65a8ebaffd9f1645a2732f71e.clo.footprintdns.com fbcdn-creative-a.akamaihd.net fbcdn-static-b-a.akamaihd.net fbcdn.net fbexternal-a.akamaihd.net fbstatic-a.akamaihd.net fe2.update.microsoft.com.akadns.net fe3.delivery.dsp.mp.microsoft.com.nsatc.net feedback.microsoft-hohm.com feedback.search.microsoft.com feedback.windows.com feedbacksite-bn2b.smartscreen.microsoft.com files.adform.net fp-afd.azureedge.net"
set "RedPanda_HostList_A07=fp-afd.azurefd.net fp-afd.azurefd.us fp-as.azureedge.net fp-vs.azureedge.net fp.msedge.net functionalclam.com g.bing.com g.live.com g.microsoft.com g.msn.com g.msn.com.nsatc.net github.map.fastly.net geo-prod.do.dsp.mp.microsoft.com geo.prod.do.dsp.mp.microsoft.com geo.vortex.data.microsoft.com.akadns.net geover-prod.do.dsp.mp.microsoft.com geover.prod.do.dsp.mp.microsoft.com gg.google.com global.msads.net go.microsoft.com google-analytics.com googleads.g.doubleclick.net googleads2.g.doubleclick.net googleadservices.com googlesyndication.com googletagmanager.com graph.facebook.com i.kissmetrics.com i.liadm.com i1.services.social.microsoft.com i1.services.social.microsoft.com.nsatc.net ib.adnxs.com iecvlist.microsoft.com ieonline.microsoft.com ieonlinews.microsoft.com images.taboola.com img-s-msn-com.akamaized.net img1.wsimg.com inference.location.live.net inprod.support.services.microsoft.com iteactive-vie.msedge.net js.microsoft.com jslog.krxd.net"
set "RedPanda_HostList_A08=k-ring.msedge.net kv601.prod.do.dsp.mp.microsoft.com kv801.prod.do.dsp.mp.microsoft.com l-ring.msedge.net l.facebook.com licensing.md.mp.microsoft.com licensing.mp.microsoft.com live.rads.msn.com livetileedge.dsx.mp.microsoft.com location-inference-westus.cloudapp.net login.live.com login.microsoftonline.com logincdn.msauth.net m.adnxs.com m.qualifytring.com match.adsrvr.org media.fastclick.net mobile.events.data.microsoft.com mobile.pipe.aria.microsoft.com modern.watson.data.microsoft.com.akadns.net mpa.one.microsoft.com msdl.microsoft.com msedge.b.tlu.dl.delivery.mp.microsoft.com msedge.net mwf-service.akamaized.net nav.smartscreen.microsoft.com next-services.apps.microsoft.com nexusrules.officeapps.live.com ntp.msn.com o.aolcdn.com oca.alpha.telemetry.microsoft.com oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net oca7.alpha.telemetry.microsoft.com oca7.ppe.telemetry.microsoft.com oca8.ppe.telemetry.microsoft.com ocos-office365-s2s.msedge.net"
set "RedPanda_BlackHostsList_A=!RedPanda_HostList_A01! !RedPanda_HostList_A02! !RedPanda_HostList_A03! !RedPanda_HostList_A04! !RedPanda_HostList_A05! !RedPanda_HostList_A06! !RedPanda_HostList_A07! !RedPanda_HostList_A08!"
set "RedPanda_HostList_B01=ocsa.office.microsoft.com office14client.microsoft.com office15client.microsoft.com officecdn.microsoft.com officecdn.microsoft.com.edgesuite.net officeclient.microsoft.com officeredir.microsoft.com officestore.microsoft.com oft.msn.com onclkds.com oneclient.sfx.ms onecollector.cloudapp.aria.akadns.net onecs-live.azureedge.net onedrive.live.com onlinestores.metaservices.microsoft.com optanon.blob.core.windows.net otf.msn.com outlook.office.com outlookmobile-office365-tas.msedge.net ow1.res.office365.com p2-ajqzcgzl2l3xw-gepf7uctxogn5vzq-if-v6exp3-v4.metric.gstatic.com p2-bqvskhonsju5q-ed4zavcsaojzmvmb-if-v6exp3-v4.metric.gstatic.com p2-enmdpqijudiua-eying5wyxgzp6dwz-if-v6exp3-v4.metric.gstatic.com p2-fkgdhaabwvfxw-xv2qbevds4lr622e-if-v6exp3-v4.metric.gstatic.com p2-ggwrelokxwzwo-uuovim4bdorjplkp-if-v6exp3-v4.metric.gstatic.com p2-hktvemjznhzt6-krdjd3zqh6oryado-if-v6exp3-v4.metric.gstatic.com p2-ixrh4jazt6bka-vrg2ihieqq7h7x66-if-v6exp3-v4.metric.gstatic.com"
set "RedPanda_HostList_B02=p4-c7zrxegtmgcsc-escwxf4cdaqrjukz-if-v6exp3-v4.metric.gstatic.com p4-gua6ilgkj6222-c37u6zka7ys5pa27-if-v6exp3-v4.metric.gstatic.com p5-wknln4jd5q3qm-ik4z2y35yknm3pf6-576092-i2-v6exp3.v4.metric.gstatic.com p5-wyy773liffdba-dgrv56uw7xwp7h7r-514802-i2-v6exp3.v4.metric.gstatic.com p5-z6ncvqrb65bss-ypxh225pzjntuicv-200594-i1-v6exp3.ds.metric.gstatic.com pagead.l.google.com pagead2.googlesyndication.com partner.googleadservices.com partner.support.services.microsoft.com partnerad.l.google.com peer1-vie.msedge.net peer2-vie.msedge.net peer3-vie.msedge.net ping.chartbeat.net pixel.advertising.com pixel.facebook.com platform-lookaside.fbsbx.com pnrpv2.ipv6.microsoft.com pnrpv21.ipv6.microsoft.com popup.msn.com pr-bh.ybp.yahoo.com pre.footprintpredict.com preview.msn.com pricelist.skype.com pubads.g.doubleclick.net q-ring-fallback.msedge.net query.prod.cms.rt.microsoft.com rad.msn.com redir.metaservices.microsoft.com reports.wes.df.telemetry.microsoft.com"
set "RedPanda_HostList_B03=res1.windows.microsoft.com res2.windows.microsoft.com responses.df.telemetry.microsoft.com ris.api.iris.microsoft.com rmads.msn.com rr.office.microsoft.com rt.applicationinsights.microsoft.com rt.services.visualstudio.com rum2.perf.linkedin.com rum3.perf.linkedin.com rum4.perf.linkedin.com rum5.perf.linkedin.com rum6.perf.linkedin.com rum7.perf.linkedin.com rum8.perf.linkedin.com rum9.perf.linkedin.com rum10.perf.linkedin.com rum11.perf.linkedin.com rum12.perf.linkedin.com rum13.perf.linkedin.com rum14.perf.linkedin.com rum15.perf.linkedin.com rum16.perf.linkedin.com rum17.perf.linkedin.com rum18.perf.linkedin.com rum19.perf.linkedin.com rum20.perf.linkedin.com s-0001.s-msedge.net s-0002.s-msedge.net s-0003.s-msedge.net s-0004.s-msedge.net s-0005.s-msedge.net s-0006.s-msedge.net s-0007.s-msedge.net s-0008.s-msedge.net s-0009.s-msedge.net s-ring.msedge.net s.youtube.com s0.2mdn.net s1.2mdn.net s1.adform.net sam.msn.com sb.scorecardresearch.com"
set "RedPanda_HostList_B04=scontent-frt3-2.xx.fbcdn.net scontent-veil-1.xx.fbcdn.net scontent-vie1-1.xx.fbcdn.net scontent.flju2-1.fna.fbcdn.net search.namequery.com secure-ds.serving-sys.com secure.adnxs.com segments-s.msedge.net self.events.data.microsoft.com service.datamart.windows.com services.wes.df.telemetry.microsoft.com settings-sandbox.data.microsoft.com settings-ssl.xboxlive.com settings-win-ppe.data.microsoft.com settings-win.data.microsoft.com settings.data.microsoft.com site-cdn.onenote.net sitefinder-idn.verisign.com sitefinder.verisign.com skydrive.live.com skypedataprdcolcus01.cloudapp.net skypedataprdcolcus02.cloudapp.net skypedataprdcolcus03.cloudapp.net skypedataprdcolcus04.cloudapp.net skypedataprdcolcus05.cloudapp.net skypedataprdcoleus06.cloudapp.net skypedataprdcolcus07.cloudapp.net skypedataprdcolcus08.cloudapp.net skypedataprdcolcus09.cloudapp.net skypedataprdcolcus10.cloudapp.net skypedataprdcolcus11.cloudapp.net skypedataprdcolcus12.cloudapp.net"
set "RedPanda_HostList_B05=skypedataprdcolcus13.cloudapp.net skypedataprdcolcus14.cloudapp.net skypedataprdcolcus15.cloudapp.net skypeecs-prod-usw-0-b.cloudapp.net sls.update.microsoft.com.akadns.net smartscreen-os1p.smartscreen.microsoft.com smartscreen-prod.microsoft.com smartscreen-sn3p.smartscreen.microsoft.com smartscreen.microsoft.com spo-ring.msedge.net spynet2.microsoft.com spynetalt.microsoft.com sqm.alpha.telemetry.microsoft.com sqm.df.telemetry.microsoft.com sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net sqm7.alpha.telemetry.microsoft.com srtb.msn.com ssl-youtube.2cnt.net ssl.google-analytics.com ssl.gstatic.com ssw.live.com stags.bluekai.com star-mini.c10r.facebook.com static-spartan-neu-s-msn-com.akamaized.net static.2mdn.net static.doubleclick.net static.xx.fbcdn.net staticxx.facebook.com stats.g.doubleclick.net statsfe1.ws.microsoft.com statsfe2.update.microsoft.com.akadns.net statsfe2.ws.microsoft.com steamih.com store-images.s-microsoft.com"
set "RedPanda_HostList_B06=storecatalogrevocation.storequality.microsoft.com storeedgefd.dsx.mp.microsoft.com support.content.office.microsoft.com support.office.microsoft.com survey.support.services.microsoft.com survey.watson.microsoft.com sync.liverail.com t-ring.msedge.net t.checkappexec.microsoft.com t.urs.microsoft.com tags.bluekai.com telecommand.alpha.telemetry.microsoft.com telecommand.df.telemetry.microsoft.com telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net telemetry.appex.bing.net telemetry.microsoft.com telemetry.urs.microsoft.com telemetrysvc-by3p.smartscreen.microsoft.com teredo.ipv6.microsoft.com to-do.microsoft.com tpc.googlesyndication.com tpcnc.googlesyndication.com track.adform.net traffic.adxprts.com trc.taboola.com tse1.mm.bing.net tsfe.trafficshaping.dsp.mp.microsoft.com tu9srvbirvvtocrjcc1pbi5uyw5vdmlzb3iuaw80.g00.msn.com uhf.microsoft.com ui.skype.com uif.microsoft.com umwatson.trafficmanager.net"
set "RedPanda_HostList_B07=umwatsonc.events.data.microsoft.com unitedstates.smartscreen-prod.microsoft.com updserv-east-cdn3.com urlreputation-ch1p.smartscreen.microsoft.com urlreputation-sn3p.smartscreen.microsoft.com urs.microsoft.com urs.smartscreen.microsoft.com us.vortex-win.data.microsoft.com v10-win.vortex.data.microsoft.com.akadns.net v10.events.data.microsoft.com v10.vortex-win.data.microsoft.com v20.events.data.microsoft.com v20.vortex-win.data.microsoft.com validation-v2.sls.microsoft.com video-ad-stats.googlesyndication.com video-stats.video.google.com vortex-sandbox.data.microsoft.com vortex-win-sandbox.data.microsoft.com vortex-win.data.microsoft.com vortex.data.microsoft.com wat8.ppe.telemetry.microsoft.com watson.alpha.telemetry.microsoft.com watson.df.telemetry.microsoft.com watson.live.com watson.microsoft.com watson.ppe.telemetry.microsoft.com watson.telemetry.microsoft.com watson.telemetry.microsoft.com.nsatc.net watson2.alpha.telemetry.microsoft.com"
set "RedPanda_HostList_B08=watson7.alpha.telemetry.microsoft.com wdcp.microsoft.com wdcpalt.microsoft.com web.vortex.data.microsoft.com webmine.pro wer.alpha.telemetry.microsoft.com wer.microsoft.com wes.df.telemetry.microsoft.com weu-000.reverseproxy.onenote.com weu-000.site.onenote.com weus2watcab01.blob.core.windows.net weus2watcab02.blob.core.windows.net win10.ipv6.microsoft.com wp-monero-miner.com wscont-scdn.windows.akadns.net wscont.apps.microsoft.com wscont.apps.microsoft.com.edgekey.net wscont1.apps.microsoft.com wscont2.apps.microsoft.com wu.wut.smartscreen.microsoft.com www-google-analytics.l.google.com www.bing.com www.google-analytics.com www.googleadservices.com www.googletagservices.com www.msftncsi.com www.msftncsi.com.edgesuite.net www.msn.com www.myrappid.com www.pinkturtle.me www.youtube-nocookie.com www2.bing.com x.dlx.addthis.com youtube.2cnt.net yt3.ggpht.com"
set "RedPanda_BlackHostsList_B=!RedPanda_HostList_B01! !RedPanda_HostList_B02! !RedPanda_HostList_B03! !RedPanda_HostList_B04! !RedPanda_HostList_B05! !RedPanda_HostList_B06! !RedPanda_HostList_B07! !RedPanda_HostList_B08!"
set "RedPanda_BlackHosts=!RedPanda_BlackHostsList_A!"
:RedPanda_Init
for %%A in (!RedPanda_BlackHosts!) do (
   set _RP_RawHost=%%A
   rem --
   if defined _DUMP_MODE (
       echo !_RP_RawHost!>>"!_EXTERNAL!_HOSTLIST_RAW.TXT"
       echo  - Dumping HOSTNAME: !_RP_RawHost!
   )
   rem --
   set "_RP_NoAddress=true"
   if not defined _flag-v (set /a "RPandaGUICount=!RPandaGUICount!+1") else (<nul set /p =".!BS!  - " &call :GUI 0f "!_RP_RawHost!" &<nul set /p =".!BS! [")
   if defined _RP_DNS_Resolving if not defined _RP_ICMP_Resolving (
       for /f "skip=1 usebackq tokens=1,2" %%a in (`nslookup !_RP_RawHost! 2^>Nul ^|findstr /r ".*[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\> .*\:.*\:.*\:.*\>"`) do (
           set "_DNSHostDump=%%a"
           set _DNSHostMultiDump=true
           echo !_DNSHostDump! | findstr /r ".*[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\> .*\:.*\:.*\:.*\>" >nul || ( set "_DNSHostMultiDump=" & set "_DNSHostDump=%%b" )
           if defined _flag-v if defined _DNSHostMultiDump <nul set /p =", "
           if defined _DNSHostDump (
               set "_RP_RouteBlockConfig="
               echo !_DNSHostDump! | find "." >nul && (set "_RP_RouteBlockConfig=4 ADD !_DNSHostDump! MASK !_RPanda_IPv4SubMask! !_RPanda_IPv4LoopBack!" & if defined _flag-v ( set /A "_RPanda_IPv4AdrCount=!_RPanda_IPv4AdrCount!+1" &set "_RP_NoAddress=" )) || (set "_RP_RouteBlockConfig=6 ADD !_DNSHostDump!/128 !_RPanda_IPv6LoopBack!" & if defined _flag-v ( set /A "_RPanda_IPv6AdrCount=!_RPanda_IPv6AdrCount!+1" &set "_RP_NoAddress=" ))
               if !_RP_IFCounter! equ 1 (
                   route -p -!_RP_RouteBlockConfig! metric !_RPanda_debugMetric! IF !_RPandaIF1! >nul 2>&1
                   route -p -!_RP_RouteBlockConfig! metric !_RPanda_defaultMetric! IF !_RPandaIF1! >nul 2>&1
               ) else if !_RP_IFCounter! gtr 1 (for /l %%Z in (1 1 !_RP_IFCounter!) do (
                       route -p -!_RP_RouteBlockConfig! metric !_RPanda_debugMetric! IF !_RPandaIF%%Z! >nul 2>&1
                       route -p -!_RP_RouteBlockConfig! metric !_RPanda_defaultMetric! IF !_RPandaIF%%Z! >nul 2>&1
               ))
               if defined _flag-v <nul set /p ="!_DNSHostDump!"
   )))
   if not defined _RP_DNS_Resolving if defined _RP_ICMP_Resolving (
       set "_RP_PingDump_IPv4=" &set "_RP_PingDump_IPv6="
       for /f "Tokens=2 delims=[]" %%a in ('ping !_RP_RawHost! -4 -n 1 -l 1 -w 1 2^>Nul ^| findstr /r ".*[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*"') do (set _RP_PingDump_IPv4=%%a)
       for /f "Tokens=2 delims=[]" %%a in ('ping !_RP_RawHost! -6 -n 1 -l 1 -w 1 2^>Nul ^| findstr /r ".*\:.*\:.*\:.*"') do (set _RP_PingDump_IPv6=%%a)
       if defined _RP_PingDump_IPv4 (
           if !_RP_IFCounter! equ 1 (
               route -p -4 ADD !_RP_PingDump_IPv4! MASK !_RPanda_IPv4SubMask! !_RPanda_IPv4LoopBack! metric !_RPanda_debugMetric! IF !_RPandaIF1! >nul 2>&1
               route -p -4 ADD !_RP_PingDump_IPv4! MASK !_RPanda_IPv4SubMask! !_RPanda_IPv4LoopBack! metric !_RPanda_defaultMetric! IF !_RPandaIF1! >nul 2>&1
           ) else if !_RP_IFCounter! gtr 1 (for /l %%Z in (1 1 !_RP_IFCounter!) do (
                   route -p -4 ADD !_RP_PingDump_IPv4! MASK !_RPanda_IPv4SubMask! !_RPanda_IPv4LoopBack! metric !_RPanda_debugMetric! IF !_RPandaIF%%Z! >nul 2>&1
                   route -p -4 ADD !_RP_PingDump_IPv4! MASK !_RPanda_IPv4SubMask! !_RPanda_IPv4LoopBack! metric !_RPanda_defaultMetric! IF !_RPandaIF%%Z! >nul 2>&1
           ))
           if defined _flag-v (set /A "_RPanda_IPv4AdrCount=!_RPanda_IPv4AdrCount!+1" &set "_RP_NoAddress=" &<nul set /p ="!_RP_PingDump_IPv4!")
       )
       if defined _RP_PingDump_IPv6 (
           if !_RP_IFCounter! equ 1 (
               route -p -6 ADD !_RP_PingDump_IPv6!/128 !_RPanda_IPv6LoopBack! metric !_RPanda_debugMetric! IF !_RPandaIF1! >nul 2>&1
               route -p -6 ADD !_RP_PingDump_IPv6!/128 !_RPanda_IPv6LoopBack! metric !_RPanda_defaultMetric! IF !_RPandaIF1! >nul 2>&1
           ) else if !_RP_IFCounter! gtr 1 (for /l %%Z in (1 1 !_RP_IFCounter!) do (
                   route -p -6 ADD !_RP_PingDump_IPv6!/128 !_RPanda_IPv6LoopBack! metric !_RPanda_debugMetric! IF !_RPandaIF%%Z! >nul 2>&1
                   route -p -6 ADD !_RP_PingDump_IPv6!/128 !_RPanda_IPv6LoopBack! metric !_RPanda_defaultMetric! IF !_RPandaIF%%Z! >nul 2>&1
           ))
           if defined _flag-v (
               set /A "_RPanda_IPv6AdrCount=!_RPanda_IPv6AdrCount!+1" &set "_RP_NoAddress="
               if defined _RP_PingDump_IPv4 <nul set /p =", "
               <nul set /p ="!_RP_PingDump_IPv6!"
   )))
   if defined _flag-v (
       if defined _RP_NoAddress call :GUI 0E "Unable to resolve"
       <nul set /p ="] "
       if not defined _RP_NoAddress <nul set /p ="BLOCKED"
       echo.
   ) else (
       set RPandaGUISubREM=
       if !RPandaGUICount! geq 300 (set "RPandaGUISubMOD=50") else if !RPandaGUICount! geq 200 (set "RPandaGUISubMOD=20") else (set "RPandaGUISubMOD=10")
       set /a "RPandaGUISubREM=!RPandaGUICount! %% !RPandaGUISubMOD!"
       if !RPandaGUISubREM! equ 0 (
           if defined RPanda_GUI_IndexPA (set /A "RPanda_GUI_IndexPA=!RPanda_GUI_IndexPA!+1" &set /A "RPanda_GUI_IndexPB=!RPanda_GUI_IndexPA!+1") else (set /A "RPanda_GUI_IndexPA=!RPandaGUIFixedIndex!+1" &set /A "RPanda_GUI_IndexPB=!RPanda_GUI_IndexPA!+1")
           call :drawProgressBar !RPanda_GUI_IndexPA! "Blocking external hosts"
           for /l %%z in (!RPanda_GUI_IndexPA! 1 !RPanda_GUI_IndexPB!) do call :drawProgressBar %%z
   ))
   set "_RP_RawHost=" &set "_RP_PingDump_IPv4=" &set "_RP_PingDump_IPv6=" &set "_DNSHostDump=" &set "_DNSHostMultiDump="
)
if defined RedPanda_BlackHostsList_B (
   set "RedPanda_BlackHosts=!RedPanda_BlackHostsList_B!"
   set RedPanda_BlackHostsList_B=
   goto RedPanda_Init
)
:RedPanda_FinalizeBlock
if defined _flag-v (
   set /A "_RPanda_EndTotalCount=!_RPanda_IPv4AdrCount!+!_RPanda_IPv6AdrCount!"
   echo. &call :GUI 0f " -- Total addresses blocked: " &call :GUI 06 "!_RPanda_EndTotalCount!"
   <nul set /p =".!BS!  [ IPv4: " &call :GUI 06 "!_RPanda_IPv4AdrCount! " &<nul set /p =", IPv6: " &call :GUI 06 "!_RPanda_IPv6AdrCount! " &<nul set /p ="]" &echo. &echo.
) else (
   if !RPanda_GUI_IndexPB! gtr 0 if !RPanda_GUI_IndexPB! lss 95 (set "RPanda_FINFixedIndex=!RPanda_GUI_IndexPB!")
)
if defined _DEBUG_MODE (
   echo off
   echo. & goto BDShell
)
:RedPanda_SkipBlock
rem ----
if defined _DUMP_MODE (
   sort < "!_EXTERNAL!_HOSTLIST_RAW.TXT" > "!_EXTERNAL!_HOSTLIST_SORTED.TXT"
   echo  - DONE. Sorted dump file is at: !_EXTERNAL!_HOSTLIST_SORTED.TXT
   pause>nul
   exit
)
rem ----
if defined _flag-hostblock (
   set "_flag-hostblock=" &set "_BirdRuntimeFlag="
   if defined _BirdRuntimeMultiFlags set "_BirdRuntimeConfig=!_BirdRuntimeConfig:_HOSTBLOCK =!"
   goto SwitchFunctionTable
%%z

 

Blackbird V6 (v1.0.80.2) Released (November 10, 2020)
Download
Changelog

Note: "Google Safe Browsing recently found harmful programs on getblackbird.net." Issue solved...

 

I've used Blackbird v6 and has done a good job. Except it fails to rectify the MitigationOptions key, it always flags it as red when it should be green, you can change the values in this key via exploit protection settings in windows 10 settings in privacy settings, but according to that picture those settings won't cover the full story. I tried all on, all off, ASLR off only, ASLR on only (since it lists it under ASLR in blackbird), but it always flags red, I tried setting all the binary values to '2' or appropriately '1' on some keys according to the image link below:

SYSTEM\CurrentControlSet\Control\Session Manager\kernel, MitigationOptions binary key.

I found this picture that explains all the digits and relates this binary key:

Imgur: The magic of the Internet

I could just delete the key and it be seen as not_set by blackbird, a neutral choice but probably not a good idea, I don't know why blackbird v6 wants this key sorting out, I did see these posts in this link:

Windows 8 onwards incorrectly implements ASLR security feature, but you can fix it | MyBroadband Forum

person1: "Mind elaborating on how you figure ASLR configuration equates to telemetry in any way at all?"


person2: "Simply speaking, MS 'Telemetry' use the same mechanism to lurk inside running appications as an external (non-Microssoft) malware or spyware."

person2: "Publishing this registry hack is a sign that MS 'Telemetry' will be slowly phased out and replaced by more powerful and centrailised module in Defender. Many current problems with Windows 10 are attributed to the clash between these two. It is like having two different antivirus programs running on the same system. They spend much of the time fighting each other.

As for OP, Win 10 v.1709 (built 16299.15) has a relevant ASLR settings in the Settings app, I just found it yesterday. There is no need for this registry hack anymore."

Now, I take it blackbird sees ASLR (or possibly other mitigation exploit measures) as something MS abused for spying.

I've thought Windows Defender is the compiler and sender of telemetry for a while, it can hide in all that excusable CPU time and memory. I also feel Win Def works alongside all sorts of techniques deployed by MS to spy and telemetry. They'll have a very comprehensive legal scope on everything they can legally do and get away with.

Back to my question, do you have any idea what binary values I could put in the MitigationOptions that would possibly appease blackbird v6? Unless you know the program and your key was appropriately rectified by blackbird v6 and could share those values?

Logically from a coder stand point, this is where I'm clueless, does disabling all ASLR help prevent any possible spying or enabling all of ASLR. I would think ASLR prevents manipulation but then again I don't know if MS abuses ASLR when it is enabled.

I'm at odds with this setting. Any ideas? Thanks.