Windows 10 Privacy Guide

Discussion in 'privacy general' started by imuade, Nov 17, 2017.

  1. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    423
    Location:
    Italy
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,563
    Location:
    Slovenia
    Some of them seem dangerous. Deleting services instead of disabling them? Personally I wouldn't do it.
     
  3. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    423
    Location:
    Italy
    Yeah, I agree... also deleting Windows Defender looks a bit too much...
    I may give it a try about: removing features (pre-installed apps), removing onedrive and removing scheduled tasks
     
  4. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,834
    Location:
    Nebraska, USA
    Yeah, I am very suspicious of that guide. Disable Windows Defender? No.
     
  5. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    423
    Location:
    Italy
    Disabling WD is fine if you have another security product.
    Deleting WD is another matter...
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,563
    Location:
    Slovenia
    Yep, I agree.
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,854
    Location:
    Slovakia
    A nice guide, it covers the basics. Obviously a full system backup is recommended prior to any changes. I have grabbed a few tweaks from there.

    Windows keeps re-enabling some services at will, removing them should prevent it.

    It is user's choice, not surprising considering, how badly WD affects OS and most guides only show, how to disable the icon not services. But I prefer to fully disable it rather than to remove it.
     
  8. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,834
    Location:
    Nebraska, USA
    Except that is just not true. WD has matured into an excellent solution. And it keeps maturing and getting better and better. Forums are full of cases where users got rid of performance issues just by uninstalling their 3rd party security (or at least their real-time components) and going back to WD.

    I am not saying WD is the best solution out there. Just that is not bad - as many portray it to be.

    And for the record, Microsoft and many 3rd party providers have gone to extremes to ensure running Windows Defender along side the 3rd party app will NOT cause conflicts or significantly impact performance. Some systems with limited resources may see some performance hit - but that is to be expected when running any additional program that uses RAM and CPU resources.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,854
    Location:
    Slovakia
    .... disabling Windows Defender. The same on mine computers. I rest my case.
     
  10. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    429
    This is where I stopped reading.
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,563
    Location:
    Slovenia
    I don't like that either, they should just respect users decisions. Even though I still wouldn't "feel good" deleting them.
     
  12. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    423
    Location:
    Italy
    Tweaked done, everything is fine and my pc seems faster, but it could be just a placebo :p
     
  13. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Fully agree with that statement and every other statement in this Thread that disagrees with the Link in the Original Posters Post.
    That Link: "Windows 10 Privacy Guide - Fall Creators Update" is very effective and will do exactly what it claims, however, remember, any reduction in security, especially with built-in security, escalates the threat potential and widens the threat landscape.
    The safest way to overrule Microsoft's persistence to re-enable some Services and/or Settings is to use the built-in tools provided for the End User by Microsoft in order to so.
    Those built-in tools are the 'Predefined Rules' within the Windows Defender Firewall.
    Those Predefined Rules are/include:
    The default outbound and inbound rules
    The default Predefined rules listed when creating new outbound or inbound rules
    The default list of Application Packages
    The default List of Services
    And.....here goes.....The default Allow All Outbound and Block All Inbound
    For example, if one does not want "Connected User Experiences and Telemetry" connecting Outbound or Inbound, simply BLOCK the outbound connection by modifying the rule for outbound connections, and BLOCK the inbound connection by modifying/or deleting the rule for inbound connections. The name of the predefined rule is 'DiagTract' and can be found in the list of predefined rules when creating New Rules.
    If 'DiagTract' does not exist in the outbound and/or inbound rules simply RE-CREATE it by choosing 'New Rule'/'Predefined'/'DiagTract' and choose BLOCK for outbound and BLOCK for inbound, or do not create the inbound rule.
    The End User should ONLY RE-CREATE rules using the Default Predefined Rules List, or the Default Applications List, or the Default Services List.
    The End User exists NO REASON to CREATE NEW RULS from SCRATCH other than for rules regarding personal installed programs, such as the CCleaner emergency updater for example.

    Outbound Rule to Block CCleaner emergency updater
    NEW RULE = Outbound
    NAME = CCleaner emergency updater (CCUpdate.exe - Out)
    PROGRAM = C:\Program Files\CCleaner\CCUpdate.exe
    ACTION = Block the connection
    With this rule the CCleaner emergency updater Task will fail to connect outbound regardless of whether the Task is Enabled, Disabled, or Deleted, as AVAST will always re-create the TASK every time new updates install. This is an cleaning tool for Windows, and not perimeter security software, even though it provides security by cleaning sensitive files. AVAST'S CCUpdater.exe violates my perimeter security if allowed to forcibly install updates being it is NOT security software and NOT actively protecting the perimeter or networks edge.

    In regards to Microsoft Windows Defender Virus & Threat Protection. I strongly recommend leaving and using Windows Defender at the DEFAULT SETTINGS!
    However, for diamond heads, instead of disabling Windows Defender, SUSPEND Windows Defender.
    WHEN Windows Defender Virus & Threat Protection is suspended, Windows Defender Real-time protection is disabled, but Windows Defender Cloud-delivered protection and Automatic sample submission is still enabled and can be toggled on/off within the Windows Defender Security Center. Further more, Windows Defender can still be used as an Stand Alone Scanner utilizing all of its scans, including Offline scans. Note that during Windows Manual or Automatic Updates the Virus Definitions will not be updated when Windows Defender is suspended. But who knows in the background.
    Suspending Windows Defender is equivalent to installing third party antivirus and the end user will be prompted accordingly to accept periodic scans and setup Cloud-delivered protection. This can be toggled on/off at any time in Windows Defender Security Center. You MUST reboot after performing the following Registry entry and it may or may not take some time to start receiving notifications in regards to the change.

    SUSPEND WINDOWS DEFENDER IN CREATORS UPDATE:
    Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
    Create New DWORD (32-bit) Value in right pane and name it DisableAntiSpyware (this is what third party antivirus does)
    Change its value data to 1 to suspend Windows Defender
    (0 = No 1 = Yes) To revert the suspension delete the DWORD DisableAntiSpyware & reboot (again, may take some time after reboot to stabilize)

    SUSPEND CORTANA AND RESTORE WINDOWS SEARCH IN CREATORS UPDATE:
    Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
    Create new Key: Windows Search
    Create new DWORD (32-bit) Value: AllowCortana
    Set value to: (0) as-is
    Reboot Computer
    To restore: Delete Key Windows Search
    Modify the outbound rule for Cortana to BLOCK
    If the outbound rule for Cortana does not exist RE-CREATE it by using predefined rule. First start an new outbound rule and Choose 'Custom'
    Just step through the wizard accepting all of the defaults and choose the default to BLOCK
    Name the Rule = Cortana [Package] (Out)
    Now right-click the new rule for Cortana [Package] (Out) and choose 'Properties'
    Left-click the 'Programs and Services' Tab
    Under the heading 'Application Packages' left-click the 'Settings' button
    Left-click 'Apply to this application package' radio button (the third one down)
    Choose: Microsoft.Windows.Cortana_cw5n1h2txyewy (your device name/and account name will appear to the right)
    Left-click Apply then Left-click OK
    Reboot and notice that the icon for Cortana in the Taskbar turns into an magnifying glass allowing one to search WINDOWS ONLY without Cortana accessing the Internet.
    In Settings/Search turn off 'Windows Cloud Search' and 'My Device History" - Click the button 'Clear my device history'

    Now remember, this rule is orphaned because we have suspended Cortana and there is nothing to block out. This rule exists as an "safety net" in case Cortana becomes unsuspended for whatever reason/s.
    This was an long Post and I am now tired.....later.

    -HKEY1952
     
    Last edited: Nov 17, 2017
  14. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,051
    Location:
    Europe then Asia
    This is a "cleaning for good" guide, so if users are worried about deleting stuff, they should move away from it. Anyway those willing to do it, should obviously make a backup before.

    about the "opt-out" for Wifi, just setting mac adress filtering on the router is more efficient.
     
  15. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,854
    Location:
    Slovakia
    By default I block all inbound/outbound and I also remove all rules every days (then add mine), just to make sure, that all rules created, by whatever, are gone. :cool:

     

    Attached Files:

  16. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    423
    Location:
    Italy
    So, you mean, WD can be used as a cloud-only AV, without the need to download database signatures?
    If you set WD this way, can you use attack surface reduction and network protection (which require WD to be working) ?

    EDIT
    Just tried and it's not true.
    Maybe if you only have WD as security SW you can do that, but if you have another AV installed and WD suspended, then WD options can't be set (only the offline scan can).
    Check also this article https://docs.microsoft.com/en-us/wi...irus/windows-defender-antivirus-compatibility

    3.jpg

    2.jpg

    1.jpg
     
    Last edited: Nov 20, 2017
  17. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    107
    Location:
    Some country in the European Union
    It's privacy guide. It is not hardening/security guide. Antivirus products are bad for privacy, but for some users it can increase security at the same time.
    I have similar goals as I stated in my thread.
    IMHO Some changes, such as changing privacy settings, should be made before connecting Windows 10 to the Internet and downloading updates. It means offline installation and being offline during first boot.
     
Loading...