A reboot after WFC install or update is not required. The only IP where WFC should be allowed to connect is 220.127.116.11, and only when it checks for updates. An xml file on binisoft.org website. Other connection attempts should be blocked, as they are generated by the operating system, not by WFC code. However, in the notification dialog context (when a new notification is displayed), WFC checks if the program has a digital signature. On other cases, the operating system checks if there is a valid certificate for WFC, or even referenced assemblies may check for a valid digital certificate. All these are made in the name of wfc.exe even if I don't trigger such verifications from WFC code. One thing is sure, WFC doesn't do any hidden activity on your system.