search

NateShoffner / Disable-Nvidia-Telemetry

Windows utility to disable Nvidia's telemetry services
574 stars 39 forks source link

The only way to disable nvidia telemetry now is to delete the nvtelemetry.dll #19

Open rugabunda opened 4 years ago

rugabunda commented 4 years ago

The only way to disable nvidia telemetry now is to delete the nvtelemetry.dll, for example in the folder: C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_547eeefb57db4499

if you do not delete this... then C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe will connect to *.gfe.nvidia.com

rugabunda commented 4 years ago

i used nvslimmer and clean installed only the display driver, nvidia telemetry was still attempting to connect; here is the strange pattern I found:

Without fail I am seeing the following reoccuring connections. NvidiaDisplayContainer.exe connects in intervals to to activation.gfe.nvidia.com, simultaneously ESET internet security connects to eset key activation servers. edf.eset.com points to a Microsoft Azure cloud server with a bad TLS cert, just visit: edf.eset.com or edfpcs.trafficmanager.net. The strange thing, is why does eset and nvidia always function in concert? hundreds of these every day:

Noted below: after deleting nvtelemetry.dll the following patterns changed dramatically. 

02:40:13 dnsmasq[1335]: query[A] edf.eset.com from 192.168.50.241
02:40:13 dnsmasq[1335]: blocked by blacklist edf.eset.com is 192.168.50.2
02:40:13 dnsmasq[1335]: query[A] pki.eset.com from 192.168.50.241
02:40:13 dnsmasq[1335]: forwarded pki.eset.com to 127.0.0.1
02:40:13 dnsmasq[1335]: reply pki.eset.com is <CNAME>
02:40:13 dnsmasq[1335]: reply pki.wip.eset.com is 91.228.167.181
02:40:13 dnsmasq[1335]: query[A] edf.eset.com from 192.168.50.241
02:40:13 dnsmasq[1335]: blocked by blacklist edf.eset.com is 192.168.50.2
02:40:13 dnsmasq[1335]: query[A] pki.eset.com from 192.168.50.241
02:40:13 dnsmasq[1335]: cached pki.eset.com is <CNAME>
02:40:13 dnsmasq[1335]: cached pki.wip.eset.com is 91.228.167.181
02:40:14 dnsmasq[1335]: query[A] edf.eset.com from 192.168.50.241
02:40:14 dnsmasq[1335]: blocked by blacklist edf.eset.com is 192.168.50.2
02:40:14 dnsmasq[1335]: query[A] pki.eset.com from 192.168.50.241
02:40:14 dnsmasq[1335]: cached pki.eset.com is <CNAME>
02:40:14 dnsmasq[1335]: cached pki.wip.eset.com is 91.228.167.181
02:40:15 dnsmasq[1335]: query[A] activation.gfe.nvidia.com from 192.168.50.241
02:40:15 dnsmasq[1335]: blocked by blacklist activation.gfe.nvidia.com is 192.168.50.2

Aug  5 01:28:05 dnsmasq[681]: cached clientapi.skype.akadns.net is 13.79.186.4
Aug  5 01:28:13 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 01:28:13 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 01:28:13 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.21
Aug  5 01:28:13 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 01:28:13 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 01:28:13 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.21
Aug  5 01:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 01:28:14 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 01:28:14 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.21
Aug  5 01:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 01:28:14 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 01:28:14 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.21
Aug  5 01:28:14 dnsmasq[681]: query[A] edf.eset.com from 192.168.50.241
Aug  5 01:28:14 dnsmasq[681]: forwarded edf.eset.com to 127.0.0.1
Aug  5 01:28:14 dnsmasq[681]: reply edf.eset.com is <CNAME>
Aug  5 01:28:14 dnsmasq[681]: reply edfpcs.trafficmanager.net is <CNAME>
Aug  5 01:28:14 dnsmasq[681]: reply bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is 13.64.117.133
Aug  5 01:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 01:28:14 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 01:28:14 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.21
Aug  5 01:28:15 dnsmasq[681]: query[A] edf.eset.com from 192.168.50.241
Aug  5 01:28:15 dnsmasq[681]: cached edf.eset.com is <CNAME>
Aug  5 01:28:15 dnsmasq[681]: cached edfpcs.trafficmanager.net is <CNAME>
Aug  5 01:28:15 dnsmasq[681]: cached bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is 13.64.117.133
Aug  5 01:28:15 dnsmasq[681]: query[A] edf.eset.com from 192.168.50.241
Aug  5 01:28:15 dnsmasq[681]: cached edf.eset.com is <CNAME>
Aug  5 01:28:15 dnsmasq[681]: cached edfpcs.trafficmanager.net is <CNAME>
Aug  5 01:28:15 dnsmasq[681]: cached bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is 13.64.117.133
Aug  5 01:28:17 dnsmasq[681]: query[A] activation.gfe.nvidia.com from 192.168.50.241
Aug  5 01:28:17 dnsmasq[681]: forwarded activation.gfe.nvidia.com to 127.0.0.1
Aug  5 01:28:17 dnsmasq[681]: reply activation.gfe.nvidia.com is <CNAME>
Aug  5 01:28:17 dnsmasq[681]: reply activation-dc1.gfe.nvidia.com is 8.36.80.230
Aug  5 01:28:17 dnsmasq[681]: reply activation-dc1.gfe.nvidia.com is 8.36.113.126
Aug  5 01:28:17 dnsmasq[681]: reply activation-dc1.gfe.nvidia.com is 8.36.80.231

Aug  5 03:28:13 dnsmasq[681]: query[A] edf.eset.com from 192.168.50.241
Aug  5 03:28:13 dnsmasq[681]: forwarded edf.eset.com to 127.0.0.1
Aug  5 03:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 03:28:14 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 03:28:14 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.26
Aug  5 03:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 03:28:14 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 03:28:14 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.26
Aug  5 03:28:14 dnsmasq[681]: reply edf.eset.com is <CNAME>
Aug  5 03:28:14 dnsmasq[681]: reply edfpcs.trafficmanager.net is <CNAME>
Aug  5 03:28:14 dnsmasq[681]: reply bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is 13.64.117.133
Aug  5 03:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 03:28:14 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 03:28:14 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.26
Aug  5 03:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 03:28:14 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 03:28:14 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.26
Aug  5 03:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 03:28:14 dnsmasq[681]: cached pico.eset.com is <CNAME>
Aug  5 03:28:14 dnsmasq[681]: cached pico.wip.eset.com is 91.228.167.26
Aug  5 03:28:14 dnsmasq[681]: query[A] edf.eset.com from 192.168.50.241
Aug  5 03:28:14 dnsmasq[681]: cached edf.eset.com is <CNAME>
Aug  5 03:28:14 dnsmasq[681]: cached edfpcs.trafficmanager.net is <CNAME>
Aug  5 03:28:14 dnsmasq[681]: cached bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is 13.64.117.133
Aug  5 03:28:15 dnsmasq[681]: query[A] edf.eset.com from 192.168.50.241
Aug  5 03:28:15 dnsmasq[681]: cached edf.eset.com is <CNAME>
Aug  5 03:28:15 dnsmasq[681]: cached edfpcs.trafficmanager.net is <CNAME>
Aug  5 03:28:15 dnsmasq[681]: cached bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is 13.64.117.133
Aug  5 03:28:18 dnsmasq[681]: query[A] activation.gfe.nvidia.com from 192.168.50.241
Aug  5 03:28:18 dnsmasq[681]: forwarded activation.gfe.nvidia.com to 127.0.0.1
Aug  5 03:28:18 dnsmasq[681]: reply activation.gfe.nvidia.com is <CNAME>
Aug  5 03:28:18 dnsmasq[681]: reply activation-dc1.gfe.nvidia.com is 8.36.80.231
Aug  5 03:28:18 dnsmasq[681]: reply activation-dc1.gfe.nvidia.com is 8.36.113.126
Aug  5 03:28:18 dnsmasq[681]: reply activation-dc1.gfe.nvidia.com is 8.36.80.230

Aug  5 05:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 05:28:14 dnsmasq[681]: forwarded pico.eset.com to 127.0.0.1
Aug  5 05:28:14 dnsmasq[681]: reply pico.eset.com is <CNAME>
Aug  5 05:28:14 dnsmasq[681]: reply pico.wip.eset.com is 38.90.226.39
Aug  5 05:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 05:28:14 dnsmasq[681]: forwarded pico.eset.com to 127.0.0.1
Aug  5 05:28:14 dnsmasq[681]: reply pico.eset.com is <CNAME>
Aug  5 05:28:14 dnsmasq[681]: reply pico.wip.eset.com is 38.90.226.39
Aug  5 05:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 05:28:14 dnsmasq[681]: forwarded pico.eset.com to 127.0.0.1
Aug  5 05:28:14 dnsmasq[681]: reply pico.eset.com is <CNAME>
Aug  5 05:28:14 dnsmasq[681]: reply pico.wip.eset.com is 38.90.226.39
Aug  5 05:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 05:28:14 dnsmasq[681]: forwarded pico.eset.com to 127.0.0.1
Aug  5 05:28:14 dnsmasq[681]: reply pico.eset.com is <CNAME>
Aug  5 05:28:14 dnsmasq[681]: reply pico.wip.eset.com is 38.90.226.39
Aug  5 05:28:14 dnsmasq[681]: query[A] pico.eset.com from 192.168.50.241
Aug  5 05:28:14 dnsmasq[681]: forwarded pico.eset.com to 127.0.0.1
Aug  5 05:28:14 dnsmasq[681]: reply pico.eset.com is <CNAME>
Aug  5 05:28:14 dnsmasq[681]: reply pico.wip.eset.com is 38.90.226.39
Aug  5 05:28:14 dnsmasq[681]: query[A] edf.eset.com from 192.168.50.241
Aug  5 05:28:14 dnsmasq[681]: forwarded edf.eset.com to 127.0.0.1
Aug  5 05:28:14 dnsmasq[681]: reply edf.eset.com is <CNAME>
Aug  5 05:28:14 dnsmasq[681]: reply edfpcs.trafficmanager.net is <CNAME>
Aug  5 05:28:14 dnsmasq[681]: reply bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is 13.64.117.133
Aug  5 05:28:15 dnsmasq[681]: query[A] edf.eset.com from 192.168.50.241
Aug  5 05:28:15 dnsmasq[681]: cached edf.eset.com is <CNAME>
Aug  5 05:28:15 dnsmasq[681]: cached edfpcs.trafficmanager.net is <CNAME>
Aug  5 05:28:15 dnsmasq[681]: cached bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is 13.64.117.133
Aug  5 05:28:15 dnsmasq[681]: query[A] edf.eset.com from 192.168.50.241
Aug  5 05:28:15 dnsmasq[681]: cached edf.eset.com is <CNAME>
Aug  5 05:28:15 dnsmasq[681]: cached edfpcs.trafficmanager.net is <CNAME>
Aug  5 05:28:15 dnsmasq[681]: cached bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is 13.64.117.133
Aug  5 05:28:18 dnsmasq[681]: query[A] activation.gfe.nvidia.com from 192.168.50.241
Aug  5 05:28:18 dnsmasq[681]: forwarded activation.gfe.nvidia.com to 127.0.0.1
Aug  5 05:28:18 dnsmasq[681]: reply activation.gfe.nvidia.com is <CNAME>
Aug  5 05:28:18 dnsmasq[681]: reply activation-dc1.gfe.nvidia.com is 8.36.80.230
Aug  5 05:28:18 dnsmasq[681]: reply activation-dc1.gfe.nvidia.com is 8.36.113.126
Aug  5 05:28:18 dnsmasq[681]: reply activation-dc1.gfe.nvidia.com is 8.36.80.231

Aug  6 04:35:14 dnsmasq[1240]: query[A] pico.eset.com from 192.168.50.241
Aug  6 04:35:14 dnsmasq[1240]: forwarded pico.eset.com to 127.0.0.1
Aug  6 04:35:14 dnsmasq[1240]: reply pico.eset.com is <CNAME>
Aug  6 04:35:14 dnsmasq[1240]: reply pico.wip.eset.com is 38.90.226.39
Aug  6 04:35:14 dnsmasq[1240]: query[A] pico.eset.com from 192.168.50.241
Aug  6 04:35:14 dnsmasq[1240]: forwarded pico.eset.com to 127.0.0.1
Aug  6 04:35:14 dnsmasq[1240]: reply pico.eset.com is <CNAME>
Aug  6 04:35:14 dnsmasq[1240]: reply pico.wip.eset.com is 38.90.226.39
Aug  6 04:35:14 dnsmasq[1240]: query[A] pico.eset.com from 192.168.50.241
Aug  6 04:35:14 dnsmasq[1240]: forwarded pico.eset.com to 127.0.0.1
Aug  6 04:35:14 dnsmasq[1240]: reply pico.eset.com is <CNAME>
Aug  6 04:35:14 dnsmasq[1240]: reply pico.wip.eset.com is 38.90.226.39
Aug  6 04:35:15 dnsmasq[1240]: query[A] pico.eset.com from 192.168.50.241
Aug  6 04:35:15 dnsmasq[1240]: forwarded pico.eset.com to 127.0.0.1
Aug  6 04:35:15 dnsmasq[1240]: reply pico.eset.com is <CNAME>
Aug  6 04:35:15 dnsmasq[1240]: reply pico.wip.eset.com is 38.90.226.39
Aug  6 04:35:17 dnsmasq[1240]: query[A] activation.gfe.nvidia.com from 192.168.50.241
Aug  6 04:35:17 dnsmasq[1240]: forwarded activation.gfe.nvidia.com to 127.0.0.1
Aug  6 04:35:17 dnsmasq[1240]: query[A] edf.eset.com from 192.168.50.241
Aug  6 04:35:17 dnsmasq[1240]: forwarded edf.eset.com to 127.0.0.1
Aug  6 04:35:17 dnsmasq[1240]: reply activation.gfe.nvidia.com is <CNAME>
Aug  6 04:35:17 dnsmasq[1240]: reply activation-dc1.gfe.nvidia.com is 8.36.80.230
Aug  6 04:35:17 dnsmasq[1240]: reply activation-dc1.gfe.nvidia.com is 8.36.80.231
Aug  6 04:35:17 dnsmasq[1240]: reply activation-dc1.gfe.nvidia.com is 8.36.113.126

After deleting nvtelemetry.dll eset queries were cut nearly in half. pico*.eset.com was no longer connected to, nor was activation.gfe.nvidia.com.

agret commented 4 years ago

pico.eset.com is the ESET anti-virus update site and is related to your computers NOD32/Eset anti-virus and has nothing to do with NVIDIA.

bal-edf-pcs-app-vmss-01.westus.cloudapp.azure.com is also related to the ESET activation server.

Why does eset and nvidia always function in concert?

Because it looks like for some reason your system is blocking pico.eset.com so the program can't check for updates, every time it detects you are accessing the internet it tries to check for updates but can't.

02:40:13 dnsmasq[1335]: query[A] edf.eset.com from 192.168.50.241 02:40:13 dnsmasq[1335]: blocked by blacklist edf.eset.com is 192.168.50.2 02:40:13 dnsmasq[1335]: query[A] pki.eset.com from 192.168.50.241 02:40:13 dnsmasq[1335]: forwarded pki.eset.com to 127.0.0.1

Looks like activation.gfe.nvidia.com and activation-dc1.gfe.nvidia.com need to be blocked in the hosts file as part of this script though.

rugabunda commented 4 years ago

@agret still seems strange to me, all of them were working in concert. Never seen that before. Anyway, seems now nothing one does stops the dns requests or connection attempts by nvidias latest drivers, its baked into their drivers... gotta use a host file & firewall. this should be illegal, we need laws to ensure one can disable all telemetry and be notified about it up front.

DreamSworK commented 3 years ago

Better use this way https://www.nvidia.com/en-us/geforce/forums/game-ready-drivers/13/275717/defeating-nvidias-telemetry/ Deleting telemetry before driver installation.

agret commented 3 years ago

Better use this way https://www.nvidia.com/en-us/geforce/forums/game-ready-drivers/13/275717/defeating-nvidias-telemetry/ Deleting telemetry before driver installation.

Yes ,that was the better way in 2018 when this tool was first created and did that but they have since changed it so that the telemetry is more integrated into the drivers with every new update.

d0x360 commented 1 year ago

nvcleaninstall has the latest way but it seems nvidia really wants it left intact

ValeZAA commented 11 months ago

You can't just delete a dll file like that because that will mean sigverif.exe will now fail. It requires all the signed files presence.

oliverban commented 7 months ago

You can't just delete a dll file like that because that will mean sigverif.exe will now fail. It requires all the signed files presence.

So how do we defeat the telemetry without deletion of that file?