search

liamengland1 / mischosts

hosts for pihole
MIT License
135 stars 27 forks source link

Windows Update Whitelist 1903 #7

Closed rugabunda closed 4 years ago

rugabunda commented 4 years ago 
#0.0.0.0 ctldl.windowsupdate.com #Used to download certificates that are publicly known to be fraudulent
#0.0.0.0 crl.microsoft.com #certificate revocation lists
#0.0.0.0 dl.delivery.mp.microsoft.com #Enables connections to Windows Update.
#0.0.0.0 fe2cr.update.microsoft.com #necessary for windows updates
#0.0.0.0 fe3cr.delivery.mp.microsoft.com #necessary for windows updates
0.0.0.0 sls.update.microsoft.com.akadns.net #Enables connections to Windows Update. [fall back service for fe2cr.update.microsoft.com, generally recognized as unnecessary]
0.0.0.0 slscr.update.microsoft.com # Fallback for fe2cr.update.microsoft.com]

And for Microsoft store:

#0.0.0.0 storeedgefd.dsx.mp.microsoft.com #Windows Store, necessity 
#0.0.0.0 storecatalogrevocation.storequality.microsoft.com #security features to prevent malicious apps
#0.0.0.0 store-images.s-microsoft.com #windows store images
#0.0.0.0 displaycatalog.md.mp.microsoft.com #   Used to communicate with Microsoft Store.
#0.0.0.0 displaycatalog.mp.microsoft.com #  Used to communicate with Microsoft Store.
#0.0.0.0 tsfe.trafficshaping.dsp.mp.microsoft.com # [if displaycatalog.mp.microsoft.com connects, eventually this will try call home. Used for content regulation; content delivery optimization? Delivery Optimization Group Policy setting: Simple (99) Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. Blocking this may result in 
#Cont: tsfe.trafficshaping.dsp.mp.microsoft.com endpoint is used for content regulation [geo-location/cloud services]. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.

Store components apps will be updated directly via windows update, over the domains tlu.dl.delivery.mp.microsoft.com and fe2cr.update.microsoft.comso long as "Storage Service" is enabled under services.msc; The store domains listed above are only necessary for connecting to the microsoft store and downloading new/thirdparty apps.

If using a third party dns service such as acrylic, and dnscache service is disabled, windows store will fail to connect altogether.

liamengland1 commented 4 years ago

I'm not removing tsfe.trafficshaping.dsp.mp.microsoft.com, as Windows Update and Microsoft Store work fine.