Disable Microsoft Connectivity Test (msftconnecttest.com)

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Apache License 2.0

6.22k stars 887 forks source link

Disable Microsoft Connectivity Test (msftconnecttest.com) #525

Closed jstrosch closed 8 months ago

jstrosch commented 9 months ago

Details

I've noticed when doing any sort of packet capture (i.e. fakenet-ng) that the MS connectivity test is active (i.e. DNS queries to msftconnecttest.com). Some brief testing/reading and it looks like modifying EnableActiveProbing at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet to zero stops this. This would be helpful to eliminate some of the background noise :) Thanks!

Ana06 commented 9 months ago

Thanks for the issue @jstrosch! 👍 @mandiant/commando-vm is this also something you want? Should we add it to the debloat package?

day1player commented 9 months ago

@Ana06 Yeah I think that sounds good!