Reference Manual



ms.txt - A block list for preventing Windows Updates and Telemetry
sh ms.txt


The file ms.txt contains a list of sites that are added to the DNS Analyser block list.

Please edit the file to meet your needs.

Current Windows Operating Systems (consumer versions) are unsuitable for use as mission-critical computing platforms unless updates and restarts can be controlled by administrators.

The following problems have been identified in Windows 10 Build 1607 (and later):

  • The system passes varying amounts of private data to Microsoft Corporation servers.
  • The system may restart at any time in order to install system updates. Mission-critical services will not be available to external users at such times. Note that remote users may be located in any time zone, hence the default 12:00 AM reboot schedule does does not mitigate this issue. Because administrators cannot prevent such forced reboots, third-party, mission-critical software is at risk of failure after an update.
  • The Microsoft block list has been compiled from various sources on the Internet and reliably prevents data leakage and system updates while NAT32's DNS Analyser is running. When an administrator is ready to perform an update, the blocks can be temporarily disabled via the Control Panel page. Once the updates and reboots have completed, the prudent administrator can then safely re-enable the blocks.

    Various Windows 10 script files are being offered on the Internet that claim to disable Telemetry, Updates and Forced Restarts. While many of these scripts are quite effective, the problem is that they perform many low-level modifications to the running system. Additionally, they must be run on each system that is to be protected.

    A further problem arises when administrators decide that a system update is needed:

    All of the system modifications must be reversed and the system restored to its original state before updates will succeed.
    When two or more Windows machines reside on the same network, one machine may wake another machine in order to fetch updates that it is unable to obtain from the Internet. This can occur even if the other machine is in the shutdown state. The exact details of the protocol used are presently unknown, but because NAT32 has full control over outgoing packets on an adapter, future versions may be able to prevent this undesirable behaviour.
    sh, Control Panel, DNS Analyser, Windows 11