Can COMODO Firewall stop Windows 10 from connecting to the Internet


there is a lot of talk on the internet about microsoft manipulating the “‘dnsapi.dll’” and other stuff so software firewalls are unable to stop win10 from calling home.

many win10 hater claim that microsoft windows 10 can not be blocked with a software firewall.
they say the only way to block it from calling home is a hardware firewall.
because windows 10 has ways to circumvent any software firewall.

now to me this sounds like bollocks.
for one… if microsoft would do that they would create a hole for other software, right?

but can someone from comodo shine some light on this “issue”.

can someone who knows what he is talking about (best a comodo coder) explain why this is true or why it is not true.

thanks in advance!!!

Yeah…no unless the software firewall is badly coded or somehow doesn’t use a kernel-mode filter driver then the firewall can control all network access even the OS its self. Take CFW for example, you can create a block rule for “Windows Operating System” under application rules and any attempt from kernel-mode to make outbound connection requests will be blocked. You if really want to lock down Windows 10 you could set the firewall to custom-ruleset and remove all default application rules, and set the alert frequency to high. You could also create a specific rule for svchost to only allow out DNS, DHCP, & NETBIOS and specifically only allow DNS requests to a specific DNS server IP address.

yeah that is what i think too.

but these guys argue that mircosoft uses some tricks to tunnel the telemetry data and the firewall will not notice these outgoing requests.

i as i said i think it´s just bollocks but you read it again and again when the topic comes to win10 telemtry data.

Yeah its all speculation without any proof or evidence and these claims are made by people who really don’t know that they are talking about and haven’t bother to fully test their accusations. Its all empty assumptions and if you took a few seconds to fire up wireshark you would see what’s really going on. I also bet that most of the time the “telemetry” data that people claim to see leaking is really something else entirely for example checking the revocation status of a digital signature of an executable or the discovery of other devices on the local network.

Yes, FT, these tests you suggest were done and in the Windows 10 news months ago to refute one such claim. You are absolutely correct in your post.

Yes, FT, these tests you suggest were done and in the Windows 10 news months ago to refute one such claim. You are absolutely correct in your post.

you have links?
that would really interest me!!

From Windows 10 new stories from several months ago? You gotta be joking.
There are over 198 Million news stories archived on the internet. You wish to go through each one?

no that what bookmarks are for… you know. :wink:

i bookmark stuff that is interesting… so i thought you may(!) have bookmarked it.

I read Windows 10 news stories every day. Lots of interesting articles. bookmarks would be crazy if I bookmarked all the stories I’ve read

So it is impossible to create a network connection and have a shadow connection from the windows os that cannot be seen by the firewall?

I’m not sure what you mean by a shadow connection but yes all network communication will be see by the firewall due to it being in kernel mode. For example, even if you were to use an application that makes use of a 3rd party NDIS protocol stack (WinPcap) that bypasses the standard TCP/IP networking stack, CFW will still block the outgoing connection if you have a rule to block it as long as the application rule is applied towards “Windows Operating System”.

I mean a connection that is even below the kernel mode and actively hidden by the developers of microsoft.

But i guess you are right and there is nothing like this.

I just tested my connection with an logging router and compared the entrys my router sees and my firewall sees so no hidden connections i guess.

Well i think i found what i meant it is Called Intel Management engine.

The engine is a piece of hardware that runs all the time and executes code independently of windows.
It has network and complete memory access. The code is obfuscated in a way it cannot be read (having an extra table in the chips to read it). In short it is a build in rootkit.

Has anyone ever thought about protecting the os from this?