I run Windows 7 Pro SP1, and I use Comodo firewall to block internet access by consent.exe. I do this because I have read that consent.exe is sometimes replaced by malware and that it doesn’t hurt anything to block its internet access. I trust Comodo Internet Security to provide sufficient protection, so I don’t need Microsoft’s root certificate validation also.
I am seeing in the firewall logs a lot of blocked attempts by consent.exe to access IPs owned by Akamai Technologies. I would like to speed up booting, reduce the clutter in my firewall logs and improve my knowledge of Windows. I suspect it is related to root certificate, so I have done several things to prevent root certificate updates. I could use some help to figure out what I missed.
Using gpedit.msc on the admin account, I have enabled the following policies to turn off internet access aspects in Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings:
handwriting recognition error reporting
Windows Customer Experience
Automatic Root Certificates Update
Windows Network Connectivity Status
Windows Error Reporting
Search Companion content file updates
Internet File Association service
Internet download for web publishing
“Order Prints”
“Publish to Web”
Windows Message Customer Experience
I also have Windows Update configured to never check for updates. Even with all these features disabled, I still see consent.exe getting blocked in my firewall logs! Therefore, using gpedit.msc, I went to Computer Configuration\Windows Settings\Security settings\Public Key Policies\Certificate Path validation settings. In the tabs for Trusted Publishers and Nertwork Retrieval, I checked to boxes to define the policies, and unchecked all the square boxes to prevent internet access for root certificates. Still not improvement after reboot.
What did I miss?