Notices -Before The panic began, please note its only opinion calling Telemetry a Keylogger -This Topic is about ensure Keylogger/ Telemetry is disabled as much as possible but we cant be certain, Although after Testing its working as should Tested On Lited Windows 10 Enterprise 2015 LTSB N 10240 / 29.7.2015 Build I don't see the weird dns packets in server 2016 build 10.0.10514 [Guide]Way to Disable Keylogger/ Telemetry v3.1 Removing packages with Powershell script, need to run as TrustedInstaller Packages like: Windows defender, Telemetry, Onedrive, Cortana... #Preparation If u have OS with another lang change "*en-US*,*en-*Package*" to your lang If u gonna use the script for online / current OS just change the z: to c:, /image:temp to /online, cd "HKLM:\111\... to cd "HKLM:\Software\... and also skip the hiving and unloading the reg For mounted wim, copy dism folder with lastest dism version, cmd to mount: #Mountdism\dism /Mount-Wim /WimFile:install.wim /index:1 /MountDir:temp /ScratchDir:.#Removing packages ### Fully Automatic Removing Packages / Lite'en Windows 10 / 8.x, by Lite8@MDL / Aviv00@MSFN ####Get packages list excluding en-us packages$s = dir .\Windows\servicing\Packages\*.cat -Exclude *en-US*,*en-*Package*# Filter Packages$s = (dir $s -Include *WindowsFeedback*,*Windows-Skype-ORTC*,*Windows-Prerelease*,*Windows-DiagTrack*,*Windows-ContactSupport*,*OneCore-Maps*,*OneDrive*,*TroubleShooting*,*Search2*,*Cortana*,*Xbox*,*Defender* -Exclude *AutoMerged-xbox*).BaseName#Count$s; $s.count# Hive regreg.exe load HKLM\111 ".\Windows\System32\config\software"#cd "HKLM:\111\Microsoft\windows\CurrentVersion\Component Based Servicing\Packages"# Remove Owners from reg$s | foreach { join-path $PSItem \owners | rd }#z:# save reg and unhivereg.exe unload HKLM\111# remove packages$s | foreach { dism /ScratchDir:. /image:temp /Remove-Package /PackageName:$PSItem } #Finalizing #Cleanupdism\dism /image:temp /Cleanup-Image /StartComponentCleanup /ResetBase#Commitdism\dism /Commit-Wim /MountDir:temp /ScratchDir:.#Exportdism\dism /Export-Image /SourceImageFile:install.wim /SourceIndex:1 /DestinationImageFile:install2.wim; if u use ramdisk like me copy install2 to another folder and format the ramdisk to save time #OneDrive remove servicesc delete OneSyncSvcsc delete OneSyncSvc_24f3a For Enterprise - open cmd.exe with admin run the code(credit goes to murphy78) Tested on Enterprise REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection\ /v AllowTelemetry /t REG_DWORD /d 0 /f Use this Also for Other Editions Run cmd as admin then start the process use Sc.exe to delete the 3 services run this: sc delete dmwappushsvcsc delete diagnosticshub.standardcollector.servicesc delete diagtrack #Deny Diagnosis Folder and deny system accessing the file AutoLogger-Diagtrack-Listener.etl with cacls icacls "C:\ProgramData\Microsoft\Diagnosis" /remove:g system /inheritance:r /deny system:(OI)(CI)f #Blocking Cortana v1.1 Change Search in Firewall advanced to block or run this in cmd with admin Powershell Set-NetFirewallRule -DisplayName search -Action BlockDisabling "Windows Connect Now - Config Registrar"Powershell Set-service wcncsvc -StartupType disabled ::todo #OneDrive #Removing MetroApps Extreme / TESTERS ONLY / ADVANCED USERS This Method should break Internet connective for the OS internal parts Firefox and standalone application can connect outside if application use Internal connective OS's components it should break and might block backdoors planted in OS Step1 Run autoruns.exe Uncheck hide windows entries Search for v6 then uncheck them if u cant uncheck remove them to restore default settings runnetsh winsock reset Steps2 MMC -> add snaps-in "cert" -> Computer account, set the cert like in the picture below http://i59.tinypic.com/24gul9t.jpg Semi-Extreme - Lossing ipv6 protocol Explaining - Windows 10 might use those protocols to tunneling the data out to internet. the whole idea of this Method eventually to disable totally network protocols that integrate to OS which make IE / OS unable to go out because i dont trust the OS disabling IPv6 Powershell Set-service Tcpip6 -StartupType disabledPowershell Set-service wanarpv6 -StartupType disabledPowershell Set-service iphlpsvc -StartupType disabled Index(Please PM to add More to Index): http://forums.mydigitallife.info/threads/57339-Guide-Way-to-Disable-Keylogger?p=1028934&viewfull=1#post1028934 reg by Michel