Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,500 questions
How to temporarily stop as much as possible Microsoft network traffic on a potentially compromised machine
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 65%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
BRiddle52
1
Reputation point
I need to connect my potentially compromised Win10 machine to the network briefly to determine any attempted target endpoint addresses, while blocking the actual connections at the edge firewall. However, various Microsoft products are generating an excessive amount of attempted network traffic, making it difficult to sift through to recognize the attempts of interest. How can I temporarily stop as much as possible Microsoft network traffic on a potentially compromised machine to have a better chance of confirming if there is indeed malware - and, if so - determining what endpoints may be involved? If limiting that traffic isn't possible, is there a minimum set of clearly recognizable U.S. based URLs I could filter and allow through my firewalls and ProcMon filters that would allow unstoppable legitimate MS updates/license traffic to transit without contributing to gigantic ProcMon logs?
Windows 10
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,892 questions
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,155 questions
Sign in to answer