Last active
January 11, 2026 16:40
-
-
Save emdnaia/c4b87d879a23638c41e89f518f4db5d9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ms-block.ps1 - Windows telemetry/AI blocker (idempotent, no dupes) | |
| # Run as Administrator | |
| $hostsPath = "$env:windir\System32\drivers\etc\hosts" | |
| $marker = "# --- MS-BLOCK START ---" | |
| $endMarker = "# --- MS-BLOCK END ---" | |
| # Exclude hosts file from Defender | |
| Add-MpPreference -ExclusionPath $hostsPath -ErrorAction SilentlyContinue | |
| # Read current hosts, strip any previous MS-BLOCK section | |
| $existing = @() | |
| $inBlock = $false | |
| Get-Content $hostsPath | ForEach-Object { | |
| if ($_ -eq $marker) { $inBlock = $true } | |
| elseif ($_ -eq $endMarker) { $inBlock = $false } | |
| elseif (-not $inBlock) { $existing += $_ } | |
| } | |
| # Track domains already in hosts (outside our block) | |
| $seen = @{} | |
| $existing | ForEach-Object { | |
| if ($_ -match "^0\.0\.0\.0\s+(.+)$") { | |
| $seen[$Matches[1].Trim().ToLower()] = $true | |
| } | |
| } | |
| # Fetch blocklists | |
| $sources = @( | |
| "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/hosts/native.winoffice.txt", | |
| "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt", | |
| "https://gist.githubusercontent.com/niutech/1f1c1518ce0eba7e8d429c812d39493d/raw/hosts" | |
| ) | |
| $blockList = @() | |
| foreach ($url in $sources) { | |
| try { | |
| $blockList += (Invoke-WebRequest $url -UseBasicParsing -ErrorAction Stop).Content -split "`r?`n" | |
| } catch { | |
| Write-Warning "Failed to fetch: $url" | |
| } | |
| } | |
| # Manual additions: Defender, Copilot, AI, Cortana, Bing, Telemetry | |
| $blockList += @( | |
| "0.0.0.0 fp.measure.office.com", | |
| "0.0.0.0 measure.office.com", | |
| "0.0.0.0 pipe.aria.microsoft.com", | |
| "0.0.0.0 mobile.pipe.aria.microsoft.com", | |
| "0.0.0.0 browser.pipe.aria.microsoft.com", | |
| "0.0.0.0 wdcp.microsoft.com", | |
| "0.0.0.0 wdcpalt.microsoft.com", | |
| "0.0.0.0 smartscreen.microsoft.com", | |
| "0.0.0.0 smartscreen-prod.microsoft.com", | |
| "0.0.0.0 checkappexec.microsoft.com", | |
| "0.0.0.0 copilot.microsoft.com", | |
| "0.0.0.0 www.copilot.microsoft.com", | |
| "0.0.0.0 copilot.cloud.microsoft", | |
| "0.0.0.0 copilot.cloud.microsoft.com", | |
| "0.0.0.0 copilot.microsoft365.com", | |
| "0.0.0.0 copilot.teams.microsoft.com", | |
| "0.0.0.0 copilot-telemetry.microsoft.com", | |
| "0.0.0.0 copilot-proxy.githubusercontent.com", | |
| "0.0.0.0 copilot-telemetry.githubusercontent.com", | |
| "0.0.0.0 origin-tracker.githubusercontent.com", | |
| "0.0.0.0 githubcopilot.com", | |
| "0.0.0.0 api.githubcopilot.com", | |
| "0.0.0.0 default.exp-tas.com", | |
| "0.0.0.0 cortana.ai", | |
| "0.0.0.0 www.cortana.ai", | |
| "0.0.0.0 web.cortana.ai", | |
| "0.0.0.0 cortana.microsoft.com", | |
| "0.0.0.0 r.cortana.com", | |
| "0.0.0.0 sydney.bing.com", | |
| "0.0.0.0 edgeservices.bing.com", | |
| "0.0.0.0 business.bing.com", | |
| "0.0.0.0 th.bing.com", | |
| "0.0.0.0 r.bing.com", | |
| "0.0.0.0 bingapis.com", | |
| "0.0.0.0 api.bing.com", | |
| "0.0.0.0 recall.ai.microsoft.com", | |
| "0.0.0.0 ai.microsoft.com", | |
| "0.0.0.0 experiences.microsoft.com", | |
| "0.0.0.0 substrate.office.com" | |
| ) | |
| # Dedupe: only add domains not already in $seen | |
| $newEntries = @() | |
| $blockList | ForEach-Object { | |
| if ($_ -match "^0\.0\.0\.0\s+(.+)$") { | |
| $domain = $Matches[1].Trim().ToLower() | |
| if (-not $seen[$domain]) { | |
| $seen[$domain] = $true | |
| $newEntries += "0.0.0.0 $domain" | |
| } | |
| } | |
| } | |
| # Write clean hosts file (handle file lock) | |
| $output = $existing + @("", $marker) + $newEntries + @($endMarker) | |
| try { | |
| $output | Set-Content $hostsPath -Encoding ASCII -ErrorAction Stop | |
| } catch { | |
| Write-Warning "File locked, stopping DNS Client..." | |
| Stop-Service -Name "Dnscache" -Force -ErrorAction SilentlyContinue | |
| Start-Sleep 1 | |
| $output | Set-Content $hostsPath -Encoding ASCII | |
| Start-Service -Name "Dnscache" | |
| } | |
| ipconfig /flushdns | Out-Null | |
| Write-Host "Done. Total blocked: $($newEntries.Count) new + existing = $((Get-Content $hostsPath | ?{$_ -match '^0\.0\.0\.0'}).Count) unique" | |
| # --- PART 2: Find unblocked MS domains escaping the hosts file --- | |
| $blocked = Get-Content "$env:windir\System32\drivers\etc\hosts" | | |
| ?{$_ -match "^0\.0\.0\.0\s+"} | | |
| %{($_ -split "\s+")[1].ToLower()} | |
| $escaping = Get-DnsClientCache | | |
| ?{$_.Entry -match "microsoft|msn|bing|azure|windows|office|live\.com"} | | |
| ?{$_.Data -and $_.Data -ne "0.0.0.0"} | | |
| ?{$blocked -notcontains $_.Entry.ToLower()} | | |
| Select Entry,Data -Unique | |
| if($escaping) { | |
| Write-Host "`n[!] Unblocked MS domains found:" -ForegroundColor Yellow | |
| $escaping | Format-Table -AutoSize | |
| # Generate hosts entries | |
| Write-Host "`n[+] Add to hosts:" -ForegroundColor Green | |
| $escaping | %{ "0.0.0.0 $($_.Entry)" } | |
| } else { | |
| Write-Host "[OK] No unblocked MS domains in cache" -ForegroundColor Green | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment