How to disable Microsoft Compatibility Telemetry on Windows 10

If you're reading this post it most likely means that you experienced some serious performance issues on your Windows 10 machine (Hard-Disk, CPU and/or RAM) and, opening the Task Manager to see what was causing this, you found the culprit being the Microsoft Compatibility Telemetry service.

Introduction

If you don't know that already, let's spend 30 seconds to explain what it is: Microsoft Compatibility Telemetry is a service in Windows 10 which gathers technical data in real-time regarding how your Windows devices and their drivers are working: these data are periodically sent to Microsoft to give them the chance to enhance the user experience by improving them and/or fixing the potential issues that occur. That's great, isn't it? Except that these "telemetry" actions might have a considerable performance hit on your system, expecially if your PC is already low on resources - which is a common scenario for gamers, hardcore web surfers (20+ browser tabs at the same time), Netflix / Amazon Prime Video binge-watchers, and so on. If you are one of them, there's a high chance that you would want to stop that service from fetching & sendind your device data: in this article we'll briefly explain how you can do that.

Method #1: Group Policy Editor

The Group Policy Editor (also known as GPEdit) is a Windows administration tool that allows users to configure many important settings on their computers or networks: it can be used to configure password requirements, startup programs, define what applications or settings other users can change on their own, and so on. Needless to say, you can seriously cripple your system if you don't use it properly: that's why it's mostly used by experienced users and administrators. However, it can still be used without risks by (almost) anyone as long as they pay attention to only perform the required actions, avoiding touching anything else. Access the Group Policy Editor by pressing WINDOWS + R, then typing gpedit.msc in the box and clicking OK to confirm. If the User Account Control warning windows shows up, press OK to allow the execution of the file. Navigate through the left folder tree up to Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds. Locate the Allow Telemetry option and double-click it to open the configuration window. Select Disabled, then click OK. Done!

Method #2: Registry Editor

As you most likely already know, the Windows Registry is one of the key components of the Windows operating system. It's basically a hierarchical database containing most windows settings, application settings, device driver info and even product keys and passwords. When an application is installed, some part of the software is likely stored in the Windows Registry file, which can be accessed at any time using the RegEdit tool. Again, this is mostly a task for experienced users and administrators, but it can also be used by non-experts for some simple tasks such as... disabling the Windows Telemetry Service. To access the Windows Registry, press WINDOWS + R,then type regedit in the box and click OK to confirm. If the User Account Control warning windows shows up, press OK to allow the execution of the file. Navigate through the registry tree up to HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows > DataCollection Right-click on DataCollection, then choose New > DWORD (32-bit) Value. Give to the new value the following name: Allow Telemetry Double-click to the newly-added Allow Telemetry value to open the configuration window. Set Value date to 0 (zero) and click OK to confirm. Done!

Conclusion

That's it: we sincerely hope that this small tutorial will help you to overcome any performance issues you might have with the Windows Telemetry Service. If you found this post useful, don't forget to like us on Facebook and/or follow us on Twitter & Medium to read our latest ICT-related news, tutorials, guides & insights!   Read the full article

Windows - How to block .exe files run from specific folders with Software Restriction Policies

As you probably already know, the best way to shield your machine against malware threats is to protect the TCP layer accesses with a good Firewall and having a great AntiVirus & AntiMalware software installed, such as BitDefender and MalwareBytes (both free for personal use). For further info about how to protect your system against them, I strongly suggest to read this post. Despite these valid countermeasures, there's still a chance that you can get infected, for example if the malware manages to enter to your system by exploiting one of the various "temporary" folders provided by your OS to install new applications, unzipping compressed archives, store temp data and so on. Here's a list of the "risky" folders on a typical Windows machine: C:\Windows\Temp, which is arguably the most common executable path for viruses & malwares, and all its subfolders. %USERPROFILE%\AppData\Local\ and all its subfolders. %USERPROFILE%\AppData\Roaming\ and all its subfolders. Since all these folders are meant for storage and not for executables to run, finding a way to prevent potentially harmful .exe files from running from them would definitely be a good extra layer of defence. Luckily enough, Windows (and Windows Server) allows us to do that using the Software Restriction Policies, a set of rules that can be configured using the Group Policy Editor. To do that, search for gpedit.msc and execute it:

Navigate through Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies:

If there are No Software Restriction Policies Defined, as you can see in the above screenshot, right-click to the folder node and select New Software Restriction Policies in the contextual menu. Doing that will create some new subfolders; right-click to the Additional Rules, choose New Path Rule... and enter, one after another, the paths that you want to prevent executable files to run from. Make sure to put the *.exe at the end, so that you will only block executable files.

I strongly suggest to block (at least) the following: C:\Windows\Temp\*.exe C:\Windows\Temp\*\*.exe %USERPROFILE%\AppData\Local\*.exe %USERPROFILE%\AppData\Local\*\*.exe %USERPROFILE%\AppData\Roaming\*.exe %USERPROFILE%\AppData\Roaming\*\*.exe We can see all these rules in place by looking at the screenshot below:

This will block most potentially unsafe executables from running, including those coming from archive attachments opened using the Windows built-in zip support.

Exceptions & exclusions

What if we want to allow some specific executable files to run in these folders? The answer is simple: just create an exception by adding an unrestricted entry, such as in the following screenshot:

That's about it: I sincerely hope that this post will help users, enthusiasts and administrators in making their machines more secure against the most common virus, malware and ransomware threats!   Read the full article