I recently found the following project which uses a series of tools/wireshark etc, to periodically collect all the outbound connections windows is making:
https://github.com/crazy-max/WindowsSpyBlocker
I did a similar thing, where I just ran wireshark on my own system over night, and noticed that my current setup still missed a few things, and those things are actually present in the "WindowsSpyBlocker" list.
It is interesting at least.
Quote:
Originally Posted by Fyyre
werfault.exe send data Microsoft whenever application fault. Not matter what setting you place for "Windows Error Reporting".
|
I am not sure when they are ever called, but it might make sense to also restrict
WerFaultSecure.exe
and
wermgr.exe