I’ve turned off all the privacy settings that I can find in Windows 10 Pro, I don’t have a way to tell what this is referencing. The log references SID 2101201, but I have not found any good explanations of what the rule is referencing and if it’s a concern.
Can anyone explain the rule, and what can be turned off on Windows 10 machines to turn off this kind of traffic?
I am not an expert at all when it comes to Windows, but as far as I know there is no chance to make it stop sending data to Microsoft. They will always do it.
although this topic is somewhat abandoned by now, I just wanted to add a quick footnote regarding Microsoft Windows telemetry traffic: The ET IPS ruleset contains a rule called “ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent”, which triggers very reliably and blocks at least some traffic that way.
Improving privacy is certainly not an average IPS use-case, but it seems to work.