Cortana: Block outbound network connections completely

Martin Brinkmann
Feb 29, 2016
Updated • Feb 29, 2016

The integration of Cortana with native search on Windows 10 devices have made the digital assistant, even if not used, a feature that cannot be easily disabled without losing access to search as well.

While there are options to use third-party search tools like Everything, XSearch or any of these desktop search programs reviewed here, it is probably not something that most users will resort to.

One thing that bothered me ever since Cortana was added to Windows 10 was that it added web search results to search.

I found those to be completely useless as I use search solely to find local items. I have talked about how to turn off web search on Windows before, and how to make the search in Windows 10 really fast.

Note: Before anyone jumps in stating that they like Cortana and Web Searches. That's fine, completely. I'm not saying, don't use Cortana or the built-in functionality, but if you don't, then there is little reason to keep it around, is there?

Cortana: Block outbound network connections

There are two types of outbound network connections that Cortana makes: web search, and "network traffic to to evaluate if certain Cortana components are up-to-date or not".

I don't want to rehash what I described already, so please check out the link above that leads to a resource that explains how to turn off web search on Windows 10.

This article concentrates on the traffic to instead.

Step 1. Open the Group Policy Editor with a tap on the Windows-key, typing gpedit.msc, and hitting enter.

Navigate to Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > > Outbound Rules (note: skip LDAP name if not present).

Right-click on Outbound Rules and select > New Rule from the selection menu.

cortana block outbound traffic

Step 2: This opens the New Outbound Rule Wizard. On the Rule Type page, make sure that Program is selected. Click on the next button.

rule type program

Step 3:  Select "this program path" on the Program page, and add the following path using copy and paste to it: %windir%\systemapps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Click on Next afterwards.

outbound rule searchui exe

Step 4: Make sure "block the connection" is selected on the Action page. This prevents the program from making outbound connections. Click on the next button.

block connection

Step 5: Make sure Domain, Private and Public are checked on the Profile page.

  • Domain: Applies when a computer is connected to its corporate domain.
  • Private: Applies when a computer is connected to a private network location.
  • Public: Applies when a computer is connected to a public network location.

Click on the next button afterwards.

block domain private public

Step 6: Add a name and an optional description for the new rule, e.g. Block Cortana Outbound Traffic. Click on Finish to close the wizard and add the new rule to the system.

You can hit cancel to prevent the rule from being added to Windows Firewall.

block cortana name

Step 7:  Right-click on the new rule that you have created in the Group Policy editor, and select properties from the context menu.

cortana firewall rule

Step 8:  Switch to the "Protocols and Ports" tab, and make sure the following is listed there:

  • Protocol Type: TCP
  • Local Port: All Ports
  • Remote Port: All ports

block cortana protocol ports

Undo the change

To undo the change, right-click on the firewall rule that you have created and select the delete option from the context menu.

Alternatively, useful for testing, select disable this rule instead which makes sure it is not applied but not deleted.

Third-party firewall

While the configuration path to block Cortana outbound connections may be different, the core parameters that you enter when configuring the new firewall rule are the same:

  • Program path and name: %windir%\systemapps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
  • Rule: Block all outbound traffic
  • Protocol: TCP
  • Ports: All
Cortana: Block outbound network connections completely
Article Name
Cortana: Block outbound network connections completely
Find out how to block Cortana from making any outbound connection on Microsoft's new Windows 10 operating system.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Anonymous said on July 7, 2022 at 8:31 pm



    Microsoft.Windows.Cortana no longer exists, at least on my windows 10 pro OS, but Microsoft.Windows.Search does

  2. Nigel said on October 19, 2017 at 9:10 pm

    With the Windows 10 Fall Creative Update you now simply have to go to Windows Defender Firewall with Advanced Security – select the Outbound Rules, Select Cortana and then select BLOCK to stop Cortana or ALL to allow Cortana to work

  3. interestedparty said on March 27, 2017 at 1:56 pm

    Interested in your dilemmas but you all seem to proove that MS have got persons better at it than the lot of you combined.
    It maybe more productive effort if ALL you who know so much combine and keep aloft from wanting to earn tons of lolly and joining those who have been coscripted by greed for the lolly.
    Perhaps you can go world wide and have a union that can oust the MS people.
    Anyway its a thought.

  4. frustrated said on July 14, 2016 at 12:39 pm

    THERE IS NO “Group Policy Editor” in the version of Windows 10 that most visitors to this page have.

    You should point this out more clearly at the start before wasting our time.

  5. John Krazinski said on March 24, 2016 at 2:45 am

    Nice article!

  6. customer said on March 2, 2016 at 10:56 pm

    Soon Windows(TM) OS will run Office only… The issues to get a personal Operative System instead of an NSA Client are growing more and more… Sorry but my father won’t mess with Local Group Policy Editor, like my grandma !!

    1. Andrew said on March 3, 2016 at 8:26 am

      You must be a very fun person to have at parties.

  7. Jonathan said on March 1, 2016 at 5:01 pm

    I found that using the Win10 privacy tools ( can reportedly disable Cortona as well as all the network traffic associated with it.

  8. InterestedBystander said on March 1, 2016 at 4:02 pm

    @Corky — I was replying to Andrew’s claim about “outdated” OSes — his quote was the bit at the beginning with quotation marks around it, eh? Read again, friend.

    Qubes is easy to install, and has the basic VMs already defined. Simples. Not much trouble at all. But you can go with TAILS for privacy, Whonix (or Qubes + Whonix in a VM), or OpenBSD for security, or others. Ipredia if you want darknet. Or just Debian, Q4OS, Fedora, OpenSUSE. That was pretty much my point — there are a lot of operating systems which are advanced in ways which Windows is not.

    1. Corky said on March 1, 2016 at 4:13 pm

      Then maybe next time you should reply to that thread and not start a new one (is that you CHEF-KOCH?) :) The comments section on GHacks get’s confusing enough without making a new comment when it was intended as a reply.

      1. Andrew said on March 1, 2016 at 6:21 pm

        My guess the reason for him replying that way is because he’s on a Phone or Tablet. I don’t believe the “mobile” format has a direct reply function.

  9. InterestedBystander said on March 1, 2016 at 2:06 pm


    “Unless they [computer users] are willing to build your own distro, use an outdated OS, or stay completely offline, it’s just how the market is now, and one can either use it to utilize their use of technology or become more of a luddite and live off the grid.”

    Not true, actually. I’m typing this from a VM configured to be “untrusted” — that is, it has restrictive firewall rules and is never used to access sensitive information. With few clicks I can move to a “trusted” VM for personal email, or an “offline” VM which has no network access and can be used for sensitive documents. None of these VMs can access each other’s filesystems or change the root operating system; all have their own firewalls and permissions. The main system of VMs is set up by default during the (easy) installation process. The root OS can run various guest OSes, including Windows. Reputedly. I have not bothered to try that, though.

    I write all this not to claim that this particular operating system is better than any other, but to emphasize that there are many advanced OSes which are secure and private by design. Partly your claim depends on what you mean by “outdated” and what you think of as advanced — if you think talking search engines are the ultimate in advanced OS design, then yes, you will have to sacrifice privacy (and probably security). Others think there are more important advances being made, and fortunately there are a plethora of OS developers doing very interesting things on the desktop.

    Cheers — IB

    1. Andrew said on March 1, 2016 at 6:31 pm

      True IB, but what about your host OS? While all of your activity takes place in a VM there’s still activity taking place in your host OS, most likely in the background. I mean, don’t get me wrong, you’re probably a lot safer than most people.

      But that extends past the OS too, with your cellphone constantly tracking you thanks to your service providers tracking you, and even your ISP carries logs of all of your activity. Like I said it would take a lot of hacking to be completely clear. Not even sure if it is worth the effort or not, but to some I guess so.

    2. Corky said on March 1, 2016 at 3:23 pm

      What utter rubbish, there’s plenty of distros that don’t gather data on their users and aren’t outdated, saying that’s just how the market is now shows utter ignorance of the market and what’s available, and saying people are Luddites for not bending over and taking it is insulting.

      As for your VM palava don’t you think that’s a lot of bother to go to just to maintain privacy and security? It’s not exactly the sort of thing your average Jo is going to do is it.

  10. Henk van Setten said on March 1, 2016 at 4:09 am

    That in order to switch off the Windows 10 Cortana web search function, users have to jump through fairly difficult hoops instead of getting a simple on-off option switch, is just another example of Microsoft’s aggressive policy of trying to take as much control of the user’s computer as they can.

    In practice, in many respects, they are forcing users (those who want to keep an acceptable degree of control over their own computers) to engage in a kind of continuous struggle with Microsoft. For example, yesterday on my two Windows 8.1 computers Microsoft tried for the THIRD time to sneak in the Windows 10 GWX nagware, even though I had already hidden (refused, disabled) that update two times before. This time they tried to smuggle it in as an “important update” outside the regular monthly updating cycle.

    All this consistently keeps showing us one thing. Apparently Microsoft feels that in order to get a very firm grip on the vast majority of user systems, it’s worth while to alienate a struggling minority of users. Apparently they calculated that the net result of a stricter control over user systems and data streams will outweigh the antagonizing of some users and the negative reactions. And apparently they expect that in the long run, they will win this war against independent, privacy-oriented, control-valuing users.

    But wil they really win this dirty war against their own users? My rough guess is that sadly, yes, with 80% or 90% of all people, their calculation will prove right and they will win. Even win easily, in most cases.

    In history, when tiny countries were overrun by a powerful invader, the losing inhabitants of the small occupied country always had three options left: either (1) acceptance and submission, or (2) resorting to guerilla tactics, or (3) fleeing to some free unoccupied place overseas.

    In this case a very small group is already fleeing – to the free realm of Linux. What the above post about Cortana describes, belongs to the second strategy – it’s part of a kind of ongoing guerilla, setting up all kinds of small individual counter-actions in the hope of hampering the enemy. Will it help?

    I’ve loved to use and tinker with Windows since the early 1990s, since the days of Windows 3.1. Honestly, five years ago I would never have thought I’d come to think of Microsoft as some kind of enemy. Yet that’s the corner into which they are driving me now.

    1. Jason said on March 2, 2016 at 10:06 pm

      Henk, you have eloquently described the situation. My family, friends and I cover all three of the groups you have listed.

      For my own computing, I am in your third group – the Linux refugee – because I abandoned Windows a few years ago when I realized where things were headed. Oddly enough, I didn’t go to Linux because of the free software movement or the sophistication of the platform, but because I simply wanted to regain the control I once had over my computer. (Mission accomplished, by the way.) It was only after I had spent some time with Linux that I grew to appreciate the value it offers. Now I am hooked. Of course Microsoft has calculated that it’s ok to lose me as a customer, as long as they can monetize the hell out of the other 90% of their customers. (There is a lesson here about the limits of capitalism… but we’ll leave that for another day.)

      Unfortunately most of my family and friends fall in your first category – submission – because they continue to use Windows. It’s interesting to note that NONE of them understands what is wrong with the new direction Microsoft is taking. In fact, they don’t even know there *is* a new direction; it’s business as usual as far as they are aware. In other words, their decision to stay with Windows is not one based on knowledge but on lack of knowledge. I find this telling (although I freely admit that many knowledgeable people use Windows 10 too).

      I said we cover all three of your categories, and it’s true. You see, despite the fact that I don’t use Windows personally, I fill the role of “tech guy” for many of the people in my circle. This necessarily makes me a guerilla fighter – your second category – because I often spend time trying to outwit Microsoft developers and find creative ways to shut down all the spying nonsense, deal with a convoluted update scheme, make a slow computer go fast again, remove malware, and – when there is time – find software that will actually serve the needs of my family and friends. (People complain about the limitations of Linux software, but let me tell you, my experience has mostly highlighted the limitations of Windows software. When I want to find a powerful backup program that doesn’t use excessive system resources, or I need an easy method to handle encrypted volumes directly through the file manager, I always always always wish more of my family and friends were using Linux.)

      To me it’s ridiculous to fight the guerilla battle, and I’m trying to explain to the people I help why this is getting so tedious. Some of them are starting to come around (actually, my mother didn’t need any convincing!) I think eventually I will reach a point where I just say, “You know what guys? Pay Microsoft some money for tech support, because I can’t deal with this stuff anymore.”

  11. Tim said on February 29, 2016 at 7:45 pm

    Why don!t you just use Firewall app blocker , just drag and drop

  12. Another one said on February 29, 2016 at 4:45 pm

    It seems like Windows 10 is worst then a virus, at least one can clean the virus with a help of a single program. This is like getting brand new OS infected with multiple trojans and all kinds of spyware. I guess most of the corporations sees masses as they are, dumb as f*ck and they don’t even try to hide it anymore.

    1. Andrew said on February 29, 2016 at 7:12 pm

      You do understand what a computer virus is right? If you actually do, then Windows 10 is far from being “worst than a virus”.

      1. Andrew said on March 1, 2016 at 6:42 pm

        @Corky I agree, but I also think has to do with the userbase as well. Given it’s the largest (and I believe still larger than android). So this sudden shift is expected to upset a lot of people.

      2. Corky said on March 1, 2016 at 3:14 pm

        @Andrew, IMO the reason Microsoft are getting so much flak is because previously they haven’t done this sort of thing, all the other companies you mention have done similar things from the get go and people were free to either buy into that or not, it’s probably why none of them have a noticeable presence on desktop PCs.

      3. Tom Hawack said on February 29, 2016 at 8:26 pm

        Andrew, Windows is not free, even if the upgrade is for the time being. Users have paid a license or will pay a subscription for a system deliberately tracking them. Tracking anonymously maybe, maybe not always, who knows? But Windows 10 appears as a Microsoft for Microsoft product where much is imposed or at least to the less savvy who ignore how to calm down the system’s inquisition.

        I cannot admit a practice on the basis of a mood, in the trend of today’s world, and may be recalled that it is because of the refusal of strong minds that progress has always widened itself towards a wider spectra. Pragmatism is interesting but not to the extend of accepting to be a loser. Try to do what you can before admitting beating is impossible and joining your opponents. Be a winner :)

        Things can change, even if mildly only. Let’s wait and see what becomes of Windows 10 and meanwhile try to be respectfully and intelligently critic No point in yelling, a smile and determination are enough.

      4. Andrew said on February 29, 2016 at 8:07 pm

        Actually Tom, I was responding to “Another One”. A computer virus is a program that inserts itself into other programs, thus allowing it to replicate and infect other programs. Hence, a virus.

        Windows 10 is nothing like that, just because Windows 10 is the first OS to really be open about its telemetry. A lot of this I believe is linked with Cortana.

        On my opinion on all this… This day an age, in a world connected to the internet, it is now expected on many “free” services in an attempt to bring about ad revenues, market statistics, or such. Everyone has their own level of what they consider “spying”, yet they tend to change their preference depending on the company a lot (e.g. a lot of people seem to hate microsoft for doing this but won’t comment anything on their Android phone that they’re using). If one uses any services, they should be expected to be tracked in some form. This is the same with Ubuntu, facebook, twitter, and even Apple. Data is usually anonymous or linked to an ID that cannot necessarily traced back to a specific individual.

        Unless they are willing to build your own distro, use an outdated OS, or stay completely offline, it’s just how the market is now, and one can either use it to utilize their use of technology or become more of a luddite and live off the grid.

        If they want to find some middle ground, then they have to accept that they will have to do some hacking to prevent data being shared with the mothership and make adjustments to some software and such since they can’t utilize the personalizations that it may offer.

      5. Tom Hawack said on February 29, 2016 at 7:37 pm

        The comparison between Windows 10 and a virus infection stands only for the pain of removing intrusion and perhaps this was the idea of ‘Another one’. Of course the comparison stops from there on. But intrusion it is and intrusion it remains and, indeed, many infections are easier to remove than Windows 10’s intrusions, totally uninhibited. The rhetoric may be approximate but the idea seems justified, IMO of course and, as to what I read everywhere, the opinion is widely shared.

        I was interested more specifically about the uninhibited manners of a company which decides — more or less sweetly in its public comments — to admit it openly. Let this not blind us to what virtue there may not be, as well as admitting a sin is not the first half to forgiveness by its confession aspect only. Too easy, still it works fine on many minds.

    2. Tom Hawack said on February 29, 2016 at 6:50 pm

      Nowadays being uninhibited is the way it goes. No more “this is good” when it’s bad, but rather “this is the way it is, take it or leave it”. Less hypocrite, but less educated. There’s always been a great deal of hypocrisy in education, but another hand it does maintain a certain level of civilization. I mean, barbarians are seldom hypocrites, are they?

  13. Jacob said on February 29, 2016 at 3:30 pm

    Hi Martin
    Do you know by any chance a program that works similarly to the uMatrix addon on firefox but is aimed more towards Windows 10 tracking? So, essentially a whitelist blocking solution where you have a full control over every program and what data it’s sending. And I’m only asking that because I’ve tried a countless of conventional blacklist methods and none of them seemed to work efficiently. I’ve done some tests via a packet sniffer only to find out that windows still sends roughly every 10 to 15 minutes some of my data and that really troubles me. I’m thinking about switching to Ubuntu but since I’m a gamer I’ll probably need to do some dual boot unfortnately..
    Thanks in advance for any ideas.

  14. Anonymous said on February 29, 2016 at 1:57 pm

    The article assumes one has Windows 10 Pro.
    What about Windows 10 Home users?

    1. Tim said on February 29, 2016 at 2:23 pm

      Or go to Control Panel > Windows Firewall > Advanced Settings (in left column)

      Or open MMC console > Add/Remove Snap-in > Windows Firewall With Advanced Security

      The usual reason for adding rules through Group Policy instead is so that programs can’t mess with the rules you set. However block rules always take priority over allow rules anyway, so in this case even if there’s a Cortana update that puts it’s own rules back in Windows Firewall, the block rule will trump the allow rule.

    2. Martin Brinkmann said on February 29, 2016 at 2:14 pm

      You can use the command or PowerShell options listed here in the comments.

  15. Gwir said on February 29, 2016 at 10:17 am

    Hello, the powershel way to do it :

    New-NetFirewallRule -DisplayName “Block Cortana Outbound Traffic” -Direction Outbound -Program “C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe” -Action Block

    As admin.

    1. Tim said on February 29, 2016 at 1:59 pm

      And one for using elevated Command Prompt:

      netsh advfirewall firewall add rule name=”Block Cortana Outbound Traffic” dir=out action=block program=”%windir%\systemapps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe” enable=yes profile=any

      1. Martin Brinkmann said on February 29, 2016 at 2:13 pm

        Great Tim, thanks!

    2. Martin Brinkmann said on February 29, 2016 at 10:31 am

      Thanks, that is useful.

  16. Danny said on February 29, 2016 at 8:29 am

    “Cortana isn’t supported in the region and language you’ve selected.”

    Well, it seems Cortana ain’t my problem.

  17. Pants said on February 29, 2016 at 8:15 am

    “I found those to be completely useful” .. did you mean “useless”?

    1. John Krazinski said on March 2, 2016 at 2:36 am

      Pants wouldn’t vote for Hillary because she didnt use enough security on her personal email server and the ssl certificates were outdated. and her password is not 1024 chars long.

    2. John Krazinski said on March 2, 2016 at 2:26 am

      Hey pants they know man, they know! run dude! toss your computer through the window and burn it. The cia, man!

    3. Martin Brinkmann said on February 29, 2016 at 8:16 am

      Yes, that’s it ;)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.