Ancile: block spying on Windows 7 and 8 - gHacks Tech News

Ancile: block spying on Windows 7 and 8

Ancile is a free program for Windows 7 and Windows 8 devices designed to block spying and forced upgrades on those devices.

Ancile is script driven, unlike most Windows privacy applications which offer a graphical user interface. While some may see that as a disadvantage, its script-nature makes it easy to check what the script is actually doing.

If you think you heard that before you are right, as it a fork of the popular Aegis script that was created for the same purpose. Aegis however has been discontinued and is no longer maintained.

Since Microsoft changes things around frequently, a maintained script is a must have to avoid spy or upgrade related issues in the future.

Ancile: block spying on Windows 7 and 8

ancile windows spying

Ancile works pretty much like Aegis. It ships as a .cmd file that you may start on a system running Windows 7 or 8. Please note that you need to run it with elevated rights by right-clicking on ancile.bat and selecting "run as administrator" from the context menu.

The program performs various operations on start, all of which gather system information required for the program to operate correctly. It will also sync the time automatically with pool.ntp.org, and offers to create a system restore point prior to making any major changes to the system.

It is highly recommended to create a system restore point -- better a system back up -- prior to running Ancile so that you can go restore the system state should things turn out wrong.

Once done, all operations are carried out automatically without prompt or option to respond to any of the operations.

You may edit the main cmd file to block certain actions from being carried out. Open the file and locate the scripts section in it. You find calls for each major change the program makes listed there. Simply delete lines that you don't require (or add REM or :: in front) to prevent the commands from being executed.

You are probably wondering what Ancile does. The answer is that it does pretty much what Aegis did, only in updated form to take into account changes made after the final version of Aegis was released.

  1. Block unwanted hosts (mostly Microsoft hosts). You find the list of hosts under scripts/hosts/hostsdns.txt.
  2. Disable Remote Registry.
  3. Disable unwanted services (Microsoft Telemetry Reporting Service, Microsoft customer Experience Improvement Program, Microsoft Diagnostics Tracking, Microsoft WiFi Sense, Microsoft Spynet, Microsoft SkyDrive)
  4. Disable Scheduled Tasks (a total of 32 tasks are disabled, all by Microsoft). You find the list of tasks under scripts/tasks/tasks.txt.
  5. Disable Windows 10 Upgrade. Not sure if required anymore.
  6. Change Windows Update to check only and notify.
  7. Disable automatic delivery of Internet Explorer via Windows Update.
  8. Uninstall and hide unwanted updates.

971033 Update for Windows Activation Technologies
2882822 Update adds ITraceRelogger interface support to Windows Embedded Standard 7 SP1, Windows 7 SP1 and Windows Server 2008 R2 SP1
2902907 [description not available, update was pulled by Microsoft]
2922324 [description not available, update was pulled by Microsoft]
2952664 Compatibility update for upgrading Windows 7
2966583 Improvements for the System Update Readiness Tool in Windows 7 and Windows Server 2008 R2
2976978 Compatibility update for Windows 8.1 and Windows 8
2977759 Compatibility update for Windows 7 RTM
2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
3012973 Upgrade to windows 10
3014460 update for windows insider preview / upgrade to windows 10
3015249 [Upgrade that adds telemetry points to consent.exe in Windows 8.1 and Windows 7?]
3021917 Update to Windows 7 SP1 for performance improvements
3022345 Update for customer experience and diagnostic telemetry
3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
3042058 Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015
3044374 Update that enables you to upgrade from Windows 8.1 to Windows 10
3046480 Update helps to determine whether to migrate the .NET Framework 1.1 when you upgrade Windows 8.1 or Windows 7
3058168 Update: activate Windows 10 from Windows 8 or Windows 8.1, and Windows Server 2012 or Windows Server 2012 R2 KMS hosts
3064683 Windows 8.1 OOBE modifications to reserve Windows 10
3065987 Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015
3065988 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015
3068708 Update for customer experience and diagnostic telemetry
3072318 Update for Windows 8.1 OOBE to upgrade to Windows 10
3074677 Compatibility update for upgrading to Windows 10
3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
3075851 Windows Update Client for Windows 7 and Windows Server 2008 R2: August 2015
3075853 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: August 2015
3080149 Update for customer experience and diagnostic telemetry
3081437 August 18, 2015, compatibility update for upgrading to Windows 10
3081454 September 8, 2015, compatibility update for upgrading to Windows 10
3081954 Update for Work Folders improvements in Windows 7 SP1
3083324 Windows Update Client for Windows 7 and Windows Server 2008 R2: September 2015
3083325 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: September 2015
3083710 Windows Update Client for Windows 7 and Windows Server 2008 R2: October 2015
3083711 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: October 2015
3086255 MS15-097: Description of the security update for the graphics component in Windows: September 8, 2015
3088195 MS15-111: Description of the security update for Windows Kernel: October 13, 2015
3090045 Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1
3093983 MS15-106: Security update for Internet Explorer: October 13, 2015
3102810 Installing and searching for updates is slow and high CPU usage occurs in Windows 7 and Windows Server 2008 R2
3102812 Installing and searching for updates is slow and high CPU usage occurs in Windows 8.1 and Windows Server 2012 R2
3112336 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: December 2015
3112343 Windows Update Client for Windows 7 and Windows Server 2008 R2: December 2015
3123862 Updated capabilities to upgrade Windows 8.1 and Windows 7
3135445 Windows Update Client for Windows 7 and Windows Server 2008 R2: February 2016
3135449 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: February 2016
3138612 Windows Update Client for Windows 7 and Windows Server 2008 R2: March 2016
3138615 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: March 2016
3139929 MS16-023: Security update for Internet Explorer: March 8, 2016
3146449 Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7
3150513 May 2016 Compatibility Update for Windows
3173040 Windows 8.1 and Windows 7 SP1 end of free upgrade offer notification

Closing Words

Ancile automates the privacy hardening of a computer running Windows 7 or 8. It is certainly possible to use the data it provides as a blueprint to run select operations without running the script. This gives you even more control over the process, but may be best suites for experienced users who know how to edit the hosts file or uninstall Windows updates and hide them.

All in all though it is good to know that the Aegis project is not dead, as it lives on in Ancile.

Summary
software image
Author Rating
1star1star1star1star1star
4.5 based on 20 votes
Software Name
Ancile
Operating System
Windows
Software Category
Security
Landing Page

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Dave said on September 12, 2016 at 2:06 pm
    Reply

    Do I trust this random stranger more than I trust Microsoft? Yes I do. Already running. Thanks Martin.

    1. Tom Hawack said on September 12, 2016 at 3:11 pm
      Reply

      Besides dishonesty there are also plain errors. Some honest people can make the mistake of hitting the red button and boom, I’m still not sure who is the most dangerous, dishonesty or idiocy.

      1. Dave said on September 12, 2016 at 3:52 pm
        Reply

        I think you need to give that some context, Tom. It doesn’t seem to make any sense as it is.

      2. Tom Hawack said on September 12, 2016 at 5:08 pm
        Reply

        Well, Dave, I was referring to the idea of trusting a random stranger more than a company on the basis of what I understood as pertaining to honesty rather than to qualification.

  2. Sebby said on September 12, 2016 at 2:23 pm
    Reply

    Mmm. I wonder how long this can really last, given the impending appearance of the official update rollups for Win7/8.1, which will mean simply removing the updates will become impossible.

    Anyone know how effective disabling telemetry actually is? Is there some other way that telemetry is being sent out, perhaps by other than a scheduled task? I understand that, on crashes, telemetry is being sent by affected processes, for instance, but I’ve never been able to confirm this. I was always able to remove the telemetry updates in the past, so that’s what I did.

  3. xxx said on September 12, 2016 at 2:30 pm
    Reply

    3042058 Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015
    ” Cipher Suites Added by the Update
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_128_GCM_SHA256″

    WTF, why uninstall this update?

    1. Matthew Linton said on September 12, 2016 at 9:19 pm
      Reply

      As Martin mentioned, this is a fork of Aegis, and some of these decisions were made by that developer. I’ve done my best to review the changes that Aegis made to the system and to ensure that they make sense, but it seems this has slipped by. After a quick review, it appears this update shouldn’t have been blocked. I’ll take a deeper look into this, and if the update doesn’t do anything undocumented by the KB article, I’ll remove it from the next version.

      Thanks for the help. If you notice anything else that should or shouldn’t be in there, please feel free to start a thread at “https://voat.co/v/Ancile”. I try to keep up with Microsoft’s tricks, but they’re fairly sneaky, and I could really use the community’s help.

    2. Tom Hawack said on September 12, 2016 at 9:51 pm
      Reply

      3042058 indeed, not to mention ‘3093983 MS15-106: Security update for Internet Explorer: October 13, 2015’ and perhaps 2-3 more Windows Update patches which don’t seem IMO appropriate for removal. Had only a quick glance. Whatever I’d dig for deep information before removing those in the list which are installed here (5-6 I think).

      My keeps have been modified for the last time with the list provided by win7sans (concerns Windows 7 only) at https://github.com/Zelmor/win7sans, list with which I am synchronized now, last updated 2016/JUL/24 — There are many lists available and selection criteria is not obvious.

      It’s a good thing that Martin listed these patches, preventing running the script blindly for whom may be concerned.

      1. Matthew Linton said on September 12, 2016 at 10:00 pm
        Reply

        Now that Ancile is at v1.0 and most everything is working the way I want, I’ll have to do a more thorough review of things like the Windows updates and hosts blocking. Thanks for your input.

  4. Tom Hawack said on September 12, 2016 at 2:44 pm
    Reply

    Right now I’m using crazy-max’s WindowsSpyBlocker at https://github.com/crazy-max/WindowsSpyBlocker which focuses more on spying, telemetry than on Windows Update. Very complete as it offers modifications/blocklists on various supports such as Hosts, firewall, NCSI (Network Connectivity Status Indicator), DNSCrypt, Proxifier and OpenWrt, with a very nice script, easy do/undo. regularly updated (last is ver. 3.4.4 2016/08/02)

    I’m a bit aware of uninstalling Windows patches blindly as I remember having encountered a very big mistake with the Aegis script. I understand scripts can be edited, nevertheless. I have already uninstalled several Windows Update patches but always one by one with great precaution. Bundling removal of patches is neither my choice nor my advice.

    1. Sebby said on September 12, 2016 at 3:20 pm
      Reply

      Thanks Tom.

      Gha! Things are really, really bad when you have to start conducting MiTMs on yourself just to stop your OS from babbling away to the mothership. I suppose it’s all part of the big plan to make us upgrade to Windows 10 in final and unequivocal surrender. No update control, no privacy–just upgrade, and have the real thing, in addition to all the wonderful new “features” of course. :(

      It’s a shame. Windows is still valuable to me. But if Microsoft want to burn bridges like this …

      1. Tom Hawack said on September 12, 2016 at 3:40 pm
        Reply

        “MiTMs on yourself” is an original yet sympathetic way of putting it :)

        To surrender or not to surrender, indeed. On another hand being stubborn may be the opponent’s definition of intransigence. At this time I agree with you and with many others worldwide that the behavior of a company seems to push users to revolt when it pushes them to Windows 10 as it did and as it will likely continue to do with different means.

        Windows remains valuable to me as a possibly future ex-wife can be : you may never hate her considering memories of happiness but you’re not sure the past prevails on the present and you strongly doubt that the future will skip the present to recall the past … am I writing craps?! Anyway, hope you get the idea, basically simple but unwillingly brought to complexity thanks to this style of mine, uncomparable.

        “We are the champions my friend, and we’ll keep on fighting till the end …”

        Gosh, I still haven’t shaved and showered!

    2. NoClou said on September 12, 2016 at 5:42 pm
      Reply

      Hi Tom,

      I have some questions about the mentioned crazy-max Spy Blocker. Do I simply download this program and it works automatically or is there more involved. I am somewhat a doofus when it comes to this kind of stuff and for me the github website is as comprehensible as my wife. I don’t get it. Maybe you can help me out. Not with my wife (hopeless case) but with Github. Thanks.

      1. Tom Hawack said on September 12, 2016 at 6:05 pm
        Reply

        crazy-max’s WindowsSpyBlocker is a set of different scripts joined in a zip file. Once the downloaded zip file is unzipped you find yourself with folders containing, some data, some the scripts. In the scripts folder you’ll find bat files pertaining to support (firewall, dnscrypt etc…) and divided again for Win7, Win8, Win10. Running those bat files operates the blocking …

        Be careful nevertheless, know what you’re doing.
        The page I mentioned above explains better than I do : https://github.com/crazy-max/WindowsSpyBlocker
        The same in French on the developer’s site : http://www.crazyws.fr/dev/applis-et-scripts/windowsspyblocker-bloquer-espionnage-de-windows-W08F3.html

        Again, as always, be careful, not because the scripts are dangerous but because they modify some of the user’s settings and, even if the scripts include undoes, if the user is unaware of what he modified he can find himself in the middle of nowhere. Just be careful.

      2. Skrell said on September 12, 2016 at 6:27 pm
        Reply

        +1

      3. NoClou said on September 12, 2016 at 10:45 pm
        Reply

        Tom,

        thank you very much for helping me out. I think it’s great how people here on this site exchange their opinions and experiences. Very very helpful. And don’t worry. If the program won’t work out for me it’s my problem, you gave excellent advice and clear warnings. Again, thank you so much.

    3. Skrell said on September 13, 2016 at 12:19 am
      Reply

      Must I use proxifier to get the FULL protection offered by WindowsSpyBlocker? I have dnscrypt but it appears as if dnscrypt can’t block actual ip addresses…only domain names…is that correct?

      1. Tom Hawack said on September 13, 2016 at 8:59 am
        Reply

        Skrell, proxifier, which I don’t use and as far as I know, allows to perform by itself what firewall+hosts+dnscrypt perform independently on their own.

        As far as dnscrypt is concerned, were I to take advantage of its ip addresses and domain names blocking that I’d run dnscrypt with the ‘Simple DNSCrypt’ front-end application, making it easier if possible : I don’t use ‘Simple DNSCrypt’ anymore, latest version I used was 0.3.4 which had problems with the ip addresses and domain names blocking feature, latest version is 0.3.6 but I ignore if it now handles those features correctly. I run DNSCrypt manually and I do not use its ip addresses and domain names blocking feature, be it feasible because it seems tough for me to set it up correctly for that purpose.

        To resume : personally I run WindowsSpyBlocker’s features only for :

        – adding manually its HOSTS lists to mine (though I could add them automatically by adding its url(s) to my HostsMan application sources list but WindowsSpyBlocker hosts file(s) aren’t updated enough to deserve being added to my HostsMan lists)

        – adding its firewall rules to mine via its dedicated script

        – modifying the NCSI (Network Connectivity Status Indicator) and using alternative WindowsSpyBlocker NCSI.

        I’m thinking about adding the DNSCrypt ip addresses and domain names blocking feature (manually or with the ‘Simple DNSCrypt’ application, which would make the protection FULL (or use proxifier).

      2. Tom Hawack said on September 15, 2016 at 10:47 am
        Reply

        @Skrell, you wrote, ” I have dnscrypt but it appears as if dnscrypt can’t block actual ip addresses…only domain names…is that correct?”

        For the sake of facts, since my last comment I’ve started thinking of what I was missing by not taking advantage of DNSCrypt-Proxy’s Addresses (IP) and Domain blocking feature : I was running latest DNSCrypt with the command line and whatever I tried I just couldn’t integrate DNSCrypy’s plugins (Addresses and Domain blocking plugins) correctly.

        I mentioned as well ‘Simple DNSCrypt’ which is a front-end application for DNSCrypt-Proxy. I had tried it previously and removed it because 1- at the time it didn’t handle those plugins correctly, 2- it requires .Net Framework which I dislike because of its weight, that of a whale …

        Now : I’ve installed nevertheless latest ‘Simple DNSCrypt’ version 0.3.6 and this update handles the plugins correctly :

        With ‘Simple DNSCrypt’ 0.3.6 it is possible to handle blocking of ip addresses and domain names. it runs perfectly well, still requires .net Framework (4.5 I think) but appears to allow handling DNSCrypt-Proxy in a far easier way than with the command-line (for me anyway since I’m not a techie guy).

        To be reminded : if applicable of course, uninstall manual DNSCrypt-Proxy (dnsproxy service installed/running from command-line) prior to installing ‘Simple DNSCrypt’.

        ‘Simple DNSCrypt’ home page : https://simplednscrypt.org/
        ‘Simple DNSCrypt’ Github page : https://github.com/bitbeans/SimpleDnsCrypt

    4. Skrell said on September 15, 2016 at 2:59 pm
      Reply

      Thanks again Tom for helping to clarify this VERY confusing situation of different tools needed to block different things in windows 7/8/10. Could you further explain how to integrate the IP’s and domains listed in WindowsSpyBlocker into “Simple DNScrypt”? I have never heard of Simple DNScrypt until now, but I’m glad that you confirmed that the IP blocking plugin for DNScrypt command line doesn’t appear to work.

      1. Tom Hawack said on September 15, 2016 at 3:36 pm
        Reply

        Skrell, as you know IP blocking can be performed with a Firewall or with dedicated tools, Peerblock for instance (IP ranges) or DNSCrypt.

        Concerning WindowsSpyBlocker,

        1- Blocking IPs
        WindowsSpyBlocker offers to block IPs it considers as spying-related by integrating those IPs to your Windows Firewall. To do so you must go to :
        WindowsSpyBlocker-3.4.4\scripts\firewall\firewall.bat -> Run firewall.bat and follow the instructions (add/remove WindowsSpyBlocker rules) -> That’s it for IPs blocking with WindowsSpyBlocker

        2- Blocking domain names
        WindowsSpyBlocker has no script for adding domains it considers as spying related to DNSCrypt.
        To do so, choose the folder WindowsSpyBlocker-3.4.4\data\dnscrypt\ then win7 or win81 or win10 according to your system.
        From there on you will find three files, extra.txt, spy.txt, update.txt — Choose according to what they block (refer to WindowsSpyBlocker Github page for details), copy/paste (1, 2 or all above txt files) to notepad and save to a file called, i.e. blacklisted-domains.txt

        From there on, run ‘Simple DNSCrypt’ -> Advanced Settings -> Open plug-in Manager -> Block addresses and domains => select the file blacklisted-domains.txt you’ve saved above AND “shift the green pad” right under (sorry for my poor English), then click on the checkmark : OK — Return to Standard settings, verify that the ‘Primary DNS Service’ “green pad’ is active : if not, click on it’s right to get it back to active …

        Hard to explain what is basically very simple (me: bad teacher!) — Hope you understand, otherwise call back.

    5. Skrell said on September 15, 2016 at 4:05 pm
      Reply

      I want to be clear for everyone here that the files extra.txt, spy.txt, update.txt do NOT contain ANY hard coded IP addresses and hence are not adequate for “complete” protection. My question was basically can I take the hard coded IP address from the proxifier files in the WindowsSpyBlocker zip and just add them to Simple DNScrypt to have 100% protection. It “sounds” like the answer is yes?

      1. Tom Hawack said on September 15, 2016 at 4:33 pm
        Reply

        Skrell, WindowsSpyBlocker’s extra.txt, spy.txt, update.txt included in its dnscrypt folder are intended for DNSCrypt’s domain blocking add-on which go in one file (i.e. blacklisted-domains.txt) but does not include hard-coded (aka IP) addresses which go in another file (i.e. blacklisted-addresses.txt) when handled by ‘Simple DNSCrypt’, because WindowsSpyBlocker handles blocking IPs via the user’s firewall.

        If you want to add data from WindowsSpyBlocker’s Proxifier folder you’ll have to :
        1- Separate domain names (i.e. activation.sls.microsoft.com) from IP addresses (i.e. 40.118.103.7)
        -> The domain names are the same as those found in WindowsSpyBlocker’s dnscrypt folder)
        -> Once domain names removed, copy IP addresses, remove the ; at the end, and paste them into i.e.blacklisted-addresses.txt then choose that file for ‘Simple DNSCrypt’ in the same way I mentioned above for the blacklisted-domains.txt file.

        Proxifier handles both domain names AND IP addresses, but it’s the only app (in this context) to do so.
        – Otherwise you have to choose blocking domains with either the HOSTS file (full url => abc.* forbidden for example), either DNSCrypt (with optional ‘Simple DNSCrypt front-end making it easier) …
        – Otherwise you have to choose blocking IP addresses with either a firewall (that’s what WindowsSpyBlocker does with its script provided Windows Firewall is active), or an application such as PeerBlock (IP ranges), either manually with ‘Simple DNSCrypt’ …

    6. Skrell said on September 27, 2016 at 1:43 am
      Reply

      Where can I find an example of the blacklist format?

      1. Skrell said on September 27, 2016 at 2:16 pm
        Reply

        My apologies I see you posted it clearly above! Ugh! So I did exactly what you said and now when I look in my dns.log file I see a bunch of domain names with [A] next to them….when I attempt to ping one of the blacklisted addresses i also see this….which i would think means it isn’t working? What does the [A] mean? I can’t find that information ANYWHERE online! :(

  5. Anonymous said on September 12, 2016 at 4:07 pm
    Reply

    Unless precisely it was this kind of tool which pushed Microsoft to release cumulative updates to make patches uninstallable separately.

    1. kalmly said on September 12, 2016 at 5:37 pm
      Reply

      Maybe it was. So, tell me, why should MS decide what I install and do not install on my computer?

      1. Anonymous said on September 12, 2016 at 6:56 pm
        Reply

        You should ask to the author of the Aegis script, if i remember well he received complaint and pressures from Microsoft, so he is probably better placed than me to answer to your question :)

      2. Corky said on September 13, 2016 at 11:38 am
        Reply

        @kalmly, Don’t take this as defense of what Microsoft are doing, it’s not, having said that, legally it maybe your hardware but it’s not your software, you license the software from Microsoft so legally they can do as they please.

      3. Jason said on September 14, 2016 at 6:17 pm
        Reply

        @Corky: I know that’s the prevailing wisdom, but I’m not sure it’s really true. At the very least it would depend on the country, because software laws vary widely. (In Europe, for example, a lot of software is not patentable. You probably know this but I’m pointing it out for everyone). In many countries, a legal argument can probably be made that the user should not be forced to allow modification (i.e. update) of software for which he has already paid, since he paid for a certain set of characteristics and the modifications may deprive him of those.

        Besides, a lot of the clauses in those generic End User License Agreements can be struck down in court very quickly, even if the user has “agreed” to abide by them by clicking on the “I Accept” button. Some EULAs actually acknowledge this, pointing out that their clauses are only applicable to the extent permitted by local law.

        Take-home message: these are murky waters!

  6. Rotten Scoundrel said on September 12, 2016 at 4:41 pm
    Reply

    Tom, skip the shave. The average Male spends 10 days (240hrs) shaving. In an average lifetime, that’s two years, not to mention the money spent on sharps-paraphernalia in that time.

    Loved the ex-wife analogy, the “possibly” sounds a little ominous, mentioned any of this to the wife yet? :)

    1. Tom Hawack said on September 12, 2016 at 5:03 pm
      Reply

      I must have had Windows in mind when I illustrated tomorrows with this ominous “possibly” … far from our first rendez-vous now that she pushes me around to buy a new house, I mean a new OS :)

      The fact is I cannot swear that I’ll divorce once the kid will have graduated (January 2020, he’s at Windows7 High School at this time) but, unless a miracle I’m afraid it’ll be over for Microsoft and me by that time. I guess you never know, some say people don’t change and some say they do; transpose that to companies and there goes Chapter II of my never to be published novel.

      Showered singing in the rain “O Sole Mio” with a 2-day beard, very fashion to what some say…

  7. Ron said on September 12, 2016 at 4:41 pm
    Reply

    Martin (or anyone), what does this mean? >> “Disable automatic delivery of Internet Explorer via Windows Update.”

    1. Dave said on September 12, 2016 at 11:36 pm
      Reply

      Oh that’s why a fresh Win 7 install with Aegis didn’t update from IE 8 to 11. Mystery solved.

  8. pd said on September 12, 2016 at 6:12 pm
    Reply

    “Ancile is script drive”

    missing an n on the end there :)

    1. Tom Hawack said on September 12, 2016 at 6:33 pm
      Reply

      Your wording reminds me of juju, a once famous contributor to Ghacks’ blog …

  9. Jay said on September 12, 2016 at 6:41 pm
    Reply

    ALSO WINDOWS 8.1? OR JUST 8?
    Had caps because this comment is quite low so maybe some attention hopefully

    1. Tom Hawack said on September 12, 2016 at 6:56 pm
      Reply

      Obviously 8.1 – “Windows 8” is a generic denomination and I haven’t met yet exclusives for Win8 which would put aside 8.1 (besides the OS update itself of course because those didn’t include Win 8.1!).

  10. kevin said on September 12, 2016 at 7:55 pm
    Reply

    For me, it was simpler to just ban Windows from the Internet. I dual-boot. Linux is for Internet activities, and Windows is stuck without networking, solely for running programs that I can’t get running in Linux.

    As a bonus, I don’t have to worry about what Microsoft will do come October, when they start shipping patches as a single giant blob. You just know that (after GWX and the Internet Explorer patch which installed advertising), Microsoft won’t be able to resist misbehaving for long.

  11. Matthew Linton said on September 12, 2016 at 8:59 pm
    Reply

    Thanks for the write up Martin. I’m glad to hear that people are finding Ancile useful.

    Just a couple things:

    The latest version of Ancile has a configuration file that can be modified to exclude some of the changes, so you no longer have to edit the main script. Not everything is configurable, but I think I’ve covered the important stuff.

    If anyone has any suggestions, issues, or anything related to Ancile, Please feel free to start a thread at “https://voat.co/v/Ancile”. I would really appreciate the communities input.

    1. Skrell said on September 12, 2016 at 10:38 pm
      Reply

      Thank YOU for keeping this VERY important and crucial application up to date! Please provide a paypal link for those of us who use your script(s) and want to donate to the cause!

      1. Matthew Linton said on September 12, 2016 at 10:51 pm
        Reply

        I’m happy to hear that you’ve found Ancile useful. I don’t have anything set up to take donations at the moment, but I appreciate the offer.

  12. sekoasa said on September 12, 2016 at 10:48 pm
    Reply

    If I should want to remove/cancel/undo the actions of Ancile, how would I proceed?

    1. Matthew Linton said on September 12, 2016 at 10:54 pm
      Reply

      At the moment, you would need to go through Ancile and manually revert all the changes that it has made. Some of that is easy, but a lot of it is tedious. I do have a note in my TODO list to add the option to undo Ancile’s changes, so that will eventually get added in a future version.

  13. sekoasa said on September 12, 2016 at 10:55 pm
    Reply

    Thank you.

  14. Vrai said on September 13, 2016 at 2:43 am
    Reply

    If you have to work that hard to tame your OS…. perhaps you are using the wrong OS… ?

    At least there are still options.

    Support your local FOSS developers!

  15. John said on September 13, 2016 at 2:23 pm
    Reply

    I stopped using Aegis for I noted random stuff not working anymore and as there was no clear path for “uninstall” all of it, I had to dive in and check everything it did in order to remove it.

    What I don’t like about this type of solution:
    – It prevents/removes hotfixes that may be valid for other reasons as well.
    – It’s “hairy” for not being able to remove it in 1 go in contrary to how to apply it.
    – It needs constant manual updating for every month’s worth of updating.
    – It’s prone to mistakes, either in missing the right ones or blocking the wrong updates
    – As I use a 3rd party program to update my Hosts file (Hostsman program with the MVPS hosts file to block various malicious, tracking and advert sites etc) these scripts conflicts with that.
    – When issues arise with other applications due to this, there is no fast way to positively find the part of it what is the cause.

    Yeah, it has a bunch of positives, but those where the reasons I didn’t want to continue with such.

  16. Anonymous Lurker in the Shadow said on September 13, 2016 at 11:08 pm
    Reply

    Article links to an unmantained version, while this is au-pair with M$ trickeries:
    https://github.com/sm4sh1k/aegis-voat

    Also, check: https://github.com/CHEF-KOCH/regtweaks

  17. George said on September 14, 2016 at 1:51 pm
    Reply

    This is very nice, thanks to the author and Martin for letting us know. Quick question about the hostsdns and hostsip files: do they contain the same addresses (just in different form) or they complement each other?

    1. Matthew Linton said on September 14, 2016 at 4:14 pm
      Reply

      The hostip file is used for blocking IP addresses using the Windows routing table and the firewall, while the hostsdns file is used to block host names using the Windows hosts file. In that sense the two lists compliment each other, and there is a lot of overlap between them.

      Blocking hosts has proven to be trickier than expected. For a while, most people were just adding host names to the hosts file and that was enough. Eventually, someone noticed that Microsoft was using hard coded IP addresses and some programs were ignoring the hosts file entirely. Because of this, it’s now necessary to not only block hosts but also block IPs using the three methods mentioned above.

      1. George said on September 14, 2016 at 6:20 pm
        Reply

        Thanks a lot for the info Matthew. Would perhaps using these lists in a 3rd-party firewall be a better option, since you would not be using Windows’ own blocking methods but rather an external tool? (which is of course installed in Windows, but just saying…)

      2. Skrell said on September 14, 2016 at 10:18 pm
        Reply

        For 100% clarity can you list the 3 methods you are referring to ?

      3. Matthew Linton said on September 15, 2016 at 12:05 am
        Reply

        @Skrell

        Sure. The three methods I was talking about were:

        1. Blocking domain names using the Windows hosts file. This allows you to redirect a domain name (something like “www.microsoft.com”) to a location that won’t respond to any requests. Usually the localhost address (127.0.0.1).

        2. Redirecting using the windows routing table. The routing table tells Windows where to send traffic based on IP addresses. Using the routing table you can tell Windows to send traffic nowhere (0.0.0.0)

        3. Blocking traffic using the Windows firewall. The Windows firewall watches all the traffic that you send and receive. You can add a rule that tells the firewall to drop any data going to a specific IP or network.

      4. Skrell said on September 15, 2016 at 1:36 am
        Reply

        And i assume that using something like Proxifier and WindowsSpyBlocker allows one to accomplish all 3 at once correct?

      5. Matthew Linton said on September 15, 2016 at 4:39 am
        Reply

        @Skrell

        From what I can gather, Proxifier has the ability to funnel all your traffic through itself, and it can block access to domains and IP addresses. As long as Windows doesn’t have a method for bypassing it, then Proxifier falls under the roof of a firewall for blocking hosts.

        WindowsSpyBlocker looks to do a lot of the same things that Ancile does. It has hosts file modifications and firewall rules. No routing table modifications though. It seems that WindowsSpyBlocker is more of a toolset to help implement custom host blocking.

    2. Matthew Linton said on September 14, 2016 at 6:44 pm
      Reply

      Absolutely, using a third party firewall is the most reliable way to ensure that nothing gets past your blocking rules. Your best option is to utilize a firewall that is is independent of your OS. As you might suspect, I’m sure Microsoft has ways of getting around locally installed firewalls (This is just speculation of course).

      For example, you could install something like DD-WRT on a compatible router and use that to block outgoing requests. Of course, this only works while you’re at home. If you’re surfing the web at the local Starbucks you no longer have that protection.

  18. Jason said on September 14, 2016 at 5:58 pm
    Reply

    Hey Martin, I have a comment about writing style. I would have placed the list of Ancile’s functions after either the 1st paragraph or the 4th. As it stands, it is placed after the 9th, which means we have to go through a lot of secondary information before we get to the most important information of the article.

    You’ve been kind about writing suggestions from other people in the past, so I thought I’d add my own two cents as well!

  19. Dave said on September 18, 2016 at 12:01 pm
    Reply

    TinyWall.

  20. Jeepers said on September 27, 2016 at 4:08 am
    Reply

    I use Winreducer + NTlite is this any use to me?

  21. winblows said on January 12, 2017 at 10:55 pm
    Reply

    thank you for sharing this great tool

  22. Anonymous said on March 17, 2017 at 12:13 pm
    Reply
    1. Belga said on March 23, 2017 at 12:40 pm
      Reply

      Thanks for posting!

  23. sjorge said on September 26, 2017 at 6:25 pm
    Reply

    Hi all
    think it is best to use an external firewall, there are a lot of out in the wild.
    Choose a selected software, put it on a hardware Ur choice, very easy.
    U must not fumble around with OS. Just block all at first and step by step
    U enable an IP or domain as it is needed.

  24. Anonymous said on October 22, 2017 at 11:09 pm
    Reply

    URGENT WARNING!!! ~ URGENT WARNING!!! ~ URGENT WARNING!!! ~ URGENT WARNING!!! ~ URGENT WARNING!!!
    ________________________________________________________________________
    I use Windows 7 64-bit and I had an immense problem with Windows Update. It is crucial to receive updates to patch exploits+ensure compatibility with other things, but I kept receiving an error: “Code 80072EFD”

    It wouldn’t even wait, it would immediately display this error right after clicking “Check for Updates.” I searched and searched and tried everything, talking to Microsoft (who eventually recommended an upgrade re-install), and trying fix after fix. Finally I go to Windows Firewall and see “Ancile – Block Malicious IP Addresses” in outbound rules. I disable it, AND WINDOWS UPDATE WORKS.

    For anyone else having Windows Update Error Code 80072EFD, THIS PROGRAM IS AT FAULT. AS FAR AS I’M CONCERNED IT IS MALWARE FOR BLOCKING WINDOWS UPDATE INEXPLICABLY AND WITHOUT NOTIFICATION. DISABLE/UNINSTALL/DELETE/STAY AWAY!!
    ________________________________________________________________________
    URGENT WARNING!!! ~ URGENT WARNING!!! ~ URGENT WARNING!!! ~ URGENT WARNING!!! ~ URGENT WARNING!!!

  25. jorge said on January 6, 2018 at 11:07 pm
    Reply

    What a bullshit is this Anonymous spreadding !

    Use an external firewall, block all and step by step let wanted connections passing.
    No more fiddling with M$-Updates. Just let them happen, block the answers… and all is fine.

    If U like fiddling around.. U should have a look at dnsapi.dll and its content.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.