Technically, that is a very hard thing to do, I have checked most if not all automated tools, and they all fail at making a complete stop to it. Some of them even stops processes like explorer from entering the network entirely which may break the local subnet. Then there is svchost.exe and ntoskrnl.exe aka system which are a chapter of their own.
After about 6 months, my system is pretty much dead silent at the network card, but still there are a few addresses that pops up which needs a forward or reverse lookup depending on the type of address.
Also, this is a Windows 10 Enterprise install which is marginally easier to handle privacy-wise than Pro and Home (due to a change in policy from Microsoft requiring >500 installs, it looks as though it will be my last).
To overcome the challenge of Microsoft spying, one must first accept that it will be an ongoing challenge which will never stop. One new 'security' update may come with new external addresses set up to receive telemetry data.
In that context it simply is not enough to only search the net as you will forever be running late. You should start by changing the default outbound policy in your firewall to 'Block' and set notifications to high. With such an approach, you will catch new information-harvesting IPs and even hinder many malware programs from accessing the net. Then you should stay clear of Microsoft IE/Edge and block the applications from anything but local addresses (if needed) in your firewall.
And another thing: You should check your firewall rules frequently, at least after updating Windows which I suggest you do offline. Personally I check my rules almost every day and move global telemetry IPs to the hardware firewall once a week to make sure other computers are protected as well (my PC does not send it in the first place).
There are many scopes for narrowing what processes are allowed to do, for explorer.exe, I have locked it out of the gateway and broadcast address as well as it has no business there since I only have one subnet. If the gateway is at 1, it will have a range of x.x.x.2-x.x.x.254. Other processes needs access to the broadcast address but does not need to access the gateway and then you open x.x.x.2-x.x.x.255.
There may be many ranges needed to block some programs. One such string of addresses if your local subnet is 192.168.1.x could be:
The above would not be really necessary if the default policy is block, but I do create the rule anyway as my default block is for new connections. Everything else has a rule.
Then for the allow rule it will be.
No rule is needed, to my knowledge, for the 127.x.x.x (localhost) subnet but I do tend to create it anyway.
Then I create rules for inbound traffic if needed with the port(s) accepted for incoming traffic. I create both the block rule and the allow rule even here, but I do not create any rules unless there is an allow for the inbound traffic.
Naturally, since the default is block, all processes which should be allowed to access the network must have a firewall rule which is a lot of work at first, but it is in my opinion the only correct place to start.
Then, and only then we can say that we are pretty much dealing with the traffic that enters and exits our computers.
The default of 'outbound traffic allow' is a convenience setting to make you lazy and have a less secure computer, nothing else. :flower: