Really you’d have to fire up Wireshark and see what telemetry Windows was blabbing away behind your back. Analysing those logs can be a tedious business, especially as you’d need a large dataset.
Thing with just about any tech related question posted is likely some geek will have done the heavy lifting for you already. Here is a nice start:
That’s logs required to be collected, doesn’t say whether or not the data is sent back to Windows. Best assume yes.
Course, all that proprietary software will have a voluminous licence agreement that nobody reads. They’ll collect as much data as they can to “maximise user experience” or whatever rubbish.
Could one mirror the traffic from the VM into Suricata/Snort to analyse it? Although if it were to be HTTPS traffic I doubt these or Wireshark would be able to do anything about them. The only alternative remains is to run a MiTM proxy in your network, which is a bit more advanced
Really you’d have to fire up Wireshark and see what telemetry Windows was blabbing away behind your back. Analysing those logs can be a tedious business, especially as you’d need a large dataset.
Thing with just about any tech related question posted is likely some geek will have done the heavy lifting for you already. Here is a nice start:
https://www.zdnet.com/article/windows-10-and-telemetry-time-for-a-simple-network-analysis/
Here is another one:
https://www.comparitech.com/blog/information-security/windows-10-data/
That’s logs required to be collected, doesn’t say whether or not the data is sent back to Windows. Best assume yes.
Course, all that proprietary software will have a voluminous licence agreement that nobody reads. They’ll collect as much data as they can to “maximise user experience” or whatever rubbish.
Could one mirror the traffic from the VM into Suricata/Snort to analyse it? Although if it were to be HTTPS traffic I doubt these or Wireshark would be able to do anything about them. The only alternative remains is to run a MiTM proxy in your network, which is a bit more advanced