> trying to kill Windows Update to let anything else use my HDD (as I re-enable it occasionally then forget to disable it before shutting down)

> Task Manager shows 2 instances of CMD, grep from temp, 4 instances of net and "Microsoft Windows Netcode Generator"

yeah i've gotten bit by something

What happened

@alexbrooklyn Unknown, still investigating.

Seems like something blew up in the aspnet scaffolding engine.

So, according to Wireshark, this "Netcode Generator" prods all the devices on my local network, gets odd responses from other Win10 machines, then sends their responses to...

A Windows Update server.

So now they're P2P snooping since people disable direct snooping?

@Parzi What the fuck. I think this is a feature, the initial goal being that devices in a network could receive updates through a whitelist firewall if it runs Windows. Although I wouldn't say they don't use the p2p snooping network for telemetry.

I've also noticed win10 devices sending odd packets at regular intervals, often including the machine name and some other stats. The more win10 devices on the network, the more chatter.

If it's actually using this to bypass blocks on individual machines, that's pretty worrying. Sounds like speculation, but feels like it could be a thing.

@Parzi maybe it's the network update distrubition thing, only on download mode (since u can only disable uploading and choose where to get/send updates)

@melezorus34 All of us have that disabled and all of us have our network set to metered, and that wouldn't explain it shuttling weird responses *BACK* to Windows Update once (they were like 32k data blobs, too small for updates by a long shot) and then deleting itself.

@Root they didn't seem to be plaintext to me, they looked like they were crypted. You sure you're not looking at like NetBIOS name exchange?

@Parzi I'm sure some of them were.
I mostly just compared addresses and packet volume; looking at the actual data in packets is usually pointless because they're encrypted or encoded.