How to temporarily stop as much as possible Microsoft network traffic on a potentially compromised machine
I need to connect my potentially compromised Win10 machine to the network briefly to determine any attempted target endpoint addresses, while blocking the actual connections at the edge firewall. However, various Microsoft products are generating an excessive amount of attempted network traffic, making it difficult to sift through to recognize the attempts of interest. How can I temporarily stop as much as possible Microsoft network traffic on a potentially compromised machine to have a better chance of confirming if there is indeed malware - and, if so - determining what endpoints may be involved? If limiting that traffic isn't possible, is there a minimum set of clearly recognizable U.S. based URLs I could filter and allow through my firewalls and ProcMon filters that would allow unstoppable legitimate MS updates/license traffic to transit without contributing to gigantic ProcMon logs?