Windows Launches IE Whenever a Network Connection is Made and Loads the MSN Site

Disabling advertisements is a normal thing these days.  There are many ways to do it.  Some are more detectable than others.  Some sites are more aggressive than others at detecting and reacting to it.  These sites should just accept that people are going to block their sites to rid themselves of ads.

The ways to do it are via your router, via a block list that you add to a program that operates as a local domain name server where it checks lists of unwanted sites before allowing you to connect, and then there’s the most detectable way which is through your browser with an addon called an adblocker.  Ublock Origin is the most common.

The issue that I had earlier has to do with the fact that I use these.  I have a pfsense router, which consists of a custom built computer that has pfsense firewall software, and pfblockerng, installed which allows me to block sites using DNS (domain name service) block lists.  The feature is called DNSBL.  It can use common lists such as easylist.  I use all of those tools listed above.  I block many of Microsoft’s sites to keep them from collecting telemetry and other personal data.  I do not use Windows myself.  I only deal with it when I work on someone else’s computer.  Personally I only use Linux.  It has none of these design type problems.

In addition to the pfsense/pfblockerng setup I have the PiHole software configured and running on a Raspberry Pi Model B.  It too operates as a blocker that uses DNS to block ads and sites.  It, as with pfsense/pfblockerng, can use custom lists.

Both of these can be configured to block a wide variety of undesired sites such as porn sites, sites that collect telemetry (Microsoft is one of those onerous ones), and any other site that maybe you don’t want your employees or kids to access.

The main difference between the two is that pfblockerng runs as an addon in my router’s software (pfsense which runs the BSD Unix operating system) whereas the PiHole runs on a small energy efficient System on a Chip (SoC) computing platform (that runs Linux).  The PiHole is nice in that it provides graphs and charts to give you an idea of what/how successful it is doing.  Both the PiHole and pfblockerng are highly configurable.

In my case, I have some custom block lists that block most of the Microsoft sites.  I am only interested in having access so that I can do updates.  I don’t care that Microsoft might be mad that they can’t see what I’m doing.  I’d rather protect my privacy.

Yesterday I was fixing someone’s computer and after doing a full reinstall onto a new hard drive upon booting I found that the computer would load Internet Explorer (IE) on every boot even if there was nothing in the auto start, services, or task scheduler.  Those are the three most common ways to automatically launch a program when the computer starts.

Further I learned that it wasn’t the boot up process that launched IE, rather it was when the internet connection state occurred.  If I unplugged the network cable and then reconnected it IE would launch and load the MSN.com homepage.  It would load MSN.com even though that was not the homepage set in the browser.

I took some time looking at task manager because task manager looks for triggers, such as connecting to the internet, and will perform some action when that occurs.  I looked through the list of tasks under Microsoft’s section and found a bevy (50-75) of them.  Reviewing each one revealed no answer as to why IE and MSN.com were loading.

Searching Google didn’t help.  I performed a variety of searches.  I mostly came up with a slew of links having to do with IE not launching.  So much for Google’s deep dive learning algorithms.  After two days of doing searches, and testing anything that might resemble a fix, I finally came across a link that talked about changing a setting in the registry.

The registry is a big database of setting (typically hundreds of thousands of them) that are used to set how Windows and other programs function.  The registry entry in question is as follows:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing

Changing the value in that entry from 1 to 0 solved my problem.

Here’s were we get to the meat of it.  A base install of Windows 8 and later (maybe also earlier versions of Windows) with that setting enabled (which it is by default) Windows does some active probing to check if you are connecting to their site and if you have an active internet connection yet are not talking to their site it launches your default web browser and takes you to MSN.com.  Totally crazy.  I personally don’t consider it appropriate either.