Windows 11 How do you STOP Windows 11 from Accessing the INTERNET?

[TerryMz]

I suffer with Dialup Internet which is already too slow. After having used Windows XP until my Pentium 4 Computer konked-out, I recently installed Windows 11 on my new Intel Generation 14 ASUS Motherboard, and then immediately discovered that the Windows 11 OS is constantly accessing the Internet which causes my Connection to become slower than a Snail's Pace. Windows XP did not access the Internet. How can I stop Windows 11 from accessing the Internet? I'm forced to go to my local Library to post this.

 

[ChatGPT]

TerryMz, on Windows 11 you generally can’t make the OS “never talk to the internet” while you’re connected (updates, certificate checks, time sync, Defender, Store, etc., but you can do two practical things:
1) Reduce background traffic a lot (recommended first)
2) Hard-block everything except the apps you choose (best for dial‑up, but you must set it up carefully)
Below are both approaches.

---

A) Reduce Windows 11 background internet use (good first pass)​

1) Pause Windows Update (immediate relief)​

Settings → Windows Update → Pause updates (pause for the maximum offered).
Also go to: Windows Update → Advanced options and turn OFF things like:

• “Get the latest updates as soon as they’re available” (if shown)
• Optional updates (don’t download)

Security note: pausing updates long-term isn’t ideal, but on dial-up it’s understandable. You can “unpause” when you’re at a faster connection (library) and update in one go.

2) Turn off Delivery Optimization (stops peer-to-peer update sharing)​

Settings → Windows Update → Advanced options → Delivery Optimization → Off

3) Stop OneDrive from constantly syncing (common cause)​

If you don’t use OneDrive:

• Right-click the OneDrive cloud icon (system tray) → Settings
• Quit OneDrive
• In OneDrive Settings, disable Start OneDrive automatically
  Or uninstall it: Settings → Apps → Installed apps → Microsoft OneDrive → Uninstall

4) Stop Microsoft Store auto-updates​

Open Microsoft Store → (your profile icon) → Settings
Turn OFF App updates

5) Disable Widgets/news feeds (can be “chatty”)​

Settings → Personalization → Taskbar → Widgets → Off

6) Reduce telemetry/suggestions​

Settings → Privacy & security → Diagnostics & feedback

• Turn OFF Optional diagnostic data
• Turn OFF Tailored experiences
• Turn OFF feedback prompts (if present)

---

B) The “dial-up friendly” fix: Block all outbound traffic except what you allow (most effective)​

This is the closest you’ll get to “Windows 11 stops accessing the internet” while still letting you browse.

Step 1 — Set Windows Firewall to block outbound by default​

1. Press Win + R, type: wf.msc and press Enter
2. Click Windows Defender Firewall Properties (in the right pane)
3. For each profile tab (Domain / Private / Public) set:
   • Outbound connections: Block
4. Click OK

At this point, most Windows background traffic will be blocked.

Step 2 — Add an “Allow” rule for ONLY your browser (Edge/Chrome/Firefox)​

Still in Windows Defender Firewall with Advanced Security:

1. Outbound Rules → New Rule…
2. Choose Program
3. Select your browser EXE, for example:
   • Edge: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
   • Chrome: C:\Program Files\Google\Chrome\Application\chrome.exe
   • Firefox: C:\Program Files\Mozilla Firefox\firefox.exe
4. Choose Allow the connection
5. Apply to Private/Public (and Domain if you want)
6. Name it like: Allow – Browser

Now your browser should work, but Windows Update/Store/OneDrive/etc should be largely blocked.

If something breaks​

Some things you might need to allow later (only if you want them):

• Your email program (if not webmail)
• Remote support tools
• Windows activation (occasionally)
• Time sync

You can add allow rules for those specific programs the same way.

How to undo everything (important)​

Go back to Windows Defender Firewall Properties and set Outbound connections back to Allow (default).

---

Quick questions (so I can tailor this to your exact setup)​

1) Are you on Windows 11 Home or Pro?
2) Are you using a true dial-up modem (phone line), or a cell hotspot / slow DSL that just feels like dial-up?
3) When it slows down, do you see a specific app using data in Task Manager → Performance → Wi‑Fi/Ethernet or in Resource Monitor → Network?
If you tell me your Windows edition + what browser you use, I can give you the exact allow-rule path(s) and a minimal “allow list” so only what you want gets through.

 

[TerryMz]

​

---

Quick questions (so I can tailor this to your exact setup)​

1) Are you on Windows 11 Home or Pro?
2) Are you using a true dial-up modem (phone line), or a cell hotspot / slow DSL that just feels like dial-up?
3) When it slows down, do you see a specific app using data in Task Manager → Performance → Wi‑Fi/Ethernet or in Resource Monitor → Network?
If you tell me your Windows edition + what browser you use, I can give you the exact allow-rule path(s) and a minimal “allow list” so only what you want gets through.

1) I'm on Windows 11 Pro.
2) It is a true Dial-up Modem.
3) I don't see any specific App.

 

[ChatGPT]

TerryMz, thanks — Windows 11 Pro gives you a couple of stronger controls (Group Policy + stricter Firewall rules). On true dial‑up, even “small” background checks can absolutely destroy browsing.
Since you don’t see a single obvious app doing it, I’d do this in two phases:
1) Clamp down the big built-in background downloaders (Windows Update / Delivery Optimization / Store / OneDrive)
2) If that’s still not enough, use Firewall “block outbound by default” but add a couple of required allow rules (especially DNS, otherwise your browser may not load sites).

---

Phase 1 (recommended first): stop the biggest background downloaders​

1) Set Windows Update to “notify only” (Pro)​

This prevents the “silent downloading” that kills dial-up.

1. Press Win + R → type gpedit.msc → Enter
2. Go to:
   Computer Configuration → Administrative Templates → Windows Components → Windows Update → Manage end user experience
3. Open Configure Automatic Updates
4. Set to Enabled
5. In “Options”, choose 2 – Notify for download and auto install
6. Click Apply / OK

Also do:

• Delivery Optimization: Settings → Windows Update → Advanced options → Delivery Optimization → Off

2) Stop Microsoft Store auto-updates​

Microsoft Store → Profile icon → Settings → turn App updates Off.

3) Stop OneDrive (if you don’t use it)​

Right-click OneDrive cloud icon → Quit OneDrive
Then OneDrive Settings → disable Start OneDrive automatically (or uninstall OneDrive).
These three items are the most common “why is my connection pegged?” causes.

---

Phase 2 (most effective on dial-up): Firewall “Block outbound” + allow only what you want​

Important: If you only allow your browser but forget DNS, your browser often won’t resolve any website names. So we’ll allow:

• Your browser
• DNS (svchost/DNS Client) to port 53

Step A — Create allow rule for DNS (so web pages can resolve)​

1. Press Win + R → type wf.msc → Enter
2. Go to Outbound Rules → New Rule…
3. Choose Custom → Next
4. Program: This program path:
   C:\Windows\System32\svchost.exe
5. Protocol and Ports:
   • Protocol: UDP
   • Remote port: 53
6. Scope: leave default (or set remote IP = Any)
7. Action: Allow the connection
8. Profile: choose the profiles you use (usually Private)
9. Name: Allow DNS (UDP 53)

Repeat once more for TCP 53 (some DNS uses TCP):

• Same rule, but Protocol = TCP, Remote port = 53.

Step B — Allow your browser​

Outbound Rules → New Rule… → Program → select your browser EXE → Allow.
Example:

• Edge: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
• Firefox: C:\Program Files\Mozilla Firefox\firefox.exe
• Chrome: C:\Program Files\Google\Chrome\Application\chrome.exe

Step C — Now set outbound default to “Block”​

1. In wf.msc, click Windows Defender Firewall Properties (right side)
2. For your active profile (usually Private), set:
   Outbound connections = Block
3. Click OK

At that point, Windows is basically “offline unless you explicitly allowed it.”

If something you need stops working​

Tell me what stopped (example: time sync, activation, email client), and I’ll give you the exact additional minimal allow rule.

---

How to see what’s using the internet (so we can target it)​

Since Task Manager isn’t showing it clearly, use Resource Monitor:

1. Press Win + R → type resmon → Enter
2. Go to Network tab
3. Under Processes with Network Activity, click the Send (B/sec) and Receive (B/sec) columns to sort.

If you report the top 2–3 process names you see there (even if it’s just svchost.exe), I can tell you which Windows component it likely is and how to stop that specific traffic.

---

Two quick questions (so I don’t accidentally break your dial-up connection)​

1) What browser do you use (Edge / Chrome / Firefox)?
2) In Resource Monitor → Network, do you see svchost.exe doing the traffic, or something else?
Once I know that, I can give you a very tight “allow list” that keeps dial-up usable while still letting you browse.

 

[datawizard0103]

I suffer with Dialup Internet which is already too slow. After having used Windows XP until my Pentium 4 Computer konked-out, I recently installed Windows 11 on my new Intel Generation 14 ASUS Motherboard, and then immediately discovered that the Windows 11 OS is constantly accessing the Internet which causes my Connection to become slower than a Snail's Pace. Windows XP did not access the Internet. How can I stop Windows 11 from accessing the Internet? I'm forced to go to my local Library to post this.

Set your internet connection to Metered. Settings > Network & Internet > your connection > toggle Metered on. This forces Windows 11 to stop background syncing, update checks, Store activity, and cloud chatter system-wide without breaking offline use. It’s the simplest way to quiet hidden traffic that services tweaks alone don’t fully stop, especially on ultra-slow connections.

 

[TerryMz]

---

Two quick questions (so I don’t accidentally break your dial-up connection)​

1) What browser do you use (Edge / Chrome / Firefox)?
2) In Resource Monitor → Network, do you see svchost.exe doing the traffic, or something else?
Once I know that, I can give you a very tight “allow list” that keeps dial-up usable while still letting you browse.

1) I'm presently using the Edge browser.
2) Under Processes with Network Activity I get the following listed:
svchost.exe (NetworkService -p)
svchost.exe (netsvcs -p)
svchost.exe (NetworkService -p)

Upon disconnecting my Dial-up Internet Connection I get a pop-up message as follows: "Something happened, and we couldn't install a feature."

 

[ChatGPT]

TerryMz, that’s helpful info. Seeing multiple svchost.exe entries is normal on Windows 11—the key is which service(s) inside that svchost instance are doing the downloading. The popup you get when you disconnect:

“Something happened, and we couldn’t install a feature.”

strongly suggests Windows is trying to download an Optional Feature / Feature on Demand payload in the background, and it fails as soon as dial-up drops.
Also: you mentioned uploads—I don’t see any attachments on this post. If you tried to attach screenshots/logs, please re-upload and I’ll review them.

---

1) Stop Windows from downloading “Optional Features” from the Internet (this targets your popup)​

Since you’re on Windows 11 Pro, use Group Policy:

1. Press Win + R → type gpedit.msc → Enter
2. Go to:
   Computer Configuration → Administrative Templates → System
3. Open: Specify settings for optional component installation and component repair
4. Set it to Enabled
5. Check: Never attempt to download payload from Windows Update
6. Click Apply → OK
7. Reboot

This prevents Windows from going online to fetch feature payloads (speech, handwriting, .NET 3.5, RSAT bits, etc.). It also usually stops that “couldn’t install a feature” nag on disconnect.
If you ever do need such a feature later, you can install it from a local source (Windows ISO) instead of the internet.

---

2) Identify exactly what those svchost.exe instances are (so we can stop the right thing)​

In Resource Monitor → Network:

1. In Network Activity, expand the entries and note the PID for the svchost.exe that has the most Receive (B/sec).
2. Then open Command Prompt as Administrator and run (replace 1234 with the PID you saw):

tasklist /svc /fi "PID eq 1234"
That will list the actual service names inside that svchost process (for example, you may see wuauserv (Windows Update), bits, DoSvc, etc.).
If you paste the output for the top 1–2 PIDs, I can tell you exactly what to disable without guesswork.

---

3) The usual “dial-up killers” to stop (safe to try while we wait for your PID list)​

These are the most common sources of background downloads. You can stop them temporarily and set them to Manual:

1. Press Win + R → type services.msc → Enter
2. For each below: Stop it, then set Startup type to Manual (or Disabled if noted):

• Windows Update (wuauserv) → Manual
• Background Intelligent Transfer Service (BITS) → Manual
• Delivery Optimization (DoSvc) → Disabled (recommended on dial-up)
• Microsoft Store Install Service → Manual (prevents Store installs/updates in background)

Reboot after changing these.

Note: Disabling Windows Update/BITS will stop most update traffic, but you’ll need to re-enable them when you’re ready to update (for example, at the library).

---

4) If you want the “hard stop”: block outbound by default, allow only Edge + DNS​

You’re already very close to this approach. The one critical piece is DNS (otherwise Edge can’t resolve website names).

• Allow DNS (svchost.exe UDP/TCP remote port 53)
• Allow Edge (msedge.exe)
• Then set Firewall Outbound = Block (Private profile)

If you want, I’ll rewrite this as a “do exactly these clicks” checklist tailored to dial-up + Edge.

---

5) Two quick checks for you​

1) In Settings → Windows Update, does it currently say anything like Downloading / Installing?
2) In Resource Monitor, for the busiest svchost.exe, what are the Remote Address and Remote Port shown under Network Activity?
And most importantly: please post the results of:
tasklist /svc /fi "PID eq ####"
for the svchost.exe PID that’s receiving the most data. Once we know whether it’s wuauserv, bits, DoSvc, InstallService, etc., we can stop exactly the right component and keep your dial-up usable.

 

[TerryMz]

Set your internet connection to Metered. Settings > Network & Internet > your connection > toggle Metered on. This forces Windows 11 ... connections.

Thanks so much for your help. I can't find this "Metered" option. It isn't available under the Properties Box. Perhaps it's not available for a Dial-up Modem like my US Robotics V.92 external Modem which connects to the Serial Port. Am I looking in the wrong place?

 

[ussnorway]

it's a feature not a bug
the ONLY way to limit Windows 11 internet access is to physically remove the modem i.e, unplug it

 

[ChatGPT]

Physically unplugging the modem/router is the most foolproof “nothing gets out” method, but it’s not the only way to stop Windows 11 from reaching the Internet.

If you want a 100% guarantee (best for “air‑gapped”)​

These are the only approaches that are hard to bypass from within Windows:

• Unplug Ethernet and/or power off / unplug the modem/router.
• Remove/disable the network hardware:
  • Disable the NIC/Wi‑Fi in UEFI/BIOS (stronger than Windows settings).
  • Physically remove the Wi‑Fi card/USB Wi‑Fi dongle.

If you want “no Internet” but still powered/on (software/IT controls)​

These work well for normal use, but they’re “policy” controls (a determined admin/malware could undo them).

Option A — Disable adapters (quick and effective)​

• Device Manager → Network adapters → right‑click the adapter → Disable device
• Or admin CMD:
  

  netsh interface show interface
  netsh interface set interface "Wi-Fi" admin=disabled
  netsh interface set interface "Ethernet" admin=disabled

Option B — Block outbound Internet in Windows Firewall (keeps the link up but stops traffic)​

1. Open wf.msc (Windows Defender Firewall with Advanced Security)
2. Windows Defender Firewall Properties
3. For each profile (Domain/Private/Public):
   • Outbound connections: Block
   • Then create Allow rules only for what you explicitly want (or none, if you want total block)

This is the closest you’ll get to “connected but no Internet” on the Windows side.

Option C — Block at the router (often best in practice)​

• Put the PC on a VLAN/guest network with no WAN access, or
• Create a rule to block that device’s MAC/IP from reaching the Internet

This prevents the PC from getting out even if Windows settings change.

Bottom line​

• If your goal is absolute “cannot access the Internet under any circumstances,” you’re right to prefer physical/BIOS/hardware removal.
• If your goal is practical “stop Windows 11 from using the Internet,” you can do it cleanly with adapter disable + firewall outbound block + router rules.

If you tell me whether you still need LAN access (NAS/printer/RDP) while blocking WAN, I can suggest the simplest exact setup.

 

[datawizard0103]

Thanks so much for your help. I can't find this "Metered" option. It isn't available under the Properties Box. Perhaps it's not available for a Dial-up Modem like my US Robotics V.92 external Modem which connects to the Serial Port. Am I looking in the wrong place?

Windows 11 doesn’t show the Metered option for true dial up connections like your serial US Robotics modem. Instead turn off background traffic manually. Disable extra update downloads in Windows Update settings turn off account sync in Accounts and set the Windows Update service to Manual in services.msc. That will stop most of the hidden internet activity and keep your dial up usable.