[philpem]

I think you'd more or less have to block *.microsoft.com at the gateway, then add explicit allows for WGA and Windows Update.

Or a group policy update to tell Defender not to upload stuff to MS.

[mirimir]

Sorry. I meant how would Microsoft (and other anti-malware) firms block it. When they're testing binaries obtained from users' machines.

For users, sure, try to lock down Windows. Or (my preference) just don't use it. Or don't give it network access, if it contains any information that you care about.