The simplest way to test any software you're suspicious of on Windows is Sandboxie (https://sandboxie-plus.com/downloads/). Any files or registry changes are persisted to a separate location in the filesystem, so it is pretty easy to catch misbehaving software. For software like this, it will negate the utility of the software due to being in a sandboxed environment, but it will least give an idea of the registry keys and files that may be modified.
This is not convenient to do at every update. On a windows system were there is no known concept of built-in package manager it is even more complicated. I've seen windows apps that automatically update themselves.
Also, since it is very intrusive, I don't think running it into a sandbox may give good diagnostics.
If this program has to be run persistently, then it won't provide much, since a malicious program could wait X days prior to downloading a payload. It is mostly useful for looking for one time changes like registry settings and verifying that the program doesn't place a bunch of random .bat or .exe's in obscure folders.
Windows loves to silently update things, even if it ends up breaking everything, too. Especially drivers where it isn't super obvious that it was updated and something just stops working. Windows 10 is _way_ more aggressive with forcing updates than 7/8 were, automatically re-enabling Windows Update after 30 days of disabling. The easiest solution that I've found is just blocking everything at the DNS level. They can obviously use IP addresses as a workaround if they really want telemetry, but I haven't had issues after blocking a bunch of MS domains in the hosts file.
