In my opinion, of the three steps listed, only step 1 is mandatory. If you’ve done step 1, then even if you don’t do step 2, according to my Windows 7 tests, very little telemetry from KB 2952664 (Win7) gets transmitted to Microsoft. If you’ve done step 1, then the main reason to do step 2 is to stop the gathering of telemetry, which happens even if step 1 is done, and can consume nontrivial cpu and disk resources.

We do know what telemetry results from 2952664 (Win7) or KB2976978 (Win8.1). Also there exists a method that very likely lists the telemetry from 2952664 (Win7) or KB2976978 (Win8.1).

From Windows 7, Windows 8 and Windows 10 Telemetry Updates (Diagnostic Tracking):

“There are a few more settings that you can turn off that may send telemetry information:

To turn off Windows Update telemetry, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

Turn off Windows Defender Cloud-based Protection and Automatic sample submission in Settings > Update & security > Windows Defender.

Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article 891716.”

I’ll add one more: Windows Error Reporting.

For those interested in privacy issues involving network connections to Microsoft, both telemetry and non-telemetry, you may wish to browse Links: Microsoft privacy statements and Windows network connections to Microsoft.

As a somewhat easier way to find random “KB” numbers in the list of installed updates, at least in Windows 7, the “Search Installed Updates” box at the right-hand end of the Address Bar can be used to search for a specific KB number.

After going to Control Panel, Programs and Features, and clicking on “View Installed Updates” in the left side bar (and waiting for awhile for the list of updates to come up…), then the Search Installed Updates function can be used.

EG: to find if KB2952664 is currently installed on a system, just start typing KB2952664 in the Search Installed Updates field.  As you type K, B, 2, 9, 5, 2… the list of installed updates will be narrowed down to any matching as much of the KB number as you have entered.

Once you have found the update you are looking for (or not if nothing is found), it can be clicked on to see if it can be uninstalled.

Repeat for KB3150513 (or any other KB you are looking for).

This is much easier that scrolling down a HUGE list of updates on a system (eg: my current old laptop has 536 updates installed!), and doesn’t require any sorting or grouping of the update list.

I can’t remember where I found out about this, but I know it is sure lots easier than trying to find an update by scrolling up and down, and trying to pick the KB number out of a mass of text on the screen.

MrBrian wrote:

Turn off Windows Defender Cloud-based Protection and Automatic sample submission in Settings > Update & security > Windows Defender.

Don’t see any such thing on Win7 ? Could this apply only to later OS ?

owdrtn wrote:

Don’t see any such thing on Win7

When I searched for Windows Defender, this is what I got:

#117301

I’m a newbie from the Comments on AKB 2000003 “Group B” ongoing list of w 7 & w 8.1 updates.  Thank you for the telemetry preventive course of action.  Will pass on to other newbies who need the help.

Woody, you may want to let folks know about this fantastic tool:

https://www.safer-networking.org/spybot-anti-beacon/

Between this and the scripts and settings mentioned above, you can get pretty good protection against snooping.

The next time you rebuild a Win7 machine, follow this process to avoid the vast majority of the known/suspected snooping updates:

Change the Windows Update setting to NEVER and never change that, ever
After Win7 install, BEFORE you start Windows Update, Install KB3020369 and KB3138612.
Restart
Start Windows Update. A list of +-200 will be offered
Go down the list of proposed updates till you get to the first one that is NOT labeled Security
select the first one, look to the right for the release date
If that date is at or before December 31, 2014, accept it. In other words leave it checked.
If that date is AFTER December 31, 2014, Right-click on it and choose Hide.
Do not check any unchecked update
Do not use ANY optional updates, especially drivers
Do this on each successive Windows Update pass.

This methodology is based on the fact that ALL Windows 7 development ended on December 31, 2014. Virtually all the updates that were not Security are in fact unnecessary and contain the vast majority of the privacy/snooping/Win10 updates.

I have used this procedure many times over the last several years and results have been excellent. No problems whatsoever.

I must add this information however. I do not install any “roll-ups” except .net. I install the security only updates that can be gotten from the catalog for October 2016 through May 2017, and have not applied any, not a single update since. My 150 or so clients have never experienced a problem since I began this policy. In fact they run flawlessly and turned into stable reliable systems.

Using Canadian Techs’ recommendations of avoiding any non-security updates from January 2015 forward, I browsed my installed updates list and come across several. KB2990214 and KB3075851 have multiple posts here saying to avoid them. Should I uninstall them now or better at this point to just leave things alone? I don’t want W10 force installing but haven’t had any issues of that so far.

Others listed as installed.

KB4345459 : But this was from https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/ so it must be okay.
KB3141092
KB3077715
KB3087985
KB3064209
KB3065979
KB3020369
KB3023607

Thanks!

(Is this the correct way to thank the author??)