Disable Windows 10 upgrade nagware on Win 7, Win 8.1 computers

Topic

New Reply

This is a general update of all we know (or at least all I know) about safely removing the Windows 10 upgrade nagware.Particularly timely because, app
[See the full post at: Disable Windows 10 upgrade nagware on Win 7, Win 8.1 computers]

Reply | Quote

Replies

Christ, i hope it’s not infecting domain PCs. I provide admin support for a charity with 38 machines on a domain and if 10 starts downloading in the background our internet is gonna be crippled. Not to mention people messing about with the update icon – only one machine had KB3035583 installed so far. I’ve done things to head this off like turn off recommended updates and run the gwx control panel to disable upgrades on every PC but a whole bunch of updates i’d rather have not been installed get rolled out automatically.

Microsoft, you have gone utterly insane.

Reply | Quote

For Windows 7 SP1

Search and destroy.
KB3035583
KB3021917
KB2952664
KB3046480
KB3022345
KB3068708
KB3075249
KB3080149
KB3012973
KB3090045
KB2990214
KB3050265 Replaced KB2990214
KB3065987 Replaced KB3050265
KB3075851 Replaced KB3065987
KB3083324
KB3083710 Replaced KB3083324

Reply | Quote

@Bobo –

good list, seems to include both the GWX and the “snooping” patches.

Question: If you install, then remove, then block all of these updates, does Windows still send info out via “Diagnostics and Telemetry tracking service”?

Reply | Quote

@woody

I did not specify what each of those are, doesn’t make a difference. They are all related to Windows 10 and must go. You will have to take my word for it, pretty lame I know.. But this is how I roll.
KB3075249 and KB3080149 are the telemetry ones, if removing them fails to remove the diagnostic tracking service they brought along, one can always remove a windows service manually. Like so: http://www.howtogeek.com/howto/windows-vista/how-to-delete-a-windows-service-in-vista-or-xp/
Personally I never installed any of those updates so I can’t say what a system looks like after it has been soiled by them. I have been searching and blocking Windows 10 related patches for something like 9-10 months now, probably longer, so I would recommend a system restore point waaaaaaaaaaay back even if it means reinstalling software. Being force-fed what is essentially spyware is just outrageous.

Reply | Quote

@woody

Oh and one should stop the diagnostic tracking service manually before uninstalling the updates.

Reply | Quote

I, too, am not a professional computer developer but am trying to keep up with the insidious Microsoft updates. Can someone please post a list of updates (so far) for 8.1 that should be removed? Also, is it safe to download and install any update that says “security” or “cumulative security”? Thanks.

Reply | Quote

@Teresa –

That’s why I set up the MS-DEFCON system. Hang tight until we get to an MS-DEFCON 3, 4 or 5. Then I’ll have specific instructions on what to patch and when.

In the interim, download and run GWX Control Panel. http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html

Reply | Quote

That’s what we need, an updated list of these wretched things to avoid. I see https://fix10.isleaked.com is back up but the win 7/8.1 page doesn’t appear to be up to date.

Reply | Quote

@Woody & @Bobo

thanks! pls keep up the good work
I did install and uninstall these KBs (stupid I know), seems that not sollicitated data trafic is to a minimum now,

greetings Biteater

Reply | Quote

Thanks for this vital information…including turning off the diagnostic tracking service.
I created a spreadsheet of ALL RECOMMENDED Updates since my system went live in 2010. There were 73 recommended updates. All but 4 updates listed @ Bobo were on my system.

How on earth am I to know which is truely necessary / critical update and which are piggy-backing Windows 10?

Reply | Quote

I thought I would write this in another place here on Woodys so it doesn’t get missed. I have Win 8.1 and right now have no intention of getting 10. I have installed the GWX program and looked two days ago and all appears fine. I didn’t mess with the registry. I update on my own. I see that the KB3035583 I installed in July but I only install when Woody or Susan Bradley say so. So, I don’t know what happened on that one. How does one uninstall an update like that and are there any repurcussions from Microsoft for doing so??? If there is a link for uninstalling would be great or an explanation. Thanks. I am now checking some of the other KB’s listed. I have 15 updates now waiting to be installed including 5583 and 3710 sitting there. Thanks.
Pat

Reply | Quote

So far I’ve managed to keep any Windows 10 stuff off my Windows 7 computers but I’d be grateful for clarity on update KB3065987, as mentioned in Bobo’s very good list.

My understanding is that KB3065987 enables Group Policy Object to disable OS upgrades via WU. I’ve certainly done it that way but not entirely sure it was this update that allowed me to!

Reply | Quote

@Pat –

Nobody really knows the consequences of uninstalling many of these updates. They’re very poorly described. However, given the huge number of people who have uninstalled 3035583, and the lack of screams from their direction, I’m reasonably sure that you can terminate with extreme prejudice.

Reply | Quote

@K2 –

Helluva good question. If I can ever figure out something definitive, I’ll publish it — but I’m very wary, for exactly the reason you mention.

Reply | Quote

@ Woody

With respect, your own post on InfoWorld,
http://www.infoworld.com/article/2993835/microsoft-windows/check-that-your-windows-10-upgrade-block-settings-are-still-in-force.html?nsdr=true
says
If you’re using Group Policy, follow the directions in Microsoft’s KB 3080351 to “Turn off the upgrade to the latest version of Windows through Windows Update.”
Microsoft’s KB3080351 specifically states

Group Policy
Microsoft has released new updates to enable you to block upgrades to Windows 10 through Windows Update. These updates install a new Group Policy Object. Computers that have this Group Policy Object enabled will never detect, download, or install an upgrade to the latest version of Windows.

It then goes on to state that that the relevant updates are
3065987 Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015
3065988 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015

I appreciate your point that Windows Updates are very poorly described, but in this particular case, via your own link to KB3080351, it seems to be well described. I am not about to “terminate with extreme prejudice” KB3065987 and find my Group Policy setting is negated. Yes, I know I could do it via a Registry edit, or with the great GWX_control_panel.exe which I have used several times on Windows 7 Home computers. I don’t like Microsoft’s trangressions any more than anyone else does, but I do believe in credit where it’s due.

I do believe Microsoft has shot itself in the foot with Windows 10. I have it on one computer because I need to be able to support it, and it has progressed from awful on initial release, via several updates, to generally tolerable now. But I would never want it for my personal computing. Having played around with Linux distros for years, Windows 10 has finally convinced me to install & use Linux. For the moment, dual-boots with Win7… but when Win7 support runs out, it will be permanent.

Reply | Quote

@Pat KB3065987 yea.. It’s an update to the Windows Update client and also includes Wu.upgrade.ps.dll and Winsetupui.dll and godknowswhat.dll, and only “works” on systems with group policy editor (Pro and Ultimate). Personally I don’t touch it, for the sole reason that Microsoft are on a mission to invade all computers with Windows 10 and have zero interest in showing people how to stop them. I trust a used car salesman more than that update. If there was one ounce of decency in Redmond they would release one simple update for every version of Windows 7 and 8 that would 100% block any upgrade to Windows 10. Then again, such an update would also have to erase all the previous ones they planted, as well as ignore the future ones that are sneaky plumbing for Windows 10. I don’t see this ever happening, but it’s nice to dream. Amazing how a company is completely oblivious to the fact that the whole planet does NOT like their new offering and that what they are doing is alienating their old userbase, in many cases turning them to mac and linux people. The amount of very nice Linux distros nowadays is impressive, I am waiting for SolusOS that will be released any day now. A few of my older computers need a new good OS, Windows 10 is not it.

Reply | Quote

@Pat –

Yep, but many people don’t have Group Policy and, among those who do, the percentage who know how to use it is not very high.

Uninstalling 3065987 will not negate your Group Policy setting. However, turning it off in Group Policy will insure that, if Microsoft re-releases it, the patch will not be installed on that machine.

Reply | Quote

Is it really wise to block telemetry for an individual user of Windows 7 who does not have the resources of an IT department ?

Microsoft says this on a Technet article about adjusting or stopping telemetry in Windows 10 :

“If your organization relies on Windows Update for updates, you shouldn’t use the Security level [lowest]. Because no Windows Update information is gathered at this level, Microsoft can’t tell whether an update successfully installed.”

http://blogs.technet.com/b/netro/archive/2015/09/09/windows-7-windows-8-and-windows-10-telemetrie-updates-diagnostic-tracking.aspx

I have blocked a certain number of telemetry updates on my W7 system. Just a few hours ago, it insisted I should download several security updates… that Control Panel said were already installed.

It also warned me about several “missing” updates which had been published a long time ago, up to 2014…

I understand the urge, with Microsoft, to shoot first and ask questions later, but shouldn’t we just block the infamous KB 3035583, which I understand is the Windows 10, ahem, malware itself ?

Updates need to be working correctly.

Reply | Quote

@Bobo

RE: For Windows 7 SP1 Search and destroy.

Is this the complete and updated list to date?
Im literally searching and will manually delete them from regedit but i want to be sure ITS CLEAN and … stop it from giving me the sh*ts. (p/s backup regedit and do not try unless if you want to risk blue screen like me)

Thanks man great stuff. If there are more KB you thinks is unfriendly MS-‘spying’-related pls let us know.

On top of your list, the canadian tech has 3 more
KB3022345
KB3068708
KB2977759

All I have manually removed from regedit and somehow the system just runs blazing fast…. imaginary?! 😀

Anyway also disable from group policy
remove everything that has gwx
turn off WU
manually block gwx and everything I dont use/know on firewall
maybe sandbox could be helpful?

anything else I can do to keep my privacy (other than changing OS which I will do in very very near future if this crapware persist)? anyone?

If Karma’s a b*tch, somebody is begging for a big payday on this side, if not definitely on the other side.

Thank you all for sharing your experience and solution. Thanks Woody for the website. privacytools.io has alot of good ideas too.

Reply | Quote

@Nd60 “On top of your list, the canadian tech has 3 more” 2 of those ARE in my list and the third one is for Windows 7 RTM, not SP1. My list is up to date, if it’s COMPLETE..I doubt it, because I have not been chasing bad 10 patches for YEARS. I’m sure some old update slipped through the cracks at some point. My view is that if one stays away from the updates I have mentioned, AND does not blindly install every future update, there’s no need for third party software and such. Those things do the exact same things I do manually, so yeah I suppose it’s convenient for some. That being said, you do not know exactly which updates third party software remove and what else they do. Also it must be mentioned that third party Windows 10 blocker/removal programs are potentially VERY lucrative new ground for malware makers now, expect them to explode in numbers very soon. I’ve seen a few already, some even costs money. SURELY it must be effective and the best if it’s not free and has the word PRO in it? So, no offense to the legit program makers, be smart and remove the updates yourself. It’s a bit of a hassle yes, but at least you know what you did. It was also very easy for Microsoft to render some of those programs useless just like that too.

Reply | Quote

There is one update I can’t prove is directly related to Windows 10, so it didn’t make it on my list. KB3064209 “Intel CPU microcode update” includes Mcupdate_genuineintel.dll, reports of Windows not booting after that one have surfaced. Up to you to decide if you need it or not. I do not.

Reply | Quote

I run Win7 32 bit under Bootcamp on two older Macs. Due to the restrictions of Bootcamp and my hardware, I can’t upgrade to Windows 8 or 10, but as the software I’m using is supported for 7, I’m okay with that.

I started seeing the Nagware back in August, but it came to a head this month, so I did some searching and came across Bobo’s post above, and promptly uninstalled any of the updates from that list that I found on my system. I have always set my Update policy to “notify but do not download”.

Since doing that, I have fallen into the endless cycle of being told to download the Malicious Software Removal Tool for October 2015, going for it, only to find that the next time I check manually, or let my weekly notifications pop-up, it’s back in the list of “Important Updates”. Most recently, I decided to download it one more time, which it did and ran the scan, whereupon Windows Update immediately notified me to download it once again.

I’ve looked online for a solution, but there seems to be none – at least as far as I can find. Can you suggest a solution?

Reply | Quote

@Frank –

If you have Windows Update set to “Notify but don’t download,” Windows will go ahead and download the Malicious Software Removal Tool anyway.

Believe it or not, that’s a good thing. You don’t need to do anything, it happens automatically.

Reply | Quote

Now you can add KB3102810 to the list of offenders. “Fixes 100 percent of CPU usage when you upgrade a Windows Update client to Windows 10” This morning it was found as an optional update, I’m pretty sure it gets elevated to recommended or important in notime. I should have mentioned before that they keep bouncing between optional and critically important at any given day, no two systems get identical results. Also, just because you found one in the list and hid it doesn’t mean that was now one less thing to worry about, oh nooo. They re-release the same ones over and over and over until you’ve had enough and drive to the mac store.

Reply | Quote

Today one of my laptops loud fan blew the whistle on Microsoft, the fan is usually not that loud but now it was a 747 at takeoff. Task manager revealed TrustedInstaller was blasting away on the CPU. In the services list I noticed both Windows Modules Installer and Windows Update were running, both set to manual before. Hmmm… Checked Task Scheduler and realised that all my adjustments I have made in the past concerning CEIP were tampered with. All of them read deactivated yes, but their event triggers were all activated again. So I am now in overkill-mode on all my computers: All affected tasks (and then some..) are now OBLITERATED and BITS, Windows Modules Installer and Windows Update services are disabled. So updating is all VERY manual for me from now on, feels pretty good actually. Peace of mind most of the month. Don’t mess with my computers Redmond, I will cut you.

Reply | Quote

@Bobo –

Lemme see if I understand this.

You upgraded from Win10 RTM to Win10 v 1511?

You go into Task Manager, click on the Services tab, at the bottom choose Open Services.

You had previously manually set to “Disabled” these events:

Windows Module Installer (TrustedInstaller)
Windows Update Services (wuauserv)

But now they’re showing up as Automatic? Manual?

Any other services that you manually turned off, that were flipped back on by the v 1511 upgrade?

Thanks!

Reply | Quote

Sorry should have mentioned I am on Windows 7. I said nothing about services being altered, I said they were set to manual and Windows Update + Module Installer services were running without me touching Windows Update at all. That’s why I decided to deactivate BITS (background intelligence transfer) and those other 2, so I know when they are running. But what on earth has gone and altered my settings in Task Scheduler is beyond me.

Reply | Quote

@Bobo –

AHA! I was worried that the upgrade to v 1511 had actually reached into your registry and changed settings. I’ve seen several complaints online about that.

If you’re upgrading from Win7 to Win10, you should expect that the installer will change settings for those services. They operate quite differently in Win10. Changing the Services to run as “Automatic” likely changed Task Scheduler as well.

Reply | Quote

It will be a cold day in Hell the day I become a Windows 10 user. But yeah, some new update definitely decided that my “never look for updates” and services set to manual is just a little bump in the road and should not be respected in any way. So that’s why I now shut them all down and went to Defcon umpteen: Trust no one ever again. Windows 7 feels like a cheating girlfriend now.

Reply | Quote

@Bobo –

Yep. That’s basically the reaction I had when I found that MS was force-feeding GWX. I still can’t believe the chutzpah.

Reply | Quote

@Frank Lockwood

I noticed the same malicious software removal tool-thingy on one of my laptops. I think I found the culprit. KB3080446 (october) installed Explorerframe.dll and Shell32.dll version 6.1.7601.23155 on that particular laptop for some reason. I checked my other computers that behave normally and they all got version 6.1.7601.18952 installed. Before I knew of that I fixed the issue by downloading the malicious software removal tool manually, extracted it with 7-zip and replaced MRT.exe in system32 with the one I just downloaded.

Reply | Quote

KB3112343 added to the “block on Windows 7 SP1” list. “Improvements to the Windows Update Client making it a bit smoother to upgrade to Windows 10”. No thanks.

Reply | Quote

So today KB2952664 reappeared again, and it brought an equally unwanted friend with it this time around: KB3135445. That one is yet another update to the Windows Update Client, more plumbing for Windows 10.

Reply | Quote

Useless patch number 9000 just showed up: KB3123862. Adds capabilities to some computers that lets users easily learn about Windows 10 or start an upgrade to Windows 10.

Reply | Quote

I still don’t know what the %$##@! that patch does. Will start looking at it again in the morning.

Reply | Quote

So, first finding on March Patch Tuesday. The update to IE KB3139929 includes a surprise, KB3146449. Adds functionality to Internet Explorer 11 to start an upgrade to Windows 10. Geee thanks. After installing, run command prompt as admin, insert: wusa /uninstall /kb:3146449 /norestart
This is just the first observation about this little piggy, will search what else it did.. But yeah, it’s now unwise to update Internet Explorer, no matter how CRITICAL they say the fixes are. I am speechless, how low can Redmond sink..

Reply | Quote

https://support.microsoft.com/sv-se/kb/3146449

Reply | Quote

Good find. The KB3139929 article still has a faulty link to KB3146449.

All the KBs now are read ahead of install. CSUs being the current prime suspects. KB3139929 will not be installed on my machines.

How low can they go? Depends on what “is” is … or what “security” is.

Reply | Quote

This is awesome. Thanks for the info.

Reply | Quote

Just an FYI: Grab the GWX Control Panel Update!!

Version: 1.7.4.0
Date: March 30, 2016
Platform: PC 32/64

http://ultimateoutsider.com/downloads/

I had the January one. I think? I read to do a fresh install. So I removed the last version & put in the above – I didn’t install the above “On Top” ??

anyone know for sure?

Reply | Quote

Josh is saying there’s no reason to uninstall the old version – the new one goes over the top, no problem.

Reply | Quote

Just now downloaded 1.7.4.1

http://blog.ultimateoutsider.com/2016/03/gwx-control-panel-release-notes-and.html

Smooth, fast download.
Thanks Josh.

PP

Reply | Quote