In search of a post-patchocalypse block list

Topic

New Reply

Those of you with “bad” patch lists…. I’m trying to pull together an up-to-date list of “bad” patches, where you get to define “bad.” I’m particular
[See the full post at: In search of a post-patchocalypse block list]

Reply | Quote

Replies

Telemetry related updates I avoid:
KB3022345
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/en-us/kb/3022345
“This update has been replaced by the latest update for customer experience and diagnostic telemetry that was first released on June 2, 2015. To get the update, see 3080149 Update for customer experience and diagnostic telemetry.”

KB3068708
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/en-us/kb/3068708
“This package updates the Diagnostic and Telemetry service on existing devices.”

KB3075249
Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
https://support.microsoft.com/en-us/kb/3075249
“This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels.”

KB3080149
Update for customer experience and diagnostic telemetry
https://support.microsoft.com/en-us/kb/3080149
“This package updates the Diagnostic and Telemetry service on existing devices.”

KB3081954
Update for Work Folders improvements in Windows 7 SP1
https://support.microsoft.com/en-us/kb/3081954
“This update ensures that users are able to continue using Work Folders after they upgrade from Windows 7 SP1 to Windows 10. This update adds telemetry data points to Work Folders for Asimov telemetry pipeline in Windows 7 Service Pack 1 (SP1).”

Reply | Quote

KB2952664 has raised its head since GWX
KB3150513 compatibility/telemetry (I think it requires KB2952664)

Reply | Quote

I am still waiting for you to give the go-ahead for the two optional updates for Windows 8.1 –
the GWX killer and the September roll-up for Windows 8.1. I don’t know if I need the GWX killer because I hid most, if not all of the GWX updates. Do you think that I should install it just in case? I say this because usually you advise not to install optional updates.

Reply | Quote

KB2952664 / KB2976978 / KB3150513
Performs and collect compatibility appraiser logs in order to ease the upgrade experience to Windows 10

KB3068708 / KB3080149
Adds the Diagnostics Tracking Service (Unified Telemetry Client), which collects data about functional issues in Windows

KB3021917
Performs diagnostics to determine whether performance issues may be encountered if Windows 10 is installed.

—
and the known Windows Update Client updates that facilitate the upgrade
but the upgrade is already gone, so they are regular WUClient updates 🙂

Reply | Quote

Windows 7 x64

I’ve watched this pretty closely for a long time now – it has almost become a weird sort of hobby 🙂 For me, it’s not just the patches I avoid, but also the other measures I have in place to preserve my privacy. I really don’t think it’s enough now just to avoid the rogue patches – the beast has got too big.

On my hidden updates list there are just four patches:
kb2952664
kb3021917
kb3068708
kb3080149

Everything else I take: optional, recommended, the lot. This might seem barmy, but there have been some very wise comments both here and elsewhere referring to the interdependence of patches and other software and devices that might be in use on any given pc. In other words, I don’t go looking for trouble, but I don’t want it to find me either. As much as I may not like it, I figure that m$ will be working from a minimum baseline of installed patches. I don’t know what that baseline is, so to my mind, best not to fall below it.

However, I have taken some other measures. I always use local accounts and never sign into m$ or google. In addition and for other reasons as well, I use Spybot Anti-Beacon and Malwarebytes Anti-Exploit Free. Further, the CEIP is all turned off, I never ‘check for solutions’, I’m ‘never check for updates’, have the firewall set to block everything incoming including on the allowed list, have disabled a number of tasks and services and keep IE11 & WMP locked down – all the predictable stuff really that anyone with a bit of time can find out about.

Reply | Quote

I wonder if we’ll get a new WU client patch in October….

Reply | Quote

I’m looking at the situation, and will probably have an update this weekend.

In the interim, there’s absolutely nothing you need to install.

Reply | Quote

OK, fellas..I have the following patches waiting to be installed in my Win7 and I would appreciate any recommendations.
KB3182373
KB3185319
KB3175024
KB3177186
KB3184122
KB3185911
KB3182203
890830

KB3179930
KB3181977
KB3184143
KB3185278

Any advice will be appreciated.

Reply | Quote

Wait. We’re still at MS-DEFCON 2. There’s nothing you need to install right now.

Reply | Quote

Thanks, Woody.

Reply | Quote

I doubt we will
the June’s one still proved solid 🙂

Reply | Quote

Hi Woody, I was hoping that there’d be a list of bad updates for 8.1 before Friday afternoon because I haven’t been able to update since January 2016 due to no internet. The change in updating method, ie. cumulatively, has really put me in a bad situation and I can no longer wait as I had planned. As the new system starts October 1st on Saturday!!, I’m really worried about screwing it up by having to do it rapidly. I definitely am a group B person and have learned to hate MS with a passion. Thanks for all you do and your books have been very helpful in the past.

Reply | Quote

The new system doesn’t start on October 1. At best (worst), it’ll roll out slowly starting October 11, Patch Tuesday.

Reply | Quote

Here with Windows 7 I’ve followed the list hereafter linked. I had only 4 in the list installed, I removed them as well, so I’m now syncro concerning Windows 7 non-installed patches :

https://github.com/Zelmor/win7sans

No advice yo do as me, it works fine here and I proceeded as always with caution but it may be problematic on other configurations since as I understand it some patches are linked among them… anyway with the above not one problem. I had been given a favorable advice for the above list and looks like the advice worked out fine here.

Reply | Quote

@Simpson,
If I were the easily-embarrassed sort, I wouldn’t write this post,
and I do apologize to Woody for my inserting a personal comment (or two),
but I wanted to get in touch with you at your email address that you gave out on AskWoody a few months ago, but it does not seem to be an active email account now.
Are you still at that address?

Reply | Quote

Thanks, Woody.

Reply | Quote

I am wondering how many of those who are so concerned about the telemetry patches really understand what telemetry does in the first place.
At the same time many of the concerned readers potentially give away all their information to antivirus companies while not being aware at all how much unrestricted access an antivirus product has on a machine when compared let’s say with Windows Update or the telemetry patches.

Reply | Quote

Simpson,

Thanks for the link to the list. (And I thought I had a long list.) This will be helpful as I’m about to try a clean install of windows 7 HP SP1. I’m hoping all will go well.

Dave

Reply | Quote

The only patch which may proactively be avoided is indeed KB2952664 which appears not to interact in any way with useful patches. The second one, KB3150513 needs KB2952664.
And the reason to avoid KB2952664 is not telemetry, but its former association with Windows 10 Upgrade if this matters any more.
For simplicity, I think even those 2 patches can be installed without worrying too much.

Reply | Quote

If anybody is so concerned and that they need to avoid patches, I recommend following abbodi86’s list.
I personally don’t avoid any patches at this stage.

Reply | Quote

Balanced approach and a consistent list with the one which I have already endorsed for those concerned over the privacy issues.

Reply | Quote

+1 Yep… KB3150513 doesn’t show up unless KB2952664 has been installed

Reply | Quote

Nick, PKCano and abbodi86 put together great lists. There are 3 more from my list of “Telemetry” updates:

KB2977759
— Compatibility update for Windows 7 RTM
https://support.microsoft.com/en-us/kb/2977759
“This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.”

KB3046480
— Update helps to determine whether to migrate the .NET Framework 1.1 when you upgrade Windows 8.1 or Windows 7
https://support.microsoft.com/en-us/kb/3046480
“This article describes an update that has effect when you upgrade Windows 8.1 or Windows 7 to a later version of Windows”

The 3rd one has been superseded and is no longer relevant, but is still in the Catalog:

KB3139929
— Security update for Internet Explorer: March 8, 2016
https://support.microsoft.com/en-us/kb/3139929
Contains “3146449 Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7”

There is another group of patches that I once considered “bad” — actually they’re just annoying — because they introduced the “z-order bug” (which I learned about from your article http://www.infoworld.com/article/2607451/microsoft-windows/microsoft-ships-replacement-patch-kb-2993651-with-two-known-bugs.html)

KB2965768 / KB2970228 / KB2973201 / KB2975719 / KB2982791 / KB2993651

Reply | Quote

@Woody:

I had an update listed on the Optionals as KB3177467, and now it’s disappeared, although ESET is showing it in its list. I think it came in after 9-13-16, but didn’t annotate it.

I can’t locate it on your website, using the “find”, although I think it’s been referenced in the past because I had a note that someone had made about “be sure to reboot” after installed, and that was dated 9-21-16.

Do you have any information on this Optional update?

I also have two hidden updates which are listed as “Important”, and they are:

KB 3011780

KB 3139398

Anything on either one of those as being “bad”?? I hope someone has some information on these. Thank you for any information you have on these.

Reply | Quote

@Poohsticks, I don’t remember having published an email of mine here, I never publish email addresses… except the hidden one which is associated here with my pseudonym, and that hidden address is not the same indeed, but I never published it as I said …

If you wish to contact me, here’s a DEA I’ll keep valid until you contact me or until I’d get spammed (so please hurry!) :

fox_luhnfrusutct@ProxyMail.eu

@Woody, thanks. I take full responsibility 🙂

Reply | Quote

It’s one of the September patches. Wait.

Reply | Quote

True. The same could/should be said for web browsers. Search engines. Even ISPs.

Reply | Quote

@Woody:

I can’t locate the “post” I just sent with questions about 3 KB’s.

I found one of them with an annotation that it was best to leave it alone as it did not apply to me. That one was KB3011780 (one of the Important ones I listed).

Thank you for any information you may have on the other two, and apologies for listing one I already on a note on.

Reply | Quote

For Windows 7, the Simplix Update Pack page has a list of 16 undesirable and excluded updates as of September 17, 2016.

https://translate.google.com/translate?depth=1&ie=UTF8&nv=1&rurl=translate.google.com&sl=ru&tl=en&u=http://update7.simplix.info/

I unhid all my hidden updates, and the only pre-September 13 updates I have from the Simplix list are:
KB2952664
KB3021917
KB3068708
KB3080149

Also, while it’s not on their undesirable list, Simplix also does not include in their update pack:
KB3133977 [BitLocker update, causing boot failure on ASUS motherboards]

Also, of updates dated September 13, Simplix excludes
KB3172605 (Update adds a point telemetry consent.exe file) [July Rollup],
but includes in the update pack
KB3179573 [August Rollup].

Reply | Quote

@David, the list above hasn’t lead here as I said to any problems. As many of us finding a right list, maybe not exhaustive but at least not out of the scope is not obvious. And that list is dated end of July 2016 so any other useless patch installed after that won’t be included (I haven’t patched anything since July’s Patch Tuesday).

Anyway, until we get in the new WinUpdate scheme in October (if we do, and if we do in “Group A”) adding back a removed patch is not a problem. But not sure if old patches will be made available after October …

Good Luck for a brand new Windows 7 🙂

Reply | Quote

Absolutely, ISPs in the first place.
My point was that software like antivirus and backup have unrestricted privileges, beyond those granted even to the default system administrator, the so called “first” administrator. This is necessary for the specific software to perform its job, however with those privileges it can do much more. It is all a matter of trust between the customer and that vendor. Like with the ISP, or the Operating System vendor.

Reply | Quote

My ba (big-ass) list.
List & HIDDEN:

KB971033 DO NOT RE_INSTALL!! re hid 8/15, 8-25
KB2505438
KB2670838
KB2922324
KB2952664 re-hidden 1/14/2016, 2/6/16, 3/21, 8/15, 8-25
KB2976978
KB2977759
KB2990214
KB3014460
KB3015249
KB3021917 hidden, 8/15, 8-25-16
KB3022345
KB3035583 re-hidden 2/27/16
KB3044374
KB3050265
KB3161102 h
KB3065987
KB3068708 telemetry & again, 8/15, 8-25
KB3075249 hidden
KB3075851
KB3080149 telemetry & again, 8/15, 8-25
KB3083711
KB3101488
kb3102429 h, 8-25-16
kb3121255 h
KB3123862 hidden
KB3135445 hidden
KB3139929
KB3146449
kb3161102 h
kb3170735 h
kb3177725 h printing bug

Reply | Quote

And internet entities such as Facebook and Google that have their fingers in every pie, watching and recording what even non-members do all over the internet, on many, many websites.

And email providers like Gmail and Hotmail and Yahoo which “scan” all email contents and try to “serve” ads based on what is discussed in the emails, keeping records against one’s name of who knows what.

And governments, one’s own and foreign, who have many ways to watch and record what people do.

And law enforcement.

And friends/relatives/enemies known to one personally, who have a lot of inexpensive, sophisticated tracking and recording equipment and technologies at their disposal nowadays.

And wifi hotspots and other public and private wireless spots and technology that can grab what’s on phones in the same area, what’s being written/said, what’s on people’s credit cards and passports (smartchip ones at least).

And landline and mobile phone companies who are capable of listening, recording, and storing phone calls and text messages.

And people who can hack into others’ home routers to spy on the traffic, which apparently is pretty do-able with a lot of them.

And all the cameras everywhere, everywhere. CCTV in public spaces, police body cams, car dashboard cams, hotel room cams, rented apartment cams, cams hidden in a private home’s bedroom alarm clock, vcr, smoke alarm, etc., baby/nanny/cleaner monitoring cams, those weird cam-glasses that fortunately aren’t as popular as they might have been, everyone’s cell phones, the Streetview cams, cams in retail stores and dressing rooms….

Plus microphones, bugs. There are microphones disguised as many other objects, such as electrical outlets/plugs – I think Assange in the Venezuelan Embassy found some of those in his meeting room there.

And the GPS and cell tower location tracking that can be done via portable electronic devices carried on the person, even if they are turned off.

And our medical records, credit history records, banking records, credit card purchase records, store loyalty card histories, transportation company records of our movements (from a city’s subway touchless payment card to international airlines).

Reply | Quote

The core questions I ask myself are, “Should I trust Microsoft?” and “Why are they collecting this data in a way that’s not audit-able (pinned encryption certificates), unstoppable (firewall back-doors), and why are things like the thumbnail database being accessed by ‘system’?”

It all makes me uncomfortable to the point where I used to give them the benefit of the doubt, now I don’t. And trying to effectively block telemetry has only reinforced my concerns.

Ask yourself, do you really think Microsoft was “giving away” Windows 10 for “free”?

Reply | Quote

Has anyone actually verified that removal of a certain set of patches properly silences telemetry & other unauthorized network traffic?

I’d like to define the highest patch level I can while silencing telemetry.

Reply | Quote

I de-installed KB2952664 a while ago because I found out that it was generating
a lot of disk activity in “C:Program Files” about once a day. Presumably it
was looking to see which installed programs might be incompatible with Win10.
So I consider KB2952664 to be “Bad” because of this wasteful disk activity.
KB2952664 is Win7 only – presumably its Win8 sister KB2976978 is also “Bad”.

Reply | Quote

That seems to be the Holy Grail at this point….

Reply | Quote

This is one of the best most complete I have found. http://forums.overclockers.com.au/showthread/?t=1184733 I copied the DO NOT INSTALL below. If you go to the site, it has more categories (Good/safe, optional, etc.) with descriptions. He also updates it every time a patch is released. I have other lists for various other sources, but I have cleaned it up yet

WINDOWS 7 TELEMETRY & WINDOWS 10 PREPARATION. DO NOT INSTALL/NOT NEEDED.

KB2882822 – Update adds ITraceRelogger interface support.
KB2952664 – Compatibility update for upgrading Windows 7 = Windows 7 nagware patch that touts the Windows 10 upgrade.
KB2990214 – Update that enables you to upgrade from Windows 7 to a later version of Windows.
KB3021917 – Update to Windows 7 SP1 for performance improvements (telemetry)
KB3035583 – GWX update installs Get Windows 10 app.
KB3050265 – Windows Update Client for Windows 7: June 2015 = WU service updated to accept upgrade to W10 + other fixes
KB3065987 – Windows 10 upgrade for Windows 7.
KB3068708 – Update for customer experience and diagnostic telemetry.
KB3075249 – Update that adds telemetry points to consent.exe in Windows 7.
KB3075851 – Windows 10 upgrade for Windows 7.
KB3080149 – Update for customer experience and diagnostic telemetry
KB3083324 – Windows 10 preparation.
KB3083710 – Windows 10 preparation.
KB3102810 – Fixes an issue regarding long wait while searching for Windows Updates but also has Windows 10 upgrade preparation for Windows 7.
KB3112343 – Windows 10 Upgrade for Windows 7.
KB3118401 – Allows Windows 10 dependant Universal Runtime apps to run on earlier versions of Windows.
KB3123862 – Updated capabilities to upgrade Windows 7
KB3135445 – Windows Update Client in Windows 7. Windows 10 preparation.
KB3138612 – Windows Update Client in Windows 7. Windows 10 preparation.
KB3173040 – Windows 10 end of free upgrade offer notification for Windows 7.

Reply | Quote

I have seen these reappear since the end of GWX after unhiding all updates, checking “Give me recommended” and doing a search. Add to my list:

Win7
1. KB2952664 Compatibility. This update helps Microsoft make improvements to the current operating system i order to ease the upgrade experience to the latest version of Windows.
2. KB3150513 – requires KB2952664. More of the same.
3. KB3021917 Performs diagnostics, telemetry
4. KB3068708 CEIP
5. KB3080149 update CEIP and diagnostic telemetry (its companion KB3075249 seems to have disappeared)

Win8.1
1. KB2976978 Win8 equivalent to KB2952664
2. 3044374 enables upgrade. equivalent to Win7 KB2990214
3. KB3068708 CEIP
4. KB3080149 update CEIP and diagnostic telemetry
5. 3140185 Anytime Upgrade

Reply | Quote

I haven’t tried this yet (I am about to install it), but I have been told this can give you peace of mind:

https://www.safer-networking.org/spybot-anti-beacon/

Reply | Quote

Not that short and sweet, but here’s what I’ve got. Last updated previous to the ‘end’ of the Get Digital Herpes … erm, I mean Windows 10 campaign – but left as-is because last week I did a full reformat to have a ‘clean’ system before MS goes all Win10 on Win7’s update approach – and was still getting a few (though not all) of the Win10 ‘upgrade prep’ patches in the mix:

KB971033 (Windows “Anti-Piracy” patch … can cause issues with legitimate copies)
KB2505438 (Although it claims to fix performance issues, it often breaks fonts)
KB2670838 (This update often breaks AERO on Windows 7 and makes some fonts on websites fuzzy. A Windows 7 specific update only, do not install IE10 or 11 otherwise it will be bundled with them, IE9 is the max version you should install to avoid this.
KB2952664 (Windows 10 upgrade preparation)
KB2976978 (Windows 10 upgrade preparation)
KB2977759 (Windows 10 upgrade preparation)
KB2990214 (Windows 10 upgrade preparation)
KB3021917 (Windows 10 upgrade preparation + Telemetry)
KB3022345 (Telemetry)
KB3035583 (Windows 10 upgrade preparation)
KB3050265 (Windows 10 upgrade preparation)
KB3065987 (Windows 10 upgrade preparation)
KB3068708 (Telemetry)
KB3075249 (Telemetry)
KB3075851 (Windows 10 upgrade preparation)
KB3080149 (Telemetry)
KB3081954 (Telemetry)
KB3083324 (Windows 10 upgrade preparation)
KB3083710 (Windows 10 upgrade preparation)
KB3090045 (Windows 10 upgrade preparation)
KB3102810 (Windows 10 upgrade preparation)
KB3112343 (Windows 10 upgrade preparation)
KB3123862 (Windows 10 upgrade preparation)
KB3125574 (Rollup package including multiple ‘updates to avoid’)
KB3135445 (Windows 10 upgrade preparation)
KB3139929 (if possible, to avoid KB3146449 – Windows 10 upgrade preparation)
KB3150513 (Windows 10 upgrade preparation)
KB3163589 (Windows 10 upgrade preparation)
KB3173040 (Windows 10 upgrade preparation)

YMMV. An update or two noted are likely ‘necessary evils’ for most (IE11 patching, etc.)

Reply | Quote

As seen on Windows 7 x64 Ultimate:

KB2952664
KB3021917
KB3068708
KB3080149
KB3184143
KB971033

This is what MS still sends. I have a more comprehensive list, although MS is not sending them anymore, here it is (it contains all the telemetry and W10 related ones; contains older, replaced patches too)
get-hotfix -id KB971033,KB2902907,KB2922324,KB2952664,KB2976978,KB2977759,KB2990214,KB3012973,KB3014460,KB3015249,KB3021917,KB3022345,KB3035583,KB3044374,KB3050265,KB3050267,KB3065987,KB3068708,KB3072318,KB3075249,KB3075851,KB3075853,KB3080149,KB3123862,KB3150513,KB3139923,KB3081954,KB3184143

Actual PS command to check against them. I included the patch that removes the w10 updates too, since it’s unnecessary to have it installed imo.

Reply | Quote

I also noticed this article: https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/

In the portion below, it describes that the new monthly rollup system starting in October, the November roll up will include October and December roll up will include November and October. What I found interesting is that it says in the future (doesn’t say when), that they will eventually add past updates to the rollup (i.e. some of the telemetry updates that we have already blocked). So even if the first few rollups are harmless with no telemetry, eventually, they will include the old telemetry updates.

I love the comment at the end that they say they will document each addition so that IT know what has been added (they have been notoriously bad at describing what is in a patch).

Monthly Rollup

From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update. The Monthly Rollup will be published to Windows Update (WU), WSUS, SCCM, and the Microsoft Update Catalog. Each month’s rollup will supersede the previous month’s rollup, so there will always be only one update required for your Windows PCs to get current. i.e. a Monthly Rollup in October 2016 will include all updates for October, while November 2016 will include October and November updates, and so on. Devices that have this rollup installed from Windows Update or WSUS will utilize express packages, keeping the monthly download size small.

Over time, Windows will also proactively add patches to the Monthly Rollup that have been released in the past. Our goal is eventually to include all of the patches we have shipped in the past since the last baseline, so that the Monthly Rollup becomes fully cumulative and you need only to install the latest single rollup to be up to date. We encourage you to move to the Monthly Rollup model to improve reliability and quality of updating all versions of Windows.

We are planning to add these previously shipped patches over the next year and will document each addition so IT admins know which KBs have been included each month.

Reply | Quote

Silencing telemetry only require:
– disable DiagTrack service

– disable these schedule tasks:
“MicrosoftWindowsApplication ExperienceMicrosoft Compatibility Appraiser”
“MicrosoftWindowsApplication ExperienceProgramDataUpdater”
“MicrosoftWindowsApplication ExperienceAitAgent”

– deleting these registry keys:
reg delete “HKLMSYSTEMCurrentControlSetControlWMIAutoLoggerAutoLogger-Diagtrack-Listener” /f
reg delete “HKLMSYSTEMCurrentControlSetControlWMIAutoLoggerDiagtrack-Listener” /f
reg delete “HKLMSYSTEMCurrentControlSetControlWMIAutoLoggerCircular Kernel Context Logger” /f
reg delete “HKLMSYSTEMCurrentControlSetControlWMIAutoLoggerSQMLogger” /f

Reply | Quote

Which version of Windows?

Reply | Quote

See http://www.infoworld.com/article/3108405/microsoft-windows/microsoft-changes-win781-updates-pushes-even-harder-for-windows-10.html

Reply | Quote

Other tasks to disable – all versions

MicrosoftWindowsAutochkProxy
MicrosoftWindowsCustomer Experience Improvement ProgramConsolidator
MicrosoftWindowsCustomer Experience Improvement ProgramKernelCeipTask
MicrosoftWindowsCustomer Experience Improvement ProgramUsbCeip

Reply | Quote

Both Windows 7 & Windows 8.1, as they are the targeted dot this topic 🙂

Windows 10 is another story

Reply | Quote

Well, the new system is SUPPOSED to start Oct. 1, but:

I’ve been following your column, Woody, some time now, and I am more than interesting in savings my Windows 7 home edition 64 bit machine. I like your suggestion of waiting to install updates. There are 43 security updates waiting for me to install them, plus 18 unchecked optional ones. Two of the security updates are MSE, which used to be installed without asking me, but the two waiting will not install.

Three days ago I went to look at installed updates on my machine, looking for “bad” ones I might uninstall. None there. The next day I went to look again and found that Microsoft had decided to install 39 “security” updates, without asking me! I have “check for updates but don’t install” checked. Yesterday when I checked the install spot, 36 of those that had been installed were re-installed. The 43 waiting are still waiting.

Just wanted to let people know that this is happening. NOT happy about any of this. BUT, if Microsoft actually fixed updates that had errors (when it reinstalled the 36), I’m happy about that.

Reply | Quote

KB3156417 – two computers affected here, one had to be reloaded via image file. When installing updates one by one, KB3156417 immediately crashed computer. Symptoms: computer slows, followed by inability to boot.
After installation, KB3156417 no longer appears in updates.
Removed from all computers here!

Reply | Quote

If I may be so bold, for W7, there appears to be some clear winners – if we interpret ‘winners’ as culprits:

kb2952664
kb3021917
kb3068708
kb3080149

In addition, by avoiding these, you also don’t qualify for several other patches that follow on after them.

Would that be a fair interpretation?

Reply | Quote

– The scheduled tasks were already disabled;
– The second registry key didn’t exist;
– Deleted therefor 3 keys out of 4 ;
– The SQMLogger key only partially removed, two sub-keys being owned by TrustedInstaller : I took ownership, removed both and SQMLogger consequently.

Cold reboot. All is fine.

Yet, if I do understand the power of scheduled tasks I do less concerning the registry keys removal : once the scheduled tasks disabled those registry keys have no power, or do they?

Reply | Quote

@Woody,

Laptop W764 home premium.

Here is a list of my Windows Update hidden updates that I have accumulated over several months. I am not sure what it is that you are asking to get from your readers:

2952664
2970228
2999226
3021917
3040272
3054476
3068708
3080079
3102429
3107998
3118401
3121255
3133977
3137061
3138378
3138901
3140245
3147071
3161102
3170735
3172605
3179573

flavet

Reply | Quote

Thanks. Mostly I’m looking for a list of patches that Group B and Group W patchers should avoid. Not easy to narrow it down – and the patches are changing fast.

Reply | Quote

I did a clean install Win7 Home Premium SP1 a couple of weeks back as per ch100 (after the GWX hype went away). That’s with “Give me recommended” checked. The only patches that showed up during that install related to compatibility, telemetry, and CEIP were
KB2952664
KB3021917
KB3068708
KB3080149

Reply | Quote

Yep. That looks like the hard-core list.

Reply | Quote

The new model is already started with September 2016 update rollup
KB3185278/KB3185279 is the first Monthly Rollup Preview update

Reply | Quote

No, those registry keys are not affected the scheduled tasks
they define the “Data Collector Sets” sessions that are managed bt telemetry sevice DiagTrack
you can see them in Details in:
Computer Management > Performance > Data Collector Sets > Event Trace Sessions

beware, don’t attemp to disable or remove Eventlog sessions, specially Application/Security/System
they are critical for OS

Reply | Quote

Yep. MS actually did a good job slipstreaming in the change – most people wouldn’t even notice.

Reply | Quote

I’ve been noticing these “previews” now for the better part of a year (not necessarily rollups). They show up as unchecked optionals on the third Tues of the month and sit there until the Mon before the next month’s patch Tues. Then they disappear to show back up as checked important updates on patch Tues. We have been picking the “speedup patch” from among them. The only thing new is now MS is rolling them into one and acknowledging the name “preview.

Reply | Quote

The DiagTrack service, OK. I should have mentioned that accordingly to prerequisites above mentioned by you, abbodi86. The service had been disabled (or rather it wasn’t installed on my system).

Now : the DiagTrack service manages the ‘Data Collector Sets’ but once the DiagTrack service off, what’s the point of deleting the registry keys? … simple curiosity. Anyway, it’s done.

“beware, don’t attemp to disable or remove Eventlog sessions, specially Application/Security/System
they are critical for OS”

I won’t remove anything more, but thanks for pointing that out, and thanks for the insights on telemetry related registry keys.

Reply | Quote

That’s exactly what’s happening, I think.

Reply | Quote

Another example of rollups which have been happening for a while is the MSE or Defender definitions. At any point in time, there are only 5 current definitions, while all the older ones get expired.

Does anybody remember 2014 with the monthly CUs for Windows 2012 R1 and R2 and Windows 8 and 8.1?

https://blogs.technet.microsoft.com/chad/2015/01/21/current-windows-server-2012-r2-windows-8-8-1-update-rollups/

Reply | Quote

It is your machine and the state of its update, it is not occurring in the wild at the moment.
You might want to do a full WU reset by deleting the SoftwareDistribution folder and allow Windows update to clean the state of the so called CBS – Component Based Servicing on your machine.
The procedure was posted here few times and it is documented in many trusted places o the Internet.

Reply | Quote

Except that what was better suited as a preview (Optional), the MSE 4.10.205 update, was pushed as Important (Critical Update).
This is not acceptable for a buggy update.

Reply | Quote

The old patches are likely to be bundled in bigger rollups. This approach may be what we will see next
https://support.microsoft.com/en-au/kb/3125574

Reply | Quote

“AutoLogger” sounds great 🙂
Thanks abbodi 😀

Reply | Quote

I think if CEIP is disabled globally, those tasks are supposed to do nothing, even if they run as scheduled.
At least according to Microsoft and even if this is true, this can change at any time.
there is a reg key related to MSRT as well which needs to be set for those overly concerned.

Reply | Quote

You can add the previously mentioned KB3150513 which comes after KB2952664 and you likely have it complete.

Reply | Quote

OK, ch100, that’s what I feared. In other words better to be sure of no plan to re-install removed patches before October or otherwise download manually and archive all installers of patches you have or will remove by then. That’s how I see it, maybe within an excessively simple, basic logic.

Man, this Windows Update has become so tough since Spring 2015 and is about to become easier but sneakier starting October 2016 … the time spent over computer maintenance is amazing.

Reply | Quote

This has been fun. I resorted to accepting Security Updates only awhile back, but it’s interesting to see where threats are coming from.

Reply | Quote

Okay, I got it.

@Woody,
Thank you – if you wanted to delete this post and the above 2 also, that would be fine with me.

Reply | Quote

Can anyone tell me if uninstalling KB971033 causes any problems. I read the description as an update to WAT, and did uninstall it. So if I now run without it, any authentication issues?

Reply | Quote

No problems at all. Keep KB971033 not installed until a Microsoft page requires it, but I think it is deprecated now.

Reply | Quote

For the little story, I believe what had happened is that I must have copy/pasted my email address in place of my name on the post you mention several months ago. Discovering this mistake I will have deleted that email to replace it with a new one. Because I never deliberately publish an email address unless it be a Disposable Email Address …

This ends I believe this digression.

Reply | Quote

Those registry keys are added by the same UTC update KB3068708/KB3080149 (except Circular Kernel Context Logger)
i do not really know if these registry keys are affected by service state, or the service itself affected by them
but in either cases, removing them is better

Reply | Quote

I don’t think they will explicitly label them as preview rollup, just rollup or cumulative

Reply | Quote

That’s true for the default built-in CEIP
but with KB2952664/KB2976978 installed, CEIP state is not respected and they will run and report back to msft 🙂

Reply | Quote

And i always disable MSRT with this registry policy, i don’t need it at all 😀
reg add HKLMSOFTWAREPoliciesMicrosoftMRT /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f

Reply | Quote

OK, got it. Thanks again, abbodi86

Reply | Quote

They are not labelled as “preview”. It is only us trying to be smart and figuring out that whatever comes as Optional and it is a new release must be considered “preview”, until some time passes and if the Optional update is proved to be reliable, only then it can be treated as true Optional.
Optional means normally an update providing good features for which not everyone would find a use, like RDP8/8.1 KB2574819/KB2592687/KB2830477

Reply | Quote

This is my experience also. CEIP disabled, but KB2952664 still does its thing anyway.
Presumably Microsoft would argue that KB2952664 (or KB2976978 for Win8.1) is not really
“Customer Experience Improvement” as such, but rather “Win10 Compatibility Diagnostics”.

Reply | Quote

One thing is sure : DiagTrack is NOT a Windows 7 component (no idea about Win8) and therefor it’s been brought by a WinUpdate patch, indeed one of the many pushing to install Win10. You guys have the patch numbers nicely aligned, I abandoned, too many. Anyway, anything named DiagTrack is an intruder on Win7, and disabling the service DiagTrack (if applicable), uninstalling the patch which settled DiagTrack leaves nevertheless DiagTrack remnants in the Registry.

abbodi86 explains above how to remove those telemetry keys in the registry related to DiagTrack, OK, done. I nevertheless searched for DiagTrack in my Win7 registry and found a remnant, just one key, harmless, which I deleted. I’m not an eraser freak, always cautious, but if the DiagTrack service has been removed from Win7 there is no reason to find legitimate DiagTrack data in the registry.

I had discovered the DiagTrack Windows service after the dedicated WinUpdate patch had installed it, and removed the patch immediately after. Removing the patch removed the DiagTrack service ok but not the left-overs in the Registry. Like everything which is dirty, dirtier it is more it sticks … fortunately here we find several talented Mr. Clean …

As always my wording is naive because I am not a techie and because English is not my mother-tongue. If I opened opened doors (and Windows!) sorry for wasting your time.

Reply | Quote

Your English is quite clear. No need to apologize! (Hey, if I tried writing in German, people would be rolling on the floor.)

Reply | Quote

When I try German people ARE rolling on the floor (those being fluent in German because French just don’t make it with languages, most of the time!).

The main point is I don’t follow as much as i should important topics here and I admire those who are really committed to the topics, so coming in without sometimes having read it all (gosh, I often see articles with 100+ comments) makes it more likely to announce the first man on the Moon 47 years later 😉

Anyway, if I can help I am happy. I just don’t know enough in the computer area and this very nice place of yours, Woody, isn’t dedicated to off-topics, fortunately because otherwise i’d spend my days over here!

Beat goes on – Best WE to all.

P.S. : this post was an example of what I’m aware of, being off-topic (of course to demonstrate what to avoid).

Reply | Quote

Please pardon my stupidity 😮

So, uninstalling KB 971033 is safe? No future problem resulting from that? No gotcha? I just want to be clear on this.

Is it better to simply disable the task instead or would it make things worse? It is in Task Schedule under Microsoft as Windows Activation technology (WAT).

Thank you!

Reply | Quote

@abbodi86
“with KB2952664/KB2976978 installed, CEIP state is not respected and they will run and report back to msft”

Could you please clarify for a non-techie? I don’t want to make registry changes, but can follow instructions to change settings in Task Scheduler or Services.

Assume opted out of CEIP participation. With KB2952664 or KB2976978 installed, will disabling all Scheduled Tasks under Application Experience, Autochk, and Customer Experience Improvement Program stop Win10 compatibility reporting?

I had all of them disabled. Installing KB2952664 added Microsoft Compatibility Appraiser to Application Experience, and reset ProgramDataUpdater to Ready. I then disabled both of them.

So I guess I’m asking, if opted out of CEIP participation, and with all CEIP-related Scheduled Tasks disabled, will KB2952664 (or KB2976978) still send out Win10 compatibility diagnostics by another route?

This kind of information is important to me because it will help me decide whether to hide an update, or install it and change settings.

Thank you! I can’t understand a lot of what you pros are talking about, but I still learn a lot from you, and appreciate being able to see your discussions. 🙂

Reply | Quote

All of the updates now showing in my WU list are Security updates except for this one – KB3182203, which is not labeled as a security update. There’s been no mention of this one so I thought I’d bring it to your attention. I’ll be wondering whether or not to DL & install it. I’ve got Win 7 Home Premium 64 bit.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

So, skimming the above info, I’ve compiled it down to the following to create a Windows 7 baseline image with telemetry removed:

—-
Install Windows 7 + SP1 + ‘SP2’

Uninstall the following service packs in the following order:
KB2952664
KB3150513
KB3021917
KB3068708
KB3080149

Disable all services starting with “Diagnostic”

Disable Scheduled Tasks
MicrosoftWindowsAutochkProxy
MicrosoftWindowsCustomer Experience Improvement ProgramConsolidator
MicrosoftWindowsCustomer Experience Improvement ProgramKernelCeipTask
MicrosoftWindowsCustomer Experience Improvement ProgramUsbCeip

MicrosoftWindowsApplication ExperienceMicrosoft Compatibility Appraiser
MicrosoftWindowsApplication ExperienceProgramDataUpdater
MicrosoftWindowsApplication ExperienceAitAgent

Delete following registry keys if they exist:
HKLMSYSTEMCurrentControlSetControlWMIAutoLoggerAutoLogger-Diagtrack-Listener
HKLMSYSTEMCurrentControlSetControlWMIAutoLoggerDiagtrack-Listener
HKLMSYSTEMCurrentControlSetControlWMIAutoLoggerCircular Kernel Context Logger
HKLMSYSTEMCurrentControlSetControlWMIAutoLoggerSQMLogger
—-

Does this look like a reasonable summary? Am I missing anything?

My goal is to create a VMware baseline OS template that will serve as the foundation to create linked clones from.

Reply | Quote

I was talking about this one – not disabling completely, just the communication back to Microsoft.
https://www.microsoft.com/en-us/safety/pc-security/msrt-privacy.aspx
https://support.microsoft.com/en-us/kb/891716

Q3. How can I disable the infection-reporting component of the tool so that the report is not sent back to Microsoft?

A3. An administrator can choose to disable the infection-reporting component of the tool by adding the following registry key value to computers. If this registry key value is set, the tool will not report infection information back to Microsoft.
Subkey:
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMRT

Entry name: DontReportInfectionInformation
Type: REG_DWORD
Value data: 1

Reply | Quote

Thank you

Reply | Quote

Our little discussion began based on how to silence the telemetry reporting with the telemetry-related updates are installed 🙂

so yes, DiagTrack service does not exist by default, it’s installed by either of KB3068708/KB3080149

Reply | Quote

No, those Scheduled Tasks are the only way for KB2952664/KB2976978 to function
if they are disabled, no compatibility diagnostics will be ran or reported

Reply | Quote

It might be much more productive to come up with a list of NON-Security WINDOWS updates that are useful. Most are not.

As I have said elsewhere, I regard any of this category of update issued after Jan 1, 2015 to be useless.

Proof positive, I have been operating that way for a year now, including re-builds and not a single problem. In fact, I think my clients’ systems run better.

Reply | Quote

Some notes-

Also disable the ‘Remote Registry’ service.

I prefer deleting those scheduled tasks, because somehow they were still being ran or at least scheduled to run when disabled. Also delete this task:
MicrosoftWindowsDisk DiagnosticMicrosoft-Windows-DiskDiagnosticDataCollector

And DISABLE this task, don’t delete:
MicrosoftWindowsWinSATMaintenance

HKLMSYSTEMCurrentControlSetControlWMIAutoLoggerSQMLogger can only be completely wiped out if you do so with some elevated privileges from a cmd prompt or, for simplicity, use Registrar Registry Manager. Be careful with that tool if you try using it for anything else, it’s powerful and could allow you to really mess something up that Windows would otherwise not allow you to.

Delete ‘MachineID’ and ‘UserID’, if present in this folder:
HKLMSOFTWAREMicrosoftSQMClient

Lock Windows out of modifying or accessing a particular Diagnostic log, which it does even with all of the above precautions, by blanking it and modifying SYSTEM permissions with these two lines in an elevated command prompt:
echo. >%programdata%MicrosoftDiagnosisETLLogsAutoLoggerAutoLogger-Diagtrack-Listener.etl
cacls.exe “%programdata%MicrosoftDiagnosisETLLogsAutoLoggerAutoLogger-Diagtrack-Listener.etl” /d SYSTEM

Reply | Quote

Interesting idea. Want to kick off a list?

Reply | Quote

I install almost all released updates and don’t have problems
i consider all updates as useful 🙂
in fact, most issues and problems comes from “security updates”, which everybody consider them useful

Reply | Quote

I’m discovering :

– Delete ‘MachineID’ and ‘UserID’, if present in this folder:
HKLMSOFTWAREMicrosoftSQMClient
Lock Windows out of modifying or accessing a particular Diagnostic log, which it does even with all of the above precautions, by blanking it and modifying SYSTEM permissions[…]

Sorry to doubt but ‘MachineID’ and ‘UserID’ trigger caution here … I have the ‘MachineID’ only, but I fear that the key could be related to the ‘Windows Registration’ : I don’t want to be asked for my LicenseID next time I boot… Are you 100% sure deleting this/these keys is harmless?

Reply | Quote

Thanks, abbodi86! 🙂

Reply | Quote

So this means that KB 971033 is very safe to uninstall and this is considered as a foolish question that does not deserve an answer? Or do nobody really know if it is safe?

If this meant to be “anti-piracy” patch, would not it be too simple to just uninstall it? No safeguard against this? No trap? That would be strange.

Reply | Quote

It’s not a foolish question. I don’t know the answer, thus have avoided proposing an answer.

Reply | Quote

No, not 100% sure, but no problems here after doing that a while back.

Reply | Quote

A wrinkle I hadn’t considered before I saw this article today — images from “our” CCTV cameras can be legally kept and stored by foreign governments:

http://www.dailymail.co.uk/news/article-3817204/Inside-China-s-Big-Brother-HQ-cameras-monitor-millions-Britons-undercover-MoS-reporters-infiltrate-nerve-centre-CCTV-giant-spies-people-root-dissidents.html

Reply | Quote

By the way, a lot of Americans assume the Daily Mail is akin to the National Enquirer, but it’s not.

It is a right-leaning, tabloidesque paper, but it’s middle-market, is a professional institution (with plenty of faults, and some actions based on greed and pandering to a lowish common denominator, of course) —
but it does not carry made-up stories.

It is a top seller among UK newspapers, it has the largest-selling Sunday paper in the UK, it has one of the most-visited websites in the English-speaking world (it’s one of the top handful in the US for traffic, apparently), and it “has been awarded the National Newspaper of the Year in 1995, 1996, 1998, 2001, 2003 and 2012 by the British Press Awards”. [https://en.wikipedia.org/wiki/Daily_Mail]

(Just wanted to say that, because usually if I cite the DM in the US, I get a retort about how I might be interested in the National Enquirer’s new story about “the space alien that is pregnant with Elvis’ child”!)

Reply | Quote

Daily Mail is owned by the same people like http://www.news.com.au and their large audience is very much related to considering Kim Kardashian’s latest “most shocking outfit” as being top news.

Reply | Quote

@Dave G:

This is way above the heads of most of us “non-techies”. Dealing with the registry is just too much for the “Average Joe/Jane users.

It’s a good forum for those who are well versed in IT knowledge, and good to share ideas as well. I wish “GOOD LUCK” to us all.

Reply | Quote

Thank you for your reply 🙂

Reply | Quote

A very reasonable approach 😀

Reply | Quote

I was wondering if it would be possible to take a snapshot using alt printscreen and then upload my installed updates list to the site to determine if anything really needs to be purged, then do the same for updates I’ve yet to install and also updates I have hidden? W7 Updates are getting very long in the list ugh.

Trying to keep track of KBs is pretty tough, I spent 6 hours trying to keep track and it’s just hard to do. This is on a fresh install of W7 too

Reply | Quote

You’ll have hundreds of them. I doubt that anybody would want to comb through them – huge job.

Better to follow along here, watch the MS-DEFCON posts, and carry on with what you have. You might want to look for the handful of “really bad” updates that get posted here from time to time, and uninstall them, but I think your emphasis should be on the future: Pick Group A or Group B (or Group W) and stick with it. The worst is almost certainly yet to come.

Reply | Quote

@Woody,

Okay. Question: Is there a way to DELETE one or more of the hidden updates?

flavet

Reply | Quote

Nope. You can uninstall, you can hide, but you can’t run away. 🙂

Reply | Quote

The eye of Cain …

Reply | Quote

I read again http://www.infoworld.com/article/2981947/microsoft-windows/the-truth-about-windows-7-and-81-spy-patches-kb-3068708-3022345-3075249-and-3080149.html
I think that information from 1 year ago is still accurate and consistent with what I know.
The only doubts about CEIP behaviour seem to be around KB2952664 which abbodi86 says that it changes the default behaviour of the CEIP settings.
So with CEIP turned off, only KB2952664 and its follow-up KB3150513 should be avoided to reduce or eliminate the telemetry back to Microsoft.

Reply | Quote

@Woody: If we choose a “Group” (A, B, or C/W), are there any actions we must take “now” or are we waiting for instructions? I haven’t seen any and hope I haven’t missed anything.

I’m expecting the “worst”, and hoping for the “best”, as I’m sure we all are. Thank you for your help with the “update mess”.

Reply | Quote

I’ll have the instructions up later today.

Reply | Quote

Woody. I understand about what’s ahead of us all. Last night I took 8 screen shots of the updates that are currently installed, 1 of what is hidden and 1 that I have yet to install. I certainly tried to use the KB numbers to see what they were about along with trying to follow your site using google. These are just images of the update numbers, no need to go searching for them as they would be posted here if possible as some other forums. I suppose after the images are uploaded a list of what shouldn’t be installed can be done as you stated here for W7.

Thank you.

Reply | Quote

I’m still seeing KB3021917, 3068708 and 3080149 show up in WU.

Reply | Quote

Follow my post on MS-DEFCON 3, and you should be OK.

Reply | Quote

I did not say that they have been withdrawn. Only that they can be controlled by the normal CEIP mechanism and as such not as problematic as they appear to be.
KB2952664 instead seems to change the behaviour of CEIP and not comply fully with the settings.

I recently read a Microsoft disclaimer for one of the core server products in which it is stated that Microsoft can change the CEIP behaviour at any time without notice via Windows Update (in order to collect more data and to improve the product as consequence). If this is acceptable at the server level, then there is little hope about the end-user products.

Reply | Quote

ch100 there was a list of patches you recommend to be installed- there was 1 in particular for windows activation or ensuring legitimacy of the OS for Windows 7, do you happen to have that Link? Perhaps there should be a forum layout for this site.

Reply | Quote

There is a list in this GitHub project that I use:
https://github.com/CodeMason/aegis-voat

Reply | Quote

I said that patch was optional even if it comes as important. It comes as important unchecked for enterprise version which to me indicates that it is not essential for any other version.
Install it only if you need. Other people posting here said the same thing.
https://support.microsoft.com/en-au/kb/971033

Reply | Quote

Update: I’m writing up a complete overview for InfoWorld. Should be published early next week.

Reply | Quote

@Woody:

I’ve been having problems getting “any notices” about updated comments to the various discussions.

I’m suspicious of the KB3177186 update which I installed yesterday. No problems before then. I haven’t installed any of the other Sept. 13th updates other than the IE Critical update on Oct. 4th.

Anyone else reported a problem with this one?
Thank you once again.

Reply | Quote

Great, thanks for the feedback guys.

Reply | Quote

“If there’s a bad patch that kills something, then the fix will likely arrive in the next month’s patches.”

So big deal! You only have to wait a month before you can use the computer YOU BOUGHT again.

Reply | Quote

🙂

Reply | Quote