Michael Horowitz: Killing Windows Update on Win10

Topic

New Reply

Horowitz has a fascinating “cheat sheet” reviewing various methods of blocking Win10 updating. With Windows 10, there are three aspects to disabling W
[See the full post at: Michael Horowitz: Killing Windows Update on Win10]

9 users thanked author for this post.

Norio, Karlston, GreatAndPowerfulTech, Michael432, Elly, Fred, CyGuy, Microfix

Reply | Quote

Replies

I use a combination with metered connection and Wushowhide, at least that has worked for me, this is in the case I plan to update if not, the above mentioned plus disabled services.

Just someone who don't want Windows to mess with its computer.

Reply | Quote

If you switch to a Windows restricted/standard user does the Metered connection still show as enabled? Of course, what Windows 10 displays and what it does are not guaranteed to be the same thing.

Reply | Quote

Just curious which versions of W10 you are running (and home/pro) – each versions has been a changing landscape for possible options.

Reply | Quote

first of all,  I must remark that this method at least work for me, so its possible it only works for me

My system is 1703  and using the home version.

Just someone who don't want Windows to mess with its computer.

1 user thanked author for this post.

Bluetrix

Reply | Quote

Zaphyrus wrote:

I use a combination with metered connection and Wushowhide …

If you switch Windows users, does the metered connection remain on? For Ethernet? For Wifi SSIDs?

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

You would have to keep Windows Update and fiends locked down because metered status is to be set for each new connection. I had to change a network and wasn’t very careful, and all the Microsoft malware wanted to come flooding into Windows 10.

 

Reply | Quote

Yes, a problem with this approach is the first time you connect to a new Wi-Fi network, it is not metered by default so Windows Update does its thing.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

Perq

Reply | Quote

Addressing your first question, yes the connection will remain metered status while switching users. Also, Microsoft has demonstrated the ability to override metered status when it suits them.

Reply | Quote

There are ways to use the registry to stop “unstoppable services” I done this few times. If I remember right, it involves changing the start number in data to a 4

Reply | Quote

Yes, some details are here

https://www.wintips.org/how-to-turn-off-windows-10-updates-permanently/

and it does suggest changing the Start key to 4. However, since some of Windows Update is specifically designed to roll back this type of hacking, you can’t count on registry updates sticking any more.

Reply | Quote

With the advent of 3rd party (free) blocking apps this should be a mute issue for those concerned enough about blocking Win10 updates to do something about it. It’s ridiculously easy. I might add that since I have added an update blocker app I have seen no ill side effects from doing so. (Oct 10, 2018 added)

Now, blocking Win10 telemetry is another animal. I am looking for an app as EASY and safe (and reversible) as the update blocking is. While there are apps available, they have pitfalls I am not ready to risk using. I have my fingers crossed hoping for one soon. I know some will say this isn’t a good thing to do, windows needs this info to make adjustments and improvements to windows … we have seen and continue to see the end results of this fallacy. Call it what you want, it’s spying without any control. The (pun intended) window dressing controls available now are an insult to any intelligence.

Edit to add: Windows Home, Version 1803 (OS Build 17134.165)

1 user thanked author for this post.

rontpxz81

Reply | Quote

@Bluetrix
What update blocker app do you use?

Reply | Quote

anonymous wrote:

@bluetrix What update blocker app do you use?

http://greatis.com/blog/stopupdates10 <— program is here, developers site.

(There are others out there in internet land but I use this one)

I am including an excerpt outlining what the program does I copied from:
https://www.thewindowsclub.com

I hope this helps all or just one of the many readers here. I do intend to update, perhaps when the MS-DEFCON rating is more palatable.

How StopUpdates10 works
If you are curious enough, the developer of the tool has provided us with the entire list of actions that happen in the background. The tool makes the following changes:

Registry Values: The program automatically changes the registry values for 7 registry keys for you so that you do not have to do it manually. All the registry changes can be easily restored back with the restore button.
Windows Update Service: StopUpdates10 completely stops this service and prevents it from auto-starting, essentially killing the automatic updates mechanism.
(I deleted what it changes, that can be read at https://www.thewindowsclub.com)
Restoring changes is also easy as is. All you need to do is hit the Restore Windows Updates button, and all the changes will be rolled back. The program also displays the status of Windows Update. Apart from that it also provides you with command line features so that you can include StopUpdates10 in your scripts as well.

1 user thanked author for this post.

rontpxz81

Reply | Quote

I would not use that program. For one thing, it is closed source, not open. It changes registry values for 7 things. What things? There are at least 15 scheduled tasks involved with Windows Update. It stops one Windows Service when there are likely to be four involved with Windows Update. And while it may have prevented the service from being re-started in the past, Windows Update is getting more aggressive in this and its not clear when the program was last updated. Finally, it blocks processes. How? None of our business.

Reply | Quote

anonymous wrote:

I would not use that program. For one thing, it is closed source, not open. It changes registry values for 7 things. What things? There are at least 15 scheduled tasks involved with Windows Update. It stops one Windows Service when there are likely to be four involved with Windows Update. And while it may have prevented the service from being re-started in the past, Windows Update is getting more aggressive in this and its not clear when the program was last updated. Finally, it blocks processes. How? None of our business.

That’s okay by me if you don’t want to use it because it’s a “closed source”. Windows10 is fully open I guess. Perhaps it who or what reviews you trust. Maybe it’s a closed source because the developer didn’t want anyone to commercialize his freely offered work.

As far as what the program actually does I provided a link to that, but to be more precise here is the link to the actual review so you don’t have to search for it in windowsclub forums. It includes everything I didn’t include, as I said my post was only an excerpt.

https://www.thewindowsclub.com/block-updates-windows-10-stopupdates10

You asked what program I used, ymmv, but it works for me. 🙂

btw, I use free programs that are a closed source, so far so good. To name just a few : Adaware, Ublock, CCleaner, and those are just three of to many to list.

Apologies for OT segue mods 🙂

2 users thanked author for this post.

RamRod, rontpxz81

Reply | Quote

@bluetrix

Thanks for post the update blocker app. I might try it and see how it. Thanks again.

Reply | Quote

Mr. Brian posted a link to a batch script months ago for stanching Windows 10 update malware behavior, it has worked well on 1607 and also has been updated for other versions. If Window’s own firewall rules are honored that can help.

You should be able to find a basic printer driver from the printer manufacturer, some companies have a smaller core package. Because of a feature you may need or want sometimes you have to get the fat driver package, the good fat driver package installers will let you choose a custom installation and trim packages.

You all have enough intellect to manage your own printer folks, Windows 10 doesn’t need to do that job.

Reply | Quote

Anything permission-locked can be unlocked with the help of NSudo 🙂

Reply | Quote

Michael Horowitz missed in his article that you can actually deal with and remove sedsvc easily–it’s part of the trash that gets installed in C:\Program Files\rempl on a-few-months-out-of-date Win10 installations. It is the much-maligned KB4023057, cursed be its name, which is re-released every month despite the lamentations of the righteous.

Installation of it can be easily prevented by doing the following:

1. Uninstall it in Control Panel/Programs and Features. It’s in the list of installed software, not in the list of updates. Microsoft is tricky. I had a different word in mind but its not terribly polite.

2. Make a C:\Program Files\rempl folder. If one already exists, delete it and remake it to ensure you have ownership.

3. Deny all permissions to C:\Program Files\rempl for all accounts except administrators. You can do this with the permissions dialog or with icacls or some other utility. This will prevent any files being placed in the rempl folder, which will prevent the reinstallation of the loathed KB4023057.

Any attempts by Windows Update to install KB4023057 every month will simply fail because the files can’t be written. If you forget to run wushowhide every month, this will potentially save you from a ninja installation of KB4023057 resulting in a possible forced “upgrade” to 1809, with all the blue-screens, bugs, wasted hours, sadness, and failure that implies.

Reply | Quote

May be version dependent. 1803 contains the C:\Program Files\remp folder but there is no uninstall option.

Reply | Quote

An anti-exe such as voodooShield can help block the various processes, but it requires you to approve every process which may be annoying to some. The same with a 3rd party firewall. Both require ‘Insane Paranoid’ mode.
What is of interest is the variety of processes that fire up over time. With 1709, every 2 months something new would appear to repair any alterations made to stop updates.
I broke the process by taking ownership of the folder for Update Orchestrator in Scheduler, sys32 and deleted the files. You can return them, or just download an ISO for update later.
Be warned, Win10 is tricky so don’t set and forget; a process will fire up at some stage to make changes to update.
Of course a backup can be restored return normality and investigate where it went wrong.

Edited for HTML. Please use text tab for copy/paste.

Reply | Quote

anonymous wrote:

every 2 months something new would appear to repair any alterations made to stop updates.

This is one real purpose of the AI and telemetry: to find out what people are doing to block updates.

Reply | Quote

If there is no way left, just block the connection using the hosts file or alternatively a self managed DNS server.

Adding update.microsoft. com and windowsupdate.com resolving to 127.0.0.1 should work. I would prefer the DNS server method.

Reply | Quote

This article mentions 15 different Windows Update domains that are blocked

https://www.reddit.com/r/Windows10/comments/7xxup9/permanently_disabling_windows_10_upgrade/

My experience has been that DNS can only block one sub-domain at a time. That is you have to specifically block a.example.com and b.example.com and c.example.com individually, you can not globally block all of  example.com. Am I wrong about that?

A self-managed DNS server sounds like a great idea, but any device on the network that uses a VPN bypasses this blocking.

Reply | Quote

I use DNS blocking in Router on my Windows 10 Home using this as reference :

https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1709-endpoints

https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions

https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1803-endpoints

https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions

https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints

 

1 user thanked author for this post.

Michael432

Reply | Quote

Great links, thanks.

DNS blockages in a router have the advantage of working for all PCs on the LAN. But, any computer using a VPN bypasses the router for both DNS and firewalling. DNS blockages on one computer were, I thought, impractical because each subdomain has to be specified individually and this Microsoft doc does not do that.

For example, if you want to block *.hwcdn.net as per the Microsoft documentation, how would you? DNS, at least the hosts file, does not do generic. You would have to block a.hwcdn.net and b.hwcdn.net and c.hwcdn.et, etc etc. So, what specifically do block in DNS?

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

anonymous wrote:

Addressing your first question, yes the connection will remain metered status while switching users. Also, Microsoft has demonstrated the ability to override metered status when it suits them.

Where did you read about Microsoft over-riding the metered status? And, in my testing, limited though it was, a restricted/standard user had the metering off, even though an Admin user on the same machine had it on.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

I have been staying at version 1607, and is it possible with newer versions to change the metered status separately from the Administrator? Is there a per-user registry setting to control metered connection state?

Where did you read about Microsoft over-riding the metered status?

Why here at AskWoody of course and from this, and here, this one, and from some of these links over here.

Reply | Quote

Hi, Michael,
just in case you didn’t hear from nsudo, to have more rights on W10:
http://www.majorgeeks.com/files/details/nsudo.html

I could disable the task ‘PerformRemediation’ via the help of nsudo, but there must be another task re-enabling it again, and i didn’t spent to much time searching for it.

Regards, Karlheinz
Edit: Removed email address for security reasons.

Reply | Quote

@Bluetrix

StopUpdates10 stops window from updating; hence, I will need to have StopUpdates10 restore updates to get software upgrades and updates. StopUpdates10 does not mess with windows defender updates; hence, I will still have up to date virus definitions. It’s this correct?

Out of curiosity, how often do you re-enable updates?

Thx

Reply | Quote