More problems with Windows 7 update taking forever

Topic

New Reply

I’m getting more messages from people who are facing hours and hours of Win7 update scans, even though they followed the directions here: http://www.i
[See the full post at: More problems with Windows 7 update taking forever]

Reply | Quote

Replies

Just a little off the cuff info from me. This morning MSUS check for updates took a WHOPPING 11 minute 15 seconds to complete! ! I haven’t had any long delays on running update check for nearly 2 months.

Just me 2 cents worth.

Dave

Reply | Quote

I don’t know if this trick can be adapted for Windows Updates, but I have resolved a similar issue with MSE whereby the search for the latest definitions was getting stuck partway. For those who have MSE the search routine was sticking with the green bar stopping just above the end letter of “minimize”.

I found that if you give it a few minutes and then use Task Manager to close MSE under Applications, the MSE window closes. Then use the Start menu to run MSE again, switch to the Update window and run the update at which point it will instantly download and install the latest definitions. So it appears that although the updating routine is stuck on Search it had already found the update, it just wasn’t downloading and installing it.

I believe that MSE and Windows Updates use the same patching servers/service. Maybe it’s the same with Windows Updates, the search appears to be taking forever but in fact the updates have been found but need to be kick-started into downloading and installing?

Just a thought. At least it’s a workaround for MSE even if it doesn’t lead to a solution for Windows Updates!

Reply | Quote

Not only the scans. When you get the list and try to download and install, it sits there forever (last one over night) seemingly doing nothing.

Reply | Quote

Remove the checkmark from “Allow the computer to turn off this device to save power” in Device Manager —> Network Adapter —> Properties —> Power Management tab.

It’s surprising how many times something simple like the PC shutting off power to the network adapter can reek havoc with Windows Update.

Reply | Quote

Yeah… something’s goofy alright. I just updated a Win 7 system two days ago and life was good.

Just tried checking for updates on that same system and after 25 minutes now it’s still checking.

Reply | Quote

Oh wait Woody… it just completed and I tried checking on my own system while I was commenting and the list popped up in less than 5 minutes.

Reply | Quote

I’ve used the Disk Cleanup Wizard update from https://support.microsoft.com/en-us/kb/2852386 to recover large quantities of disk space.

I wonder if cleaning out those superseded updates might help with scanning.

Reply | Quote

I wonder if it’s connected to Microsoft’s “fix” for 3177725 – KB 3187022 ????

This is weird.

Reply | Quote

My personal favourites are kb3138612 & kb947821 can be run from the desktop or thrown in an image using DISM they have to run with any network disconnected. see below for further install inst. & alternatives.

http://superuser.com/questions/951960/windows-7-sp1-windows-update-stuck-checking-for-updates (try post 103) its changed a bit since i first stumbled in there but theres other solutions as well.

Reply | Quote

Most people have their computers set to sleep after a time. Could this be a problem as well?

I’m having no trouble with the searching at the moment, but the ones I’ve worked on lately are a bear when it comes to downloading.

Reply | Quote

Am I the only one who worries about what will happen come October when (if I understand it correctly) there will be no more individual patches … and therefore no option to invoke the monthly manual fix?!

I’ve seen nothing that suggests that the change to roll up patching will also address the wu scan forever issue.

If I can’t get to my updates to begin with, at least worrying about the new roll up approach will be academic!

Reply | Quote

The only one I’ve been manually installing is KB3177725. It seems to work for Win7, but the equivalent (same KB number) for Win8 doesn’t seem to have any effect.

Reply | Quote

I wonder if MS pulled 3177725?

Reply | Quote

I’m following the problem very closely.

http://www.infoworld.com/article/3071689/microsoft-windows/new-windows-7-and-81-patches-usher-in-the-future-of-rollup-updating.html

Reply | Quote

Just food for thought! I wonder what MS has up their sleeve for October 2016? They are upset because their money, WIN 10, was/is not well received nor wanted by the vast majority of computers of the World. MS has already demonstrated that they can control windows computers via internet, so they may try the big pitch! Your guess is as good or better than mine.

Reply | Quote

This stuff with WU is crazy. I have a business with 8 machines that I maintain. All have the pretty much the same software and are used the same. All have the exact same updates applied. Went for years with no issues then couple months ago 1 machine was slow to update. Installed the latest kernel mode driver at the time and it updated immediately.

This month all machines checked updates and applied the defender updates and MSRT except for a 1 machine – but a different one than the month before. Again, all machines had exactly the same updates applied. Installed KB3177725 on only this machine and it updated immediately. I then uninstalled the update due to the printing issues that were reported.

Can’t for the life of me figure what would cause 7 machines to work fine and 1 different machine each month to be slow.

Reply | Quote

I saw it in an “important” update list yesterday

Reply | Quote

Yes, it’s just another win32k.sys-patch, which is slow as molasses without the updated WU-client.

Reply | Quote

Any such problem is likely to be felt most by those who either set their updates to download and install automatically, or else set them to notify but not download or install and then feel a compulsion to download and install them at the earliest opportunity!

Those who continue their present practice of leaving the download and installation of all updates for a week or two at least, i.e. until they have followed a few sites like this one and been advised by those who understand these things better than most (and I don’t just mean Woody, he’d be the first to point to some of the commenters who also post here as being pretty supportive themselves) whether and when to install the updates will be in no different a position than they are now.

Some users will install everything regardless, and some users will disable all updates regardless, while the sensible ones will hold fire on all updates until the safety and wisdom of installing them has been established. In that sense at least nothing is changing in October.

Reply | Quote

Nope. Still available on the MUC site: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3177725

I just took a screenshot of it for good measure: https://s4.postimg.org/dwxmt4px9/MUC_KB3177725.png

Reply | Quote

@ PKCano,

I have KB3177725 installed on my own 8.1 machine.
https://s4.postimg.org/3st1atn25/Windows8_1_KB3177725.png

Reply | Quote

Well not really. If WU is configured to download, but to let the user choose whether to install or not, that’s more or less self-explanatory. For example, I didn’t install either the July or August Rollups on my 8.1 machine since I’m not experiencing any of the issues they address.

But with the bundled packages, I’d have to install all the non-security updates just to get the one I might actually want. Skipping a month won’t help either since the Rollups are cumulative and contain all the previous month’s patches in addition to the new ones.

Also, as Woody has remarked Microsoft can bundle anything they want into a Rollup and users have no choice but to accept it.

Reply | Quote

Perhaps they’re just preparing us for a single update on the basis that it’s – yes, you guessed – THAT W10 update! Woe betide those who the moment the free upgrade ended uninstalled GWX Control Panel! I have it installed for life!

Reply | Quote

Installing KB3020369>KB3172605 is the only definitive solution for WU delay in Win7
http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution-for-advanced-users/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c

temporary win32k.sys patches might to the job, but they are monthly changed, and require some other patches

just spare yourself the trouble and go with the permenant route
Intel bluetooth issue is fixed by Intel 🙂

Reply | Quote

Pretty sure James was only talking about the future of the W7 slow update issue, along with the currently mostly working workaround.

Reply | Quote

Not pulled at least now.

Reply | Quote

For those still experiencing problems might be worth having a look at the other post about the TrustedIntaller.exe logs under C:WindowsLogsCBS. If there is any file over 2GB there, do yourself a big service and delete it following the procedure from this article http://www.infoworld.com/article/3112358/microsoft-windows/windows-7-log-file-compression-bug-can-fill-up-your-hard-drive.html
Do it regardless of the disk being full or not yet as it breaks Windows Update. This happens more often than everyone expects and is largely unnoticed.

Reply | Quote

Yes, Sleep and Hibernate should be avoided if possible. They can cause a lot of problems starting with time getting out of sync. There is a bug (design flaw) in the time synchronisation implemented in Windows 7 which affects stand-alone machines mostly.

Reply | Quote

It should help. Reboot is required most of the time after uninstalling superseded updates. Although it is not obvious because of missing notification, this is logged in the Setup log.

Reply | Quote

I set my updates to automatic! The download problem went away! Interesting how that works. I’m thinking this whole mess is created by Microsoft!

Reply | Quote

It’s not gonna happen, but one thing would fix it: Service Pack 2. When WU has to trawl through 200+ updates each month to see which ones apply, no wonder it takes forever.

Reply | Quote

Yes, I’ve seen that trick described, and it has worked for me on a couple of machines. It’s ridiculous, however, that anyone would have to go to such lengths to update an MSE virus definition that should be updating automatically. But this is the real world of Windows, eh?

Reply | Quote

Yes, I’ve been doing the same thing for Windows Defender definition updates on Win7. Gets stuck on the first run, kill it, restart, and it instantly downloads and installs.

Reply | Quote

I had a look at my CBS Folder and checked it’s properties……….. the whole folder is 103MB in total…. so obviously something is working. My machine is Win7 Pro. My WU is set to check but do not download……… and when Woody gives the all clear and I start the updating I find the speed is good and the whole thing completes quite quickly. Haven’t checked times as it hasn’t been diabolical.
Haven’t checked my husband’s (Win8.1) but will do so too. Thanks….ch100 and Woody for the info! LT

Reply | Quote

I think it is not a matter of what you decide as being useful, but what Microsoft claims. Have you decided when Windows was released with millions of lines of code what goes into the operating system?
I keep saying that there are only 2 reliable (functionally) approaches.
One approach is for those who are pleased with the current state of the OS having all the patches up to a certain month or even a combination of previously released patches and don’t want to fix what is not broken. Those users can set WU to Never update for the lifetime of the computer and assume all responsibility for potential security risks.
The second approach which I tend to favour is to install everything after a period of grace is passed or take MS-DEFCON as reference. There may be few exceptions within reason, KB2952664 is a good candidate at the moment, but this should rather be the exception, not the default.

Reply | Quote

🙂

Reply | Quote

Check this post http://www.infoworld.com/article/3112358/microsoft-windows/windows-7-log-file-compression-bug-can-fill-up-your-hard-drive.html

Reply | Quote

We already know that the issue is created by Microsoft. The only debate is between the 2 camps, one to which I belong which says that the cause is poor design and maintenance of the Windows Update servers and the other that says that Windows 7/8/8.1 are made inconvenient on purpose to have people upgrade to Windows 10.

Reply | Quote

The automatic updates of MSE stopped coming, then came back again, then left again. I’ve been having to do a manual download of the update by going to https://support.microsoft.com/en-us/kb/971606 and clicking on the 64-bit version for Win 7. Yesterday I had MSE set to do a full scan, starting with an update. It seems like this time it did the update while I was away. But I had it set to start at 4 p.m. It’s saying that the scan started at 8:58 p.m. So it took five hours for it to update first. It’s now 2:52 a.m. and the scan is still going. It seems to be about 2/3 through the disk. (It used to take under an hour.)
The last time I did a Windows update was 8/5, and it took 12 hours do update nine files. (Only security-related files.)
Maybe Microsoft should go back to selling CDs with the updates!
Morty

Reply | Quote

That one is a very good observation and I know that the Power Management feature for NICs can cause a lot of trouble. However this largely depends on the driver and it is not the universal fix. Worth trying though.

Reply | Quote

CheckSUR KB947821 is a very useful tool, although it has not been updated since 2014. I am wondering if it is still effective today. Nothing to lose by running it though, only potential gain.

Reply | Quote

@James “I’ve seen nothing that suggests that the change to roll up patching will also address the wu scan forever issue”

It actually does if you know how to read between the lines and understand the technicalities behind this new update approach. It removes many of the superseded updates from calculations and allows Microsoft to finally remove a lot of the obsolete updates from their servers. I am in minority here, at least until October 2016 🙂 but I am one of those very pleased with this new approach.

Reply | Quote

There are many changes coming in October. I wouldn’t worry about it for now…

Reply | Quote

The two camps are not mutually exclusive! I tend to take the “benign neglect” point of view – Microsoft is too busy to care.

Reply | Quote

My post was about the intentional element. If there is no intentional element and only neglect, then it comes under the poor design of the CBS and poor maintenance of the updating servers.

Reply | Quote

@Lizzitish Your system is alright, at least when it comes to the CBS Folder. @abbodi86 has a very useful post about tweaking the registry to avoid this problem here https://www.askwoody.com/2016/long-standing-bug-in-win7-log-file-compression-can-suddenly-fill-your-hard-drive/#comment-96688

Reply | Quote

Recommended Approach #2 assumes that Microsoft knows what it is doing and committing neither Type 1 nor Type 2 errors–fixing what needs to be fixed and not fixing what is not broken. That assumption only needs to be spelled out to see that it is flawed. Just look at the headlines on this site.

This is in addition to whatever evil schemes Microsoft is up to.

Reply | Quote

Agreed. Companies that have lost their way are often both incompetent and desperate enough to act against the interests of their customers and other partners.

Reply | Quote

I wouldn’t put it past them to try something like that. After all, the W10 update is still available for free even though we’re way past the July 29 install-by date.

I made my own registry changes to prevent the installation after removing KB3035583, but I also run Never10 from time to time just to make sure nothing’s been changed without my knowledge: https://s10.postimg.org/to1wumfyx/Never10.png

Reply | Quote

This one might be useful as well:
https://support.microsoft.com/en-us/help/17588/fix-problems-that-block-programs-from-being-installed-or-removed

Reply | Quote

Setting WU to “Never check for updates” is intended to avoid the non-security related updates since we don’t know what the Rollup will contain.

I didn’t install either the July or August Rollups since I’m not experiencing any of the issues both of them address. Here’s a description of what the August rollup addresses for example: https://support.microsoft.com/en-gb/help/24717/windows-8-1-windows-server-2012-r2-update-history

I just don’t see the point of clogging up my machine with fixes for problems I don’t have.

The security issues though should be fixed by downloading the Security-only package so that the computer won’t be at risk from attack during its lifetime.

Reply | Quote

Open an elevated command prompt and run: sfc /scannow

You may well have corrupt system files which are the cause of the problem.

Reply | Quote

Service Pack 2 might fix all your problems though! Can’t have that can we?

Much better idea as far as M$ is concerned is that you update to Windows 10. That way, you’ll still have all your problems, but M$ can get lots of lovely data from you to flog to the advertising industry.

Reply | Quote

I just checked the CBS folder on my Windows 7 PC and it’s 9.69GB in size!! There’s a CbsPersist log file from January that alone is 2.30GB.

And yet, the computer isn’t experiencing any delays in searching, downloading, or installing Windows updates.

Reply | Quote

Read an article in Microsoft’s “tech net”, that those who installed the update bundle KB were stuck with it.Those who did not install the bundle KB could get and look at , individually, each KB issues to their computer, UNTIL OCTOBER 1, 2016. That is why I get my KB’s individually and look at each, then decide if my use warrant, installing them. I am certainly taking advantage of this to the end. Has anyone else run into this?

Reply | Quote

Yep, you’ve hit the problem. You can give 9.69 GB to Microsoft’s mistake, or you can follow the instructions in the article and get your hard drive back. 🙂

Reply | Quote

I am with abbodi86 on his/her posting on AUG 25 2016 at 4:42pm. I had installed the June roll-up KB3161608 that included the Windows Update fix KB3161647. The KB3161647 Windows Update fix has worked wonderfully for the June, July, and August Windows 7 update times (2-4 minutes each). There was that issue with Intel Bluetooth, but Intel claims fix available now.

See https://communities.intel.com/thread/104851

In that thread, it claims KB3161608/KB3172605 would need to be uninstalled first and then reinstalled after the Intel fix. (Note KB3172605 was the July roll-up successor to KB3161608 so you may have neither, one, or both installed – if your Windows 7 Update scans take forever, likely you have neither installed).

I can’t vouch for the Intel Bluetooth fix (maybe someone else can), but the Windows 7 Update fix included in KB3161608 and apparently also in KB3172605 appears to be the real solution to the Windows Update scans taking forever.

PS – I suspect anyone that uninstalls KB3161608 or KB3172605 will likely lose what’s in “View Update History” but you could still see Installed Updates.

Reply | Quote

I don’t have KB3020369 or KB3172605 installed, checking updates for me now takes ~15-20 seconds, as it has since using the Dalai/krelay method 2/3 months ago. Previously, 24+ hour waits were common.

Reply | Quote

Service Pack 2 ain’t gonna happen; that would presumably require M$ to continue supporting Windows 7 beyond the current end-of-life date.

Reply | Quote

You are likely to see continuous growth in the temporary files and makecab.exe running often, never completing but timing out.

Reply | Quote

I said it elsewhere, those who don’t trust Microsoft at all, should not use Windows or any Microsoft products.
There is middle ground though, for those who do not trust the CURRENT Microsoft, then Never check for updates is the way to go.
Selecting updates without being a Microsoft insider is only asking for trouble down the track.
We see enough users still having the slow update experience, although everything that they need to know was posted here and on http://www.infoworld.com/blog/woody-on-windows/ and here http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c

Reply | Quote

My go to tool to fix all Windows Update issues is Komm’s Update Checker (KUC) software available for free at http://windows-update-checker.com/ Don’t mind the spam looking webpage, the tool never misses to fix a stuck/long running WU. Best part is all the fixes/update procedures are fully visible and available as BAT files. The tool itself does not make any changes – it generates easy to read BAT files that the user runs in sequence. In a few word, the tool first generates the scripts to clean broken updates, then superseded ones, then it downloads the updates and installs them. All work is actually done by calling DISM, the built in command line tool that Microsoft includes since Windows 7 for managing the catalog store. We manage a bit over 2500 PCs over almost 250 sites, I’ve seen it all. Good luck everyone, just know there is a way to fix all WU issues.

Reply | Quote

I tested Dalai’s http://wu.krelay.de/en/ theory and he is absolutely right about new installs: “On newly installed Win7 SP1 systems it’s not really necessary to install the updates from the list above; it’s sufficient to install any of the current Windows Update Clients (December 2015 or later) from the table below. But since the updates from the list will be installed automatically anyway, it doesn’t matter if they’re installed manually beforehand.”

This is what was installed by me:
KB2533552 – this is the stack update fix for Service Pack 1 (not mentioned by Dalai but mandatory to fix SP1 – my addition)
KB3138612 – Windows Update Client March 2016. The trick here is to supersede what WU would install first – Windows Update Agent 7.6.7600.320 – which is one of the patches breaking WU, useful when it was originally released, now obsolete, causing issues. Microsoft should update their servers and not offer this old agent anymore. WSUS offers it too.

This is the absolute minimum for a clean install of Windows 7 with SP1.

However it is useful to go ahead and manually install the patches mentioned by Canadian Tech here http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c and inspired I believe by Dalai’s site and the posts here on askwoody.com
Those are the well known patches KB3020369 – Stack update which updates KB2533552 and KB3172605.

Reply | Quote

I think you’re right.

See my post: https://www.askwoody.com/2016/the-windows-update-takes-forever-problem/comment-page-4/#comment-96834

Reply | Quote

It is asking me for a user name and password, it looks like the admin portal.

Reply | Quote

Yes, uninstalling any of WU clients (rolling to previous version) will wipe the database DataStore.edb including History, and WU will need to rebuild it

Reply | Quote

I have not installed any of the “fixes” which may have helped to speed up the checking for updates process. I have been content to let WU automatically check for updates thru out the day and night. I usually get the updates when I log on to the PC in the morning. This has been satisfactory for me until MS fixes this problem for real. Except for Window Defender updates, I wait for Woody’s defcon status to give the all clear. I do, however, install the WD updates. Today, it took perhaps 45 min to download and install the latest WD update. You could assume that MS continues to drive us Win 7 users to 10 by making 7 less and less workable, except that from what I read on askwoody, Win 10 is no update picnic either.

iPhone 13, 2019 iMac(SSD)

Reply | Quote

Woody, when I click on your link, https://www.askwoody.com/wp-admin/post.php?post=8300 it sends me to a login page which asks for a username/email address, and a password…

Reply | Quote

I get a request to login when I click your link Woody.

Are posts not available for viewing unless users create an account? I don’t see an option to do the latter either.

Reply | Quote

Everything on this site is wide open. I posted a bad link. Hang on.

Yeah. I posted a link to the editing system. Sorry. I think it’s fixed now.

https://www.askwoody.com/2016/the-windows-update-takes-forever-problem/comment-page-4/#comment-96834

Reply | Quote

My bad! I got mixed up working in the editing subsystem for the site.

Here’s the correct link:

https://www.askwoody.com/2016/the-windows-update-takes-forever-problem/comment-page-4/#comment-96834

Reply | Quote

My bad. Correct link is https://www.askwoody.com/2016/the-windows-update-takes-forever-problem/comment-page-4/#comment-96834

Reply | Quote

>There is middle ground though, for those who do
>not trust the CURRENT Microsoft, then Never check
>for updates is the way to go.

I couldn’t have said it better. And experience is showing that it’s viable.

Right now I have Windows 7 and 8.1 systems that run perfectly under heavy load for as long as needed (e.g., 16 days uptime right now without problems since the last install-initiated reboot). These systems, used as we do here, don’t have any problems.

I have not updated Win 7 since May and Win 8.1 since June.

I do have a security environment here that is quite tight, so I really don’t need up-to-the-moment Microsoft security updates. We haven’t seen a hint of malware in decades. My systems just don’t visit ad/malware sites, and the users are trained in good computing hygiene.

So… I see no need for further updates to my older systems from the current Microsoft, who have proven that they aren’t interested in supporting ongoing computing with older systems, and are starting to prove that they’re no longer competent to do operating system work.

We haven’t yet found the need for a new system, and since the hardware is fairly new and quite powerful, I don’t anticipate one for a while. In the coming years – assuming Windows 10 isn’t going to get any better – we will necessarily be evaluating alternatives to Microsoft entirely.

-Noel

Reply | Quote

I hate that expression: “My bad”. Why do people insist on ruining the English language. It’s not as if the word “mistake” is so difficult to spell.

Reply | Quote

Ooops. Sorry. My bad.

🙂 🙂 🙂

(I think English is morphing. I’ll have to axe someone.)

Reply | Quote

That’s OK Woody we’uns knowed what ya mean.

Reply | Quote

Person A contends that M$ does not always know what it is doing when it provides updates.

Person B says that if you don’t trust M$ at all, user another product.

Did Person A say that?

Classic straw man argument.

Reply | Quote

@Noel The argument in favour or against the Windows Security updates is in some ways similar with the argument against vaccines. Most people which do not get vaccinated, never get the diseases against which are supposed to be protected. Some people argue that they get protected because everyone else who takes the risk and vaccinate in the community is protected. This seems to be Microsoft’s argument to push automatic updates in particular to less technical users, in order to protect the Internet as a whole and is very likely why they can get away with this action.
I have seen servers with no patch at all, only the gold image, running for more than 500 days and never getting infected. Those servers are not directly exposed to the internet and sit behind firewalls, so there is a certain level of protection involved, although not optimal. Is it good practice? Hardly.

Reply | Quote

Thanks. It looks like KB3172605 supersedes KB3138612 as suggested by the KB documentation but this is not reflected in the metadata for each of the two updates. If this is indeed the case, then the best approach is the one in Canadian Tech post on Microsoft Answers and mentioned by abbodi86 to install only the later client KB3172605 and skipping KB3138612 as being obsolete.

Reply | Quote

MSE updating is getting really hard these days (when delaying security updates)

Some strange issue with display theme after downloading ONLY MSE update from windows update (because MSE auto update fails after delaying security updates for a while.

Tried to restore back to 26th when it was updated and there was a corrupted file on C that required a chkdsk.

That went through OK and seemed to fix themes somewhat – tried to update only MSE today from windows update and got WindowsUpdate_80246001″ “WindowsUpdate_dt000 error.

I’m not going to go chasing fixes until I see what happens when defcon 3 arrives.

Windows sure is becoming hard work :/

Reply | Quote

The latest Windows Update Client 7.6.7601.23453 is still running fast.

http://support.microsoft.com/kb/3172605
http://www.microsoft.com/downloads/details.aspx?FamilyId=bda43604-eff9-4539-afab-556eeb7e6b78

It’s in both the June rollup KB3161608 and the July rollup KB3172605 same version in both.) (July’s has June’s updates in it, but the August rollup only has August’s.)

There were some press about issues with it, so I’m sure some people probably just avoided it without even testing if those issues affected them. The good outweighs the bad, so you should try it out.

Note:
KB3172605 has a prerequisite: KB3020369 (April 2015 servicing stack) http://support.microsoft.com/kb/3020369

Reply | Quote

KB3138612 brother in win8.1 KB3138615 is now officially superseded by rollup KB3172614
http://catalog.update.microsoft.com/v7/site/ScopedViewRedirect.aspx?updateid=61cfb47f-bb84-4b09-a833-533718f27d58

i wonder why they didn’t do the same for KB3138612

Reply | Quote

That’s weird. I have no idea. And it happened a long time ago!

Reply | Quote

Yep, that’s the method of choice, proposed by Canadian Tech at

http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c?page=1&auth=1

I’ve been slow to verify it, but apparently my old objections have been accommodated. I’ll be updating this on InfoWorld shortly.

Reply | Quote

KB3172605 is currently in the Optional category. I don’t think it is usual, at least for Windows 7 /2008 R2, to have Optional updates superseding Important updates. Probably after promoting KB3172605 to Recommended or Important, then the metadata will be updated to reflect the superseding.
KB3172605 will likely not be promoted beyond Optional until the outstanding issues with Intel Bluetooth will be considered resolved. This indicates to me that this patch is in a kind of pre-release stage (Optional status, although its importance would assume a more elevated status).

Reply | Quote

KB3172605 is still under Optional and is a recent update. I would suggest to wait few more days/weeks until the next revision although it is probably OK as is.
Until then, the safe Windows Update Client update is in KB3138612.
The results are the same. Dalai provided the information here http://wu.krelay.de/en/ and I confirmed it through testing not long ago.

Reply | Quote

Have to admit that I think it’s awful too. Mea culpa for me… assuming we need an alternative to ‘my mistake.’

Reply | Quote

A lot of people have written on that Answers post that they had success with the method spelled out on that posting. I should say that there are 3 others who contributed to it. TrashZone, ElderN, and VolumeZ.

I believe the people who have had failures are the ones who did not follow the directions precisely. A lot of people have wrestled with this and have tried any number of “cures” resulting in a badly messed up Windows. One of the most common causes of the mess is impatience.

I have used it in at least 60 computers in the last couple of weeks and it works every time. Even for re-builds.

Who knows what September or October will bring, but for now, this does it well.

CT

Reply | Quote

Heh heh. Your argument tacitly assumes that Microsoft’s “vaccination” is somehow effective in light of all the other means in place to prevent infection.

AND it assumes Microsoft’s newer patches never open new vulnerabilities. Don’t forget, these are the same people who put in the vulnerabilities in the first place.

That’s too simple a viewpoint.

It’s a bit like issuing a BB gun for going to war. Would I be safer going to war with or without a BB gun? Perhaps it could matter – IF I had no other weapon AT ALL. But if I already have a battalion of tanks, an infantry, a mine field, and a Howitzer the BB gun is pretty much irrelevant.

Microsoft’s out-of-box “security” is an absolute joke. Not only did they release insecure software to start with, but pretty much any user could beef up their security by 10x using only passive means, and another 10x by being smarter about using their system.

The techniques are easy and well-known, yet somehow the world is still installing Windows systems (yes, even Win 10 is getting infected) that fall over in a light breeze.

The answer to getting more from your computing gear is not to add more software or more poorly tested patches.

Educate users not to make a habit of trying to bring malware into the secure zone, check at the gate to be sure they haven’t made a mistake, don’t try to run malware that might somehow get past the outer layers, block all software from calling out unless pre-approved, do audits, etc. and it really doesn’t matter if a browser buffer overflow or use of a deleted object could allow an attacker to gain some control.

-Noel

Reply | Quote

What happened to the KB3177725 alternative? Not long ago, that seemed to be the recommended fix (Intel now has a fix for the Bluetooth problem caused by that patch).

It appears likely that neither KB3177725 nor Canadian Tech’s solution will solve the slow update issue after September Patch Tuesday, so the merry-go-round presumably will start up again then.

Reply | Quote

Actually “axe” is older, ask is newer! Axe has made a come back, so are we regressing?

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

My Win 7 WU still works the way it always has but I have never sat and waited for the new updates to appear. Within a day or three after new updates come out, I’ve got them. Then I hook up my backup hard drive and if it doesn’t update the list with the new, I click on the “Check for Updates” in WU and they usually come up within 3 days. But I don’t sit and patiently wait for them. I don’t need to, but I guess there are those that do need to get them quickly. To all of those, you have my sympathy.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

@Woody: Does this mean that those who have installed the KB3177725, per Dalai’s instructions successfully will continue to be able to get the pending updates for August?

I’m confused by the new information provided by Canadian Tech.

Thank you for your help, as always. 🙂

Reply | Quote

I’ll have an article tomorrow morning – but the best advice is to install Canadian Tech’s approach.

Reply | Quote

Got me. I used to love reading William Safire’s columns and books.

Reply | Quote

By then, we’ll be on a completely different merry go round.

Reply | Quote

My post was meant to say that it is a matter of good practice to wait until at least Optional updates have passed the test of time.
It is one thing to have something implemented by you who are a pro or implemented under your supervision and something else to recommend a less tested update to the wider public.

Reply | Quote

The Canadian Tech’s solution works very well for new installs or all systems well maintained and patched correctly and not with a random selection of patches, regardless of criteria.
KB3177725 is just a hack to get the poorly updated systems back on track. This is why it keeps changing every month. Once a system is up to date, there is no further need of those hacks, because it updates itself correctly every months.
At minimum, all systems should have ALL Important updates installed. The Important updates do not include Recommended and Optional, although in most cases it is highly desirable to have those installed too, but not based on random selections, as this is what causes issues with supersedence.

Reply | Quote

All five Win7 computers in my household are up to date with “important” updates, but (per Woody’s Defcon system), no August updates have been installed on any of them. And WU (plus MSE) show the usual problems.

I have not tried Canadian Tech’s solution, but on his Microsoft Answers page, he writes that “We know for certain this works well for August 2016 until the September 2nd Tuesday, known as Patch Tuesday. We hope to be able to update this for September.”

So, at this point, it’s not at all clear whether Canadian Tech’s solution is (semi) permanent, or just a “hack” akin to KB3177725, in which case another fix will be required in September. In the latter case, why should it be preferred over KB3177725?

Reply | Quote

It looks like it’ll work – but nobody really knows for sure. And all bets are off in October.

Reply | Quote

@Marty

It is very good practice to have all Important updates up to and including July 2016 as per Woody’s MS-DEFCON. This is what I meant by “up to date”.

This is some background for a better understanding of the 2 patches which have different effect, both useful in their ways:

KB3177725 is a Security update https://support.microsoft.com/en-au/kb/3177725
Its effect is to shortcut svchost.exe (Windows Update client) and reduce the calculations which it needs to perform. If you have it installed, then you have nothing else to do.

KB3172605 is the July rollup update, part of which include an update for KB3138612
https://support.microsoft.com/en-au/kb/3172605
Its effect is to update the obsolete patch still offered by Microsoft named Windows Update Agent 7.6.7600.320 and which creates most of the Windows Update problems.
KB3172605 is probably OK, although it still Optional.
If for whatever reason you are reluctant to install an Optional recent patch, my guess is that instead you need to have KB3138612 which is safe and from March 2016.

I have the Optional patch installed, a lot of people have it and if Woody updates his advice to have it installed, please go ahead and do it.

In summary, please install BOTH KB3177725 and KB3172605.

Reply | Quote

… and KB3177725, as they are not mutually exclusive.
Canadian Tech’s approach is in fact to bring an early update to Dalai’s advice to install KB3172605 instead of KB3138612.
Dalai will probably update his advice soon, although this is not urgent. Dalai’s advice is still very good and sufficient advice.

Reply | Quote

Noel, you are absolutely right. Only that there is hope that newer updates patch security holes which are already known and not everything, as this would be difficult. People these days are not asking for quality but for quantity and low price. And here is the result. Engineering created on the go. I am wondering when the airplanes will be designed in this way with a new model every few months what will happen? There has not been a major virus outbreak in a while and I think you were around in IT when Nimda and Code Red attacked systems vulnerable on port 445 (SMB) if I remember well. Those vulnerabilities were well-known for many months and patched systems without any antivirus were not affected. Antiviruses were only treating the symptom, i.e killing the secondary process triggered by the worms after which the cycle continued with a new process created and so on.
Sorry, but I don’t really trust firewalls and antiviruses and this is the early approach taken by Microsoft too. I use them though probably just to do what almost everyone does. Are they the passive systems that you mentioned in your post?
Educating users to use common sense is the best approach, but does it work in the real world? As far as I know, many if not most effective attacks against IT systems are still based on Social Engineering and not so much on technical attacks against unpatched systems.

Reply | Quote

Windows 8/8.1 never had the WU inconvenient search issue, so nothing intentional in my opinion 🙂

but for sure they could solved the issue months ago
they either didn’t care to investigare it due W10 upgrade campain, or deliberately didn’t want to push the fix

Reply | Quote

People tend to get paranoid when they cannot explain something, but large companies do not and cannot operate this way. There are just too many people involved. A large company cannot intentionally break things. They can ignore a known fix which may have the same result, but legally this is in a completely different category.

Reply | Quote

Hi Woody,

There seems to be a problem with the Subscriptions Manager. After clicking the link which was sent to me by email, it just takes me to a page with the following text:

“You have requested to manage your subscriptions to the articles on AskWoody. Follow this link to access your personal page:”

However, there’s no link to click anywhere and the rest of the page is blank. I tried hitting CTRL+A to see if there was anything hidden in the blank part, but nothing shows up.

Reply | Quote

Oy. Looks like a WordPress issue. Could you forward me the email? woody@askwoody.com Thanks.

Reply | Quote

@ch100, thank you for the response, and for the advice. The 64-bit question is whether KB3177725 and KB3172605 will fix the slow WU problem after the Win7 September patches are released. I guess we’ll know the answer to that in about two weeks.

Reply | Quote

@ch100: Thank you for all of the advice you have posted to Marty, and others.

I have everything on Dalai’s list. I already had all of them installed already, except KB3177725 which I installed on August 23rd. That solved the “problem”.

Now I am seeing a recommendation to install KB3172605. I do have this one, however it is in the hidden list, and I do not know if I can unhide it and install it from there safely or not. (Perhaps after waiting a few days or more ?).

KB3020369 was already installed quite a long time ago.

My apologies for asking this question, however there are some who visit this site who are not only “elderly”, but “very elderly”, and have nave never had any help or guidance with computers.

Thank you once again for the very detailed and knowledgeable advice you provide. 🙂

Reply | Quote

Not to worry. Wait for the MS-DEFCON level to change, and I’ll have full instructions.

Reply | Quote

@Woody: Thank you very much! 🙂

Reply | Quote

Unfortunately, the KB3172605 still kills Intel Bluetooth and the new Intel drivers give me blue screens on boot. Lenovo has not released a Lenovo specific fix yet for the dead Bluetooth, referring you to the Intel fix. Not good.

That is my biggest fear about the cumulative rollup strategy. I will move to the WU Catalog Security ONLY updates strategy.

Reply | Quote

Woody:

I just bought a refurbished Lenovo laptop with Win7 Pro-64. It is going to be an Ubuntu (or other Linux distro machine), but I decided to take the opportunity to get the Windows install up to date and then use an SSD for the Linux. I checked the WU last update on the machine, and it was imaged with the last update dated May 2016.

I went into the MS Update Catalog and downloaded all the speedup files and the most recent Update client listed on Dalai’s site http://wu.krelay.de/en/. I tuned off the wifi radios to avoid the WU searching the web and started with installing the WU client which installed quickly. I rebooted and decided to see if it would find the new updates and turned on the wifi and reset the power mode to always on and let it rip. After 6 hours, NOTHING. The MSE updates also were a bust, something I heretofore did not find related to WU.

I went back to square one, turned off the wifi radios, and decided to install the other speedup fixes and the kernel updates. Some of the updates were already on the machine, on said it was not applicable, and some of the others installed OK, but a few, including KB3177725 just keep WU standalone installer grinding (2 hours) with a searching this machine for updates dialog. I suspect a dependency for other updates not yet installed.

I considered installing KB3125574, the “Service Pack that is not a Service Pack,” but am concerned some of the patches that broke things in the past or the telemetry patches would then not be removable individually, and the majority are already on this machine.

As this was not bought to be a Win7 machine, I guess I should just blast the Linux distro on the HDD, but this laptop has a provision for a second removable HDD caddy in the DVD drive slot and I was considering a true dual boot on separate drives. The laptop has an i7 processor, a 7200 rpm HDD, and 8GB of ram and is really fast with the Win7 boot, but the Ubuntu 16.04 linux boot is like lightning and in live USB testing has not shown any glitches or non-working features.

Time to decide if MS has won and just turn off updates permanently and use MSE and Malwarebytes in the dual boot, or follow my initial plan and go Linux only. I just know NEVER 10, and I will never reward MS for killing WU with user choice as we knew it in order to deliver commercials via OS. I also suspect the IE11 on this machine is the Bing IE11, as going to the MS site flooded me with ads for Win10 and Office 365 – a situation I do not get on my other Win7 Pro machines.

Reply | Quote

Right now, your best bet to speed up Win7 check for updates is Canadian Tech’s approach:

http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c

Reply | Quote

Many thanks. I did exactly as suggested by the article (except for KB3172605) and the manual updates installed fast. The key was stopping Windows update in the Services.msc panel, after turning off wifi.

I am considering trying the KB3172605 although I know it is one of the Intel Bluetooth killers at least on my newer Lenovo laptop. If I do I would then try the WU and then uninstall the patch, if it also kills this older Lenovo Laptop.

However, I am now doing a scan for updates sans patch. I find after doing the older recommended processes that the CPU is working on both cores (and even some of the virtual cores) so ‘maybe’ it will happen.

Reply | Quote

Just an update. It took 3 hours and returned 24 security updates and 8 optional updates including KB3172605. I hid that one for the time being.

When the install of the security updates finishes, I will see how long it takes to see if there are more. Maybe I can dodge the BT bullet. 😉

Reply | Quote

Good Day Woody,

Faced with performing fresh installations of Win 7 SP1 on a few machines (utilizing the OEM set of DVDs, after reformatting the system drive) can you steer me to a comprehensive list of which updates to install (including their proper order), or which ones to exclude (such as an update to #18 at https://www.askwoody.com/2016/microsoft-just-released-kb-3138378-and-3140245-for-windows-7/comment-page-1/#comments)?

Also, would it be necessary to download and manually install any of the various “speed-up” updates first (and do they require installation at particular points in the updating sequence)?

As always, many thanks!

Reply | Quote

You’re going to want the speedup posted by Canadian Tech

http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c?page=1&auth=1

After that, I don’t really have a blocklist of “bad” patches. Now that the Get Windows 10 campaign is over, it’s likely that most people will want to block snooping patches – but I have no idea (nor does anyone!) which patches increase Microsoft’s ability to snoop.

There’s a list here that you might want to cross-reference with the lists others have posted on AskWoody

http://forums.mydigitallife.info/threads/64561-Remove-Telemetry-and-Windows-10-Related-Updates-from-Windows-7

The only one I’ve seen mentioned time and again as being a “bad” patch is the first one on the MDL list: KB2952664

Reply | Quote

Woody published a bit some months back that said that MS had not published a single update to Windows 7 that actually improved Windows 7 in any way — excluding of course Security patches.

Ever since then I have followed the policy that any update (not labeled security in the Windows section of the list) is not desirable unless it had a birth date before 2015.

For regular month to month updating, my clients have Windows Update set to Never and right-click on those that are not desirable and choose Hide. We have been doing this for close to a year now. About 150 client Win7 computers.

On re-installs, I do much the same. Check the issue date of each update (again not labeled security in the Windows section). If the date is later than 2014, I hide it. This has worked for me for nearly a year without a single hitch.

I am in the process of working on a new PC as I write this. I have followed the process I just described. I used the same process I described in the thread Woody referenced as well.

CT

Reply | Quote

“…large companies do not and cannot operate this way. There are just too many people involved. A large company cannot intentionally break things.”

That just isn’t true.

Reply | Quote

@AJ North

Follow Woody’s current advice by the letter and you will be fine. Ignore any other advice if you don’t want to end up with broken Windows Update.

Reply | Quote

@Xircal, it is cathartic for me to read your post – prior to it, I’d never seen or heard a bad word said about that phrase, but I totally agree with you. I can’t stand it. I had a stint out of the country for several years a few years ago, and when I returned, I heard and read everywhere this new utterance “My bad”.
I had to ask someone what it meant and where it had come from [thinking it must have been taken from a moment of national import or muttered (seemingly ungrammatically) by a famous person in a tight spot whose microphone was inadvertently left on or something, because I can’t see anything else to recommend it]. I think someone explained to me that it was popularized by Ashton Kutcher on a sitcom or something, I don’t remember. Pshaw.
🙂

Reply | Quote

I have a question — sorry for the longwinded nature of it.

Background: I have Win 7 and since May 2015 I’ve steered well clear of the telemetry and get-win-10 updates, but I have otherwise installed all the updates that Woody/Susan/etc. have recommended, at least for the past 18 months (prior to that, I had always let Windows Update do whatever it wanted).

I know that Woody wrote above that he intends shortly to publish an article on InfoWorld about what to do in this first week of the month about August’s updates, prior to September’s “Patch Tuesday” next week,
but I have a question about what I should do *now* about _July’s_ updates.

The last time I did any updates was in the first week of July, in order to capture the June-issued security updates.
I decided at the time not to update between then and now because I wanted to be extra-cautious during the passing of the get-win-10 deadline, and I half-expected them to unleash some kind of new ‘gotcha’.

I do want to update now, to install the valid and approved security updates that were issued in July (and of course that were issued in August).

For May and June’s updates, I followed the manually-install-one-magic-update-prior-to-going-to-windows-update-in-order-to-speed-up-the-process procedures.
I would rather stick to doing that — just using the one “magic” speeding-up update, as long as it is possible, rather than install a big roll-up patch of several updates, most of which are unnecessary for my computer. (I understand that such a big roll-up patch with various odds-and-ends in it was offered as a part of July’s updates and possibly also one was offered for August’s updates.)
But I think I recall reading here that July’s updates did have a standalone “magic” patch that some people applied, rather than going with the roll-up patch.

I will be happy to read through all the blog posts and comments left here between the first week of July and the present moment in order to see the exact steps of what I should do,
so I’m not asking anyone to summarize the whole nine yards for me now; I know that everything would have been covered here earlier, in posts and comments, by the people who went through the updating at the time.

However, I do want to ask one question, the answer to which will help me know which initial path to choose:

Path 1:
1a. In the next day or two, should I endeavour to install only the July-issued security patches, using one of the procedures that people on AskWoody followed/recommended four weeks ago after Woody changed his DefCon rating for the July patches,
1b. Then, with the July updates on my system, after a few more days pass this week, after Woody changes his DefCon warning for August’s patches, I can install August’s patches using one of the procedures that people will recommend here as safe,
– OR –
Path 2:
Should I do nothing now about the patches that were issued in the month of July, and simply wait a few days more this week, until Woody changes his DefCon warning for August’s patches, and then, using whatever magic-W.U.-hastening trick seems to be working at this moment in time (it appears that Woody is leaning towards promoting CanadianTech’s process for that), should I attempt to install *both* July’s and August’s trustworthy security patches at the same time?

Thank you. 🙂

Reply | Quote

I don’t see any huge reason to install the July updates right now. There weren’t any show-stopping security holes covered.

Reply | Quote

I first heard it from my #1 son, several years ago. I tend to use it in a fanciful way.

Some other new linguistic quirks drive me nuts. “Disrespect” as a verb. The phrase “going forward.” The term “seamless.” How everything is a “paradigm.”

Reply | Quote

Thanks everyone; much obliged!

Reply | Quote

Can I shut down safely when updates are stuck or slow on Windows 7 I was always told not to

Reply | Quote

I updated Oct 11th and will apply canadian tech fix

but wonder what is next even if I apply Canadian tech fix I trust being a Canadian;

Reply | Quote

Please read my posting. It has been updated:

http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c

CT

Reply | Quote

Anita, Best advice is to not shut down. Take off sleep settings and just let if run.

CT

Reply | Quote

Ok thank you. Now that I will apply the fix,(none, stop updates etc.) found my 64 bit, those links for updates, do I just click on them or put them in my url (sorry a bit of a granny here:)

Reply | Quote