MS-DEFCON 4: Time to get the July 2019 patches installed

Topic

New Reply

There’s some important new information for those of you installing Security-only patches for Win7 and Server 2008R2, and there’s an unconfirmed report[See the full post at: MS-DEFCON 4: Time to get the July 2019 patches installed]

7 users thanked author for this post.

walker, Lori, Morty, SueW, geekdom, fernlady, abbodi86

Reply | Quote

Replies

I know the Computerworld article is coming soon, but I was checking Windows Update on my 8.1 PC & noticed a Security Intelligence Update for Windows Defender (Version  1.299.1095.0). On the Update tab for Defender, my current version is 1.299.867.0. Clicking on ‘More info’ in WU, I get this page: https://www.microsoft.com/en-us/wdsi/definitions. Should I just click on the “Update definitions” button in Defender, or do I need to download from the webpage?

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

2 users thanked author for this post.

Sparky, Bluetrix

Reply | Quote

[warrenrumak]

You can hit ‘Update Definitions’ if you like, but you don’t have to.  It’ll take care of itself.  Microsoft produces updates to their antimalware definitions 10+ times a day… substantially faster than most systems will stay up to date.

Your “1.299.867” definitions are maybe 2 days behind.

You can check the Windows Event Logs to see when definitions are installed, to get a sense of how often it happens.

 

• This reply was modified 5 years, 7 months ago by warrenrumak.
• This reply was modified 5 years, 7 months ago by warrenrumak.

2 users thanked author for this post.

Bluetrix, WildBill

Reply | Quote

WildBill wrote:

Security Intelligence Update for Windows Defender

Security Intelligence Update for Windows Defender is Microsoft’s new name for Windows Defender updates.

4 users thanked author for this post.

Myst, Sparky, WildBill, woody

Reply | Quote

[Sparky]

That must also include MSE for Windows 7.
As of 7/30/19 the MSE definition name changed to Security Intelligence Update. Unless Windows Defender and MSE are one in the same?

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

• This reply was modified 5 years, 7 months ago by Sparky.

1 user thanked author for this post.

Morty

Reply | Quote

Thanks for the reminder, Woody. For once, I’m not going to miss the opportunity to update during Defcon 4!

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

WildBill wrote:

Should I just click on the “Update definitions” button in Defender, or do I need to download from the webpage?

As @warrenrumak suggests, Windows Defender updates itself outside the realm of WU, as it should. It’s the only update from MS that I do not have blocked.

A recent (April 2019) article on setting WD to automatically update can be read here at thefreewindows.com web site. That auto solution will show in tasks, if you don’t want it to show (work in the background) another page on the same site shows the same process making it hidden.

I don’t rely on Defender to protect me, but see no reason not to have it updated in the background just the same.

HTH

Reply | Quote

i think, i’ll only install ie and office patches for win7 and 8.1, skipping “security” updates for windows… let’s see, if august patches also have this telemetry bull***t built in… if so, then i’m definitely group w.

ie updates still cumulative, i assume, so i only need KB4510979 (skipping KB4507434), right?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

honx wrote:

i think, i’ll only install ie and office patches for win7 and 8.1, skipping “security” updates for windows… let’s see, if august patches also have this telemetry bull***t built in… if so, then i’m definitely group w.

ie updates still cumulative, i assume, so i only need KB4510979 (skipping KB4507434), right?

Yup, same! Had enough.

Nice to retain control of my own PC.

Reply | Quote

Yes, this seems like a reasonable option since we haven’t heard of any show-stopping security issues that this month’s patch is supposed to fix.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Reply | Quote

I’m not installing that July 2019 “security only” update and also I’m not bothering with the July IE update this late either as the IE updates are cumulative anyways! So for now  I’ll just wait for the Aug IE and the Aug Security Only update and see if that’s also infected with any MS telemetry.

I’ll continue to avoid any and all Security Only Updates that have anything extra hidden inside that has no business being there. MS really needs to stop with the nonsense and it’s really tempting to just forget about any further patching anyways but any more of the same from MS with any “Security Only” nefariousness  and not patching 7 anymore will become the rule long before Jan 2020 arrives.

Reply | Quote

If my memory serves me well, Woody said a while back that Security Only, Group B, Windows Updates are not cumulative and must be installed every month in order.  So I don’t think you can skip the July S.O. update and then install the August S.O. update.  I think this applies to the IE S.O. updates too.

I’m pretty sure I’m remembering this correctly but if not, someone please correct me.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

The SOs are not cumulative, they are individual.
So you can skip any one your want to skip, HOWEVER, when you do, you skip the security fixes it contains.
You won’t get the fixes next month of the next month.
So if you need the fixes, you have to go back and install the SO you skipped.

2 users thanked author for this post.

Lori, Charlie

Reply | Quote

have not touched win7 updates yet, updating win8.1 notebook right now.

“update for microsoft filter pack 2.0” (kb3114879) is “important” and checked. can i install it? i skipped it last month, installing june patches. i’ll install all three other “important” and checked security updates for office 2010 (excel kb4464572, office kb4462224, outlook kb4475509) and of course defender and msrt.

and there is a new “important” and checked .net rollup, is it clear to install?

 

Fortunately, there are ways to circumvent the telemetry, or at least minimize it. Details following.

will there be a separate article which contains step by step instructions?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

The July Windows 7 patches have been given the go-ahead if you are Patching Group A.
The Group B people have to make a choice about whether or not to install the Security-only patch, but other than that the July updates have the go-ahead.

 

2 users thanked author for this post.

Morty, walker

Reply | Quote

PKCano wrote:

The July Windows 7 patches have been given the go-ahead if you are Patching Group A.
The Group B people have to make a choice about whether or not to install the Security-only patch, but other than that the July updates have the go-ahead.

 

i asked regarding deactivating telemetry if i decide to install that contaminated “security” patch for windows 7.

Fortunately, there are ways to circumvent the telemetry, or at least minimize it. Details following.

will there be a step by step instruction available for this case?

and what about “update for microsoft filter pack 2.0” (kb3114879) and .net rollup? both are “important” and checked (at windows 8.1 at least, still haven’t touched win7 updates)…

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

honx wrote:

i asked regarding deactivating telemetry if i decide to install that contaminated “security” patch for windows 7

Try AKB2000012.

honx wrote:

and what about “update for microsoft filter pack 2.0” (kb3114879) and .net rollup? both are “important” and checked (at windows 8.1 at least

The June and July patches have the DEFCON 4 approval with the exception of the Win7 SO which requires the user’s choice.

2 users thanked author for this post.

Elly, walker

Reply | Quote

thank you so much for this info… the Woody on Windows Defcon 4 article just said this can be done, bit the links embedded in the article didn’t say HOW to do it.

Reply | Quote

[EP]

UH-OH woody!

Remember KB4023057? It’s baaacccckk 🙁

https://borncity.com/win/2019/08/02/windows-10-compatibility-update-kb4023057-08-01-2019/

https://news.softpedia.com/news/microsoft-re-releases-the-notorious-windows-10-update-kb4023057-526931.shtml

you may need to revise/update your recent article from Computerworld and include info about the newly revised KB4023057 update and how to hide/block it

• This reply was modified 5 years, 7 months ago by EP.
• This reply was modified 5 years, 7 months ago by EP.

2 users thanked author for this post.

KP, woody

Reply | Quote

Oh gawd. Not again.

Anybody who sees KB 4023057 should follow the discussion and advice here:

https://www.askwoody.com/2019/microsoft-re-re-re-releases-kb-4023057-the-update-to-win10-1507-1511-1607-1703-1709-and-1803-for-update-reliability/

It’s now being pushed to 1809 as well.

In short, you probably don’t want it.

2 users thanked author for this post.

Lori, Berserker79

Reply | Quote

I like to call this update the paver 😀

Reply | Quote

I also ran WUShowHide and saw it.

Please also see post #1901247 below.

Reply | Quote

Is there any evidence of telemetry c*** in the 8.1 security-only July patch, or is it just in Win7?

Reply | Quote

Not in the Win8.1 Security-only patch.

2 users thanked author for this post.

Lori, GWL894

Reply | Quote

Is there any way to tell if its ok to skip the .net rollups?

Reply | Quote

You can skip any patch, but in doing so you skip the quality and security fixes they contain.

Reply | Quote

PKCano wrote:

honx wrote:

i asked regarding deactivating telemetry if i decide to install that contaminated “security” patch for windows 7

Try AKB2000012.

honx wrote:

and what about “update for microsoft filter pack 2.0” (kb3114879) and .net rollup? both are “important” and checked (at windows 8.1 at least

The June and July patches have the DEFCON 4 approval with the exception of the Win7 SO which requires the user’s choice.

i’d rather wait for something more current, regarding this contaminated july patch.

on windows 8.1 i’m installing all important updates right now (except that group a patch).

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

honx wrote:

i’d rather wait for something more current, regarding this contaminated july patch.

There is an ongoing discussion about the telemetry here

Is 4:00am Friday, Aug 2 (today) current enough for you?

Reply | Quote

PKCano wrote:

honx wrote:

i’d rather wait for something more current, regarding this contaminated july patch.

There is an ongoing discussion about the telemetry here

Is 4:00am Friday, Aug 2 (today) current enough for you?

that is a bit too complicated for me to follow, it seems to need a monitoring software and tampering in registry as far i have read. like already announced for the time being i’ll only install ie and all other important checked patches and stay put regarding that malware patch.

btw. on windows 8.1 i also installed that 2019-07 servicing stack (kb4504418)… does windows 7 also await a new servicing stack for july?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

The latest Win7 Servicing Stack KB4490628 was released with the March Patch Tues. updates. You will need that. See if you have it installed.

You will also need the SHA-2 update KB4474419 if it’s not installed.

1 user thanked author for this post.

rexr

Reply | Quote

[honx]

PKCano wrote:

The latest Win7 Servicing Stack KB4490628 was released with the March Patch Tues. updates. You will need that. See if you have it installed.

You will also need the SHA-2 update KB4474419 if it’s not installed.

okay, that win7 march servicing stack i installed along with march updates.

regarding my post history i also already installed kb4474419: 😀 https://www.askwoody.com/forums/topic/ms-defcon-4-its-time-to-get-windows-and-office-patched/#post-347990

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

• This reply was modified 5 years, 7 months ago by honx.
• This reply was modified 5 years, 7 months ago by PKCano.

Reply | Quote

Just a heads-up to report that today on my Windows 10 1803 Home machine I was offered a new KB 4023057 update (2019-08). I suppose this update was released after woody changed the MS-DEFCON level to 4, so anyone on 1803 trying to avoid KB 4023057 better keep your eyes open when installing the July patches.

1 user thanked author for this post.

woody

Reply | Quote

I had to restart my 1809 after installing a new update for Intel 630 GPU and got the notice regarding July updates.
installed .Net KB4507419
installed CU KB4507469
installed .Net KB4503864
installed MSRT KB980830

Didn’t get Servicing stack KB4512937

Reply | Quote

[Alex5723]

Alex5723 wrote:

I had to restart my 1809 after installing a new update for Intel 630 GPU and got the notice regarding July updates.
installed .Net KB4507419
installed CU KB4507469
installed .Net KB4503864
installed MSRT KB980830

Didn’t get Servicing stack KB4512937

Just checked the Uninstall Updates. None of the updates just installed are on the list, however I have other updates installed on Aug. 2 :

KB4507469 (Download and install now)
KB4506998 (Cumulative Update for .NET Framework 3.5 and 4.7.2)
KB4509095 (Servicing stack update for Windows 10, Version 1809)

KB4512937 from July 22 superseded KB4509095 from July 5, yet I haven’t got it.

What a mess.

• This reply was modified 5 years, 7 months ago by Alex5723.
• This reply was modified 5 years, 7 months ago by PKCano.

Reply | Quote

after installing updates (including 2019-07 servicing stack) on win8.1 i can’t search for updates anymore. error code 8024402c.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

The telemetry issue aside, does the July Security Only patch take care of something that is particularly important and necessary? Is it likely that not installing it now will cause serious problems when installing future SO updates?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

This is what @abbodi86 says #1900967. The rest of that thread may also help to answer your question.

1 user thanked author for this post.

OscarCP

Reply | Quote

Did you know that Microsoft has disabled VBScript for IE11 in Windows 10 with July 9 CU updates ?
Microsoft is going to disable VBScript for IE11 in Windows 7, 8, 8.1 with AUG. 13 CU updates.

In early 2017, we began the process of disabling VBScript in Internet Explorer 11 to give the world the opportunity to prepare for it to be disabled by default.

The change to disable VBScript will take effect in the upcoming cumulative updates for Windows 7, 8, and 8.1 on August 13th, 2019. VBScript will be disabled by default for Internet Explorer 11 and WebOCs for Internet and Untrusted zones on all platforms running Internet Explorer 11. This change is effective for Internet Explorer 11 on Windows 10 as of the July 9th, 2019 cumulative updates.

https://blogs.windows.com/msedgedev/2019/08/02/update-disabling-vbscript-internet-explorer-windows-7-8/

1 user thanked author for this post.

abbodi86

Reply | Quote

[abbodi86]

Did you know that Microsoft has disabled VBScript for IE11 in Windows 10 with July 9 CU updates ?

No one knew
they really like short notice

• This reply was modified 5 years, 7 months ago by abbodi86.

Reply | Quote

Hey everyone, I was preparing to install the July patches (Windows 10 Home 1803 here) when I noticed something “unusual” upon running wushowhide to un-hide the July updates: the July CU for 1803 (i.e. KB4507435) has disappeared from the list of hidden updates (all I see in the hidden updates list are the July Office 2013 updates, the 2019-07 Windows Defender update, the 2019-08 KB4023057 update and the Feature update to 1903).

Assuming that WU will not automatically install the July CU for 1803 with the other July updates, should I install it (and the corresponding servicing stack update) manually by downloading the relevant files from the MS Update Catalog? Or should I just skip this CU entirely?

1 user thanked author for this post.

KP

Reply | Quote

Just installed the July updates on Win7 64bit. All installed except the Security Intelligence Update KB915597 v 1.299.1066.0, which failed with code 80070650. Windows gives no real help on that code. I tried it several times – always failed.

I’m just reporting the issue. I don’t really care, since I use Kaspersky as my primary defence.

Chris
Win 10 Pro x64 Group A

1 user thanked author for this post.

jburk07

Reply | Quote

FYI

On my 64-bit Windows 7 laptop Windows Update responded with an error code when I tried to install Security Intelligence Update for Windows Defender Antivirus version 1.299.1293.0. I subsequently opened Windows Defender and checked for updates and it updated to version 1.299.1319.0 dated August 5, 2019.

1 user thanked author for this post.

jburk07

Reply | Quote

[L95]

I have 32-bit Windows 7 and am getting the same error code 80070650 as Chris B and 280park and Anonymous (see August 5th posting below by Anonymous).  I tried the trick that worked for 280park and Anonymous,  by opening up Windows Defender and checking for updates,  but I’m not sure whether it work for me.  I tried it twice.  I don’t recall what it said on the first attempt,  but on the second attempt it said “no new definitions or updates are available”.  But there’s nothing showing up in my update history of any successful installation of Windows Defender since  July 4th.  When I look within Windows Defender  at what antispyware definition I have,  it says I have definition 1.299.1783.0.   The definition that failed to install earlier today due to Error Code 80070650 was definition  1.299.1765.0,  which appears to be an earlier definition than what I presently have.  I then did another check for Windows Updates,  and Windows Updates says “No important updates available”.   Does this mean that I have successfully installed the latest Windows Defender update even though my update history shows three failures at installing definition  1.299.1765.0,  and nothing else with respect to Windows Defender?

• This reply was modified 5 years, 7 months ago by L95.

Reply | Quote

L95-

Since opening Windows Defender to update it to version 1.299.1319.0 (which does not show up in Windows Update history), I have been successfully updating Windows Defender by using Windows Update. Shortly after your post, I ran Windows Update and again was able to update Windows Defender, this time to version 1.299.1765.0. At that time, which was several hours ago, I clicked the “More information” link that accompanied the update and the linked Microsoft page indicated that the latest version was 1.299.1791.0. Several minutes ago, I again clicked the “More information” link and the linked Microsoft page indicated that the latest version was 1.299.1798.0. However, neither Windows Update nor Windows Defender is indicating that any new versions are actually available to install.

I am not an expert, but it seems that new Windows Defender versions are developed throughout the day but are made available for installation on a less frequent basis.

Reply | Quote

For clarity, message #1906808 dated August 12, 2019 at 3:03 am was posted by me. I forgot to log in when posting it.

Reply | Quote

I’ve installed the monthly rollup KB4507449 and the .Net Framework update KB4507420 today on my main Win7 X64 Home desktop with no apparent issues. I’ll leave the other similar machine (but with 5 Office 2010 updates also on offer) for a couple of days while I see how the main machine is running.

Thanks as always to Woody and the team for all advice received.

2 users thanked author for this post.

jburk07, Myst

Reply | Quote

Update: Second machine also now updated satisfactorily, as above.

1 user thanked author for this post.

jburk07

Reply | Quote

Nine Windows 7 Pro x64 machines have been updated (Group “B”); all had four scheduled tasks added by KB4507456, which were deleted before rebooting to complete the installation.

Each machine rebooted successfully, and they appear to be running with no discernable issues; the Task Scheduler shows that the added tasks remain deleted.  The Belarc Advisor is happy (and so am I).

3 users thanked author for this post.

jburk07, Lars220, SueW

Reply | Quote

Running Win8.1 64-bit – AND WPD to minimize “snooping”.

After receiving the OK from Woody and Susan, installed the MS July 2019 ‘important’ (only) updates through Windows Update.   Before the update, WPS was set to maximum protections, including having the Microsoft Compatibility Appraiser DISabled.

After the update, WPS showed the Compatibility Appraiser ENabled, and one or more of the third party applications from Microsoft (Skype, OneDrive, Live, etc.) was re-enabled.

Reset WPD to full protection, and all seems to be well again.   No other update issues noted.

1 user thanked author for this post.

jburk07

Reply | Quote

Could you please tell us the names of the four new scheduled tasks added by KB4507456 and under what are they located? Thanks!

1 user thanked author for this post.

Kranium

Reply | Quote

Greetings. Here are the general instructions (for both Windows 7 & 8.1):

(Note: if this is your first time clearing telemetry tasks from the Task Manager, then you will encounter several more than four tasks.)

Open the Task Scheduler (click Start, then type task scheduler in the search box).

In the left-hand (white) rectangular box expand Microsoft, then Windows.

Within the Windows section of the hierarchal “tree” left-click on and delete (or disable) the following:

–>  All tasks under Application Experience

–>  All tasks under Autochk

–>  All tasks under Customer Experience Improvement Program

–>  Under DiskDiagnostic:  DiskDiagnosticDataCollector

–>  Under Maintenance:  WinSat

–>  Each task within (and under) Media Center

Close Task Scheduler.  (You’re done.)

12 users thanked author for this post.

Lori, jburk07, wavy, Marcus Weldby, David F, pinwheel.galaxy, Myst, Elly, Lars220, SueW, LHiggins, OscarCP

Reply | Quote

A post above mentions WPD — the Windows Privacy Dashboard, which is an exceedingly useful tool (portable and free):  https://wpd.app/ (Windows 7 -10).

Here is a discussion of the app by Martin Brinkmann:  https://www.ghacks.net/2018/10/10/wpd-privacy-app-for-windows-updated/ from last October (it is currently at version 1.3.1203.0, released on 2019.07.08).

As WPD does not automatically create a restore point, my recommendation is to set one before making any changes (on some systems, for example, I’ve found that one or another website may not be accessible after maximizing privacy, due to changes in the Windows firewall settings (https://outlook.live.com, for example).

3 users thanked author for this post.

Lori, SueW, Kirsty

Reply | Quote

Followed your instructions above. Win7 Pro X64. Didn’t see Compatibility Appraiser specifically. Should I be looking for that elsewhere? Please respond.

FWIW, did the following today. Installed the IE11 update, rebooted and waited 10 minutes. Installed the Security Only .Net patch for 6.1. Then installed KB4507434. Before rebooting, went into Task Scheduler and disabled all items you mentioned which were not already disabled. Had turned off  Customer Experience Improvement… ages ago. Rebooted and rechecked in Task Scheduler and nothing had been altered. Am I missing something???

For the benefit of others, turned on Windows Update and checked for updates. Hid the rollups. Hid the Malicious Software tool. Was offered and hid KB3150513. Tried to installed the renamed Windows Defender update which failed two times with code 80070650. Ran the Windows Update diagnostic tool and it failed the third time. Found complaints of this online with no resolution. Grrr… Rechecked for updates. Four Office 2010 updates were there plus the same Defender update. Installed the Office updates and closed Windows Update. Opened Defender which I don’t use because I have Kaspersky Internet Security. Ran the update from within Defender and it updated successfully to a much later version than WU had offered me. WHEW! Opened WU again and checked for updates. No Defender updates were offered. Closed WU “never check” until next update session. Such an ordeal… 🙁

1 user thanked author for this post.

jburk07

Reply | Quote

Hello,

The Compatibility Appraiser may explicitly appear in scheduled tasks under Microsoft –> Windows –> Application Experience as “Microsoft Compatibility Appraiser”; however, there are other elements that Redmond also employes.  So, if you’ve deleted everything mentioned above, even if the “MS Compatibility Appraiser” was not one of them, you’re still good-to-go.

You might also check out the Windows Privacy Dashboard, mentioned above.  (It turns out that it now has the option to create a Restore Point, which I hadn’t noticed when I posted earlier; my bad… .)

Reply | Quote

Much obliged for the reply. Just had a look and that item and one other appeared. Fairly sure previously only AitAgent was there. Just disabled them. Media Center had 4 – 5 items added. All disabled now. Will recheck the next time I start up this workstation. Hope I won’t need a wooden stake. 😉

Reply | Quote

You’re more than welcome; glad to hear that the operation was successful (and the patient lived).  You’ll almost certainly not have to repeat the operation until after the next round of updating.

(Note: you might want to use a silver stake, as it has much better conductivity… .)

Reply | Quote

Unfortunately that stake was needed. 🙁 Mid-afternoon the machine slowed to a crawl and my network settings were inaccessible. Lots of reboots and shutdowns with errors which flashed by too quickly to see. Uninstalled the Security Only update which didn’t fix it. Had to bite the bullet and do a full Windows Image and Data restore from my WD Passport Drive. Takes forever and wipes the update history from the page in Windows Update. Installed Updates from Programs & Features is OK. This happened once before 2 – 3 years ago where Firefox froze and the network access icon was b*******. Whether this was related to the steps listed above, who can say. Right now, touch wood, all is back to normal. Only lost some financial data from today which I was 90% able to retrieve because my backup was done just last PM before I started the update drudgery. Ugh…

Not sure whether I should just go Group W at this point as I need this high horsepower Zbook 17 from 2014 to run my life and essentially exist. Not sure I don’t trust Kaspersky Internet Security 2019 to protect this box vs M$. Kaspersky’s USA phone tech and remote support is 7-8/10 when I’ve needed it. Group W may just be the way to go. Hate the concept of Win10 and forced updates, particularly drivers. Have learned in the past that the latest drivers don’t play nice with older, even premium hardware.

1 user thanked author for this post.

jburk07

Reply | Quote

Very sorry to hear that.

Did you try System Restore and/or some of the built-in Windows repair tools (or use a bootable Win 7 installation DVD, or installation USB, to repair Windows)?

For future reference, there is also a way to use a Win 7 installation disc or USB to perform an in-place (non-destructive) repair:

https://www.winhelp.us/non-destructive-reinstall-of-windows-7.html and,

https://turbofuture.com/computers/Repairing-a-Damaged-Windows-7-Installation.

1 user thanked author for this post.

Lori

Reply | Quote

Other than the restore point created by installing the Office updates, the previous restore point was too old. System Restore doesn’t have a great success rate after M$ updates, at least from personal experience. Touch wood, the image and data restore from backup works as well as it did 2 – 3 years ago and was created just prior to the July updating. Am drifting toward Group W and Canadian Tech approach to Windows Updates… 🙁 TBD

Given the programs. configuration and amount of data on this workstation, am not comfortable with M$ doing the repairs. Need to speak again to the skilled I.T. tech who set this machine up. It’s been a couple of years = no news is good news. He works for a local firm which maintains hospitals, universities and Fortune 500. Curious about his take on newer workstation 17’s and Win10. His firm won’t touch consumer-grade hardware BTW.

Reply | Quote

Windows 7 Pro SP1….Installed fine= no problems.

Windows 10 Pro….Installed fine= no problems. Was not offered KB 4023057 .

1 user thanked author for this post.

jburk07

Reply | Quote

[dgreen]

Reporting in….
Installed the following updates…
KB4507449 (roll up)
KB4507420 (security quality rollup for .net)
All went smoothly.
Hid: KB4493132
MSRT have not installed this for many months.

Did note that MSE (Microsoft security essentials) has a new name now.

Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
Windows 7 Home Premium 64 bit SP 1 GROUP A
Processor: Intel i3-3240 (ivy bridge 3rd generation)
chipset Intel (R) 7 series/C216
chipset family SATA AHCI Controller -1 E02
NIC Realtek PCLE GBE Family Controller
MSE antivirus (now has a new name)
Chrome browser
DSL via ethernet (phoneline)

 

• This reply was modified 5 years, 7 months ago by dgreen.

2 users thanked author for this post.

jburk07, SueW

Reply | Quote

Installed .Net Framework update KB4507420, Monthly Rollup KB4507449 and the 4 Office 2010 patches, all in that order but running one at a time with a restart in between. Let the PC sit idle for a bit to process everything. All is fine and dandy. Thanks to those who report in with results, otherwise I might get a little nervous.

MacOS iPadOS and sometimes SOS

3 users thanked author for this post.

jburk07, Seff, Lars220

Reply | Quote

I’m going to be devil’s advocate.

https://support.microsoft.com/en-us/help/4023057/update-to-windows-10-versions-1507-1511-1607-1703-1709-1803-and-1809-f

If I’m on 10, and I’m offered that update and especially if I’m on an older feature release, why don’t I want that?  I’ve helped two people this week on 1803 (on even on Home sku) that are starting to get the alert that they will soon be out of support and they had no idea that they were feature release-less and were not getting them.  There systems were installing the normal monthly updates just fine.

 

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

As much as I hate to agree, I do understand that there are times and users that a patch to force an update -may- be necessary. I am speaking mainly about forcing an upgrade to the newer version of Windows 10.

Most of the people we know are the “Mom & Pop” of the computer world. If one had a flow chart it would be like this: does the computer start? yes/no. If yes can you: a. browse the web, b. receive emails? If yes, that’s it, done. With the possible exception of printing, that is all there is for them. Yes, we have heard of clients that complain they can not get the newest Windows 10. Basically, someone told them a new version was out and -of course- they must have the latest and greatest. “I can’t get it. It won’t download for me.” They never would had known if no one told them. Therefore, in cases such as those, yes, a patch from Microsoft to diagnose and force feed a new version onto a computer is required.

While the rest of us more technical users and helpers, follow Woody and have the same suspicions as Woody, the common “Mom & Pop” do need some assistance from the mothership to force an upgrade. I and others here prefer to wait and let the bugs get resolved, then move up. But not everyone feels that way.

Thank you Woody for having this site.

Reply | Quote

OK. I did a full backup. I ran a manual Create Restore Point. Now I’m putting on my armor and going in….

Here’s what they’re throwing at me:

2019-07 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 and Server 2008 R2 for x64 (KB4507420)
2019-07 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4507449)
Windows Malicious Software Removal Tool x64 – July 2019 (KB890830)

Hopefully, everything will still be working when I come back.

1 user thanked author for this post.

Myst

Reply | Quote

Thank Heaven! And thank you Woody and his league of superheroes.

I got through it. And this time I didn’t have to reconnect the network.

Telemetry shmelemetry. Microsoft and Google already know more about me than I do. You have to pick your fights.

Thanks again!

6 users thanked author for this post.

jburk07, Lars220, SueW, Myst, geekdom, PKCano

Reply | Quote

Morty wrote:

You have to pick your fights.

I think this fight is worth picking even if it means a bloodbath.

2 users thanked author for this post.

Morty, Kranium

Reply | Quote

[Morty]

Alex5723 wrote:

I think this fight is worth picking even if it means a bloodbath.

Sigh…You’re younger than I am. I hung up my guns.

I will say that I deactivated my FB account and don’t use any of their products. I also don’t use a smarthphone or any i-Devices.

I’m a neo-luddite. But I know when to put up the white flag. I do wish you success.

• This reply was modified 5 years, 7 months ago by Morty.

Reply | Quote

? says:

excellent report, Morty! glad your monthly patching pitstop is over and you are on the the next adventure. i envy your mind set and raw courage

me and Sancho P are still out here in the hinterlands tilting at windmills (until after Christmas if not done in before then)

Reply | Quote

Hi Morty! 6536 here. I knew you were coming on board and getting to be a techie when I commented last month, “now people will be coming to you for help!” Glad it installed OK.

Morty, Abbodi86 and AJNorth have great ideas. If you could go down either suggestions you WILL reduce the telemetry and “they” will know less about you than you do.

See AJNorth’s comment #1902567 above. I am sure you can do it!

Good Luck.

Reply | Quote

Morty wrote:

Sigh…You’re younger than I am. I hung up my guns

Don’t be so sure 🙂

50 years in IT and still carry my guns.

2 users thanked author for this post.

Lars220, SueW

Reply | Quote

I really couldn’t care less what M/S and Google know about me – it’s many years now since I worried what the neighbours thought. I just don’t want any shoddily-made patches on my P.C. unless I absolutely have to install them.

2 users thanked author for this post.

jburk07, Myst

Reply | Quote

@the-Surfing-Pensioner: It isn’t just what MS and G know about you in a properly scrubbed form of telemetry that rightfully does NOT have any personal identifiable information, but when things go awkward and then personally identifiable information DOES get out to the world.

A few years ago Wed of Trust had a problem of not “scrubbing” the data clear of any personally identifiable information and a German magazine found data about people in the URLs that were sent back to the aggregators. By having this telemetry data turned off, it is closing another possible vulnerability you may have.

Especially since AJNorth laid out above what to disable or delete, why not spend 5 minutes doing it? BUT … to each their own.

And yes I do agree having a bad patch is more of a headache than turning off telemetry.

Reply | Quote

As I co-ordinate a small voluntary organisation single-handed, my personal identifiable information is all over the net anyway. It’s never been a problem; I don’t bank online. I was also (unfortunately) a customer with TalkTalk at the time their records were hacked and I still get overseas calls from individuals with Asian accents claiming to be TalkTalk technicians who ring me up asking for access to my P.C., or for money. I quite enjoy telling them what I think of them. In consequence, I have never been infected by the telemetry paranoia that troubles some people. I really haven’t  got anything left to hide.

Reply | Quote

Consider this:  *You* don’t bank online – you haven’t setup online access to your bank – but all the information necessary to setup that access is available online.

What could go wrong with this scenario?

1 user thanked author for this post.

wavy

Reply | Quote

That’s not actually true, but as I have had no problems managing my (lack of) privacy for the last thirty years I am beginning to find this discussion very boring. Try somebody else?

1 user thanked author for this post.

Myst

Reply | Quote

🙂

I’m prone to forget the international focus of Woody’s site.

Reply | Quote

I looked at the Master Patch List but I couldn’t find “Update Rollup 29 for Exchange Server 2010 Service Pack 3 (KB4509410)” with a date of 7/9/2019. Are we good to go with installing this update?
Thanks, Susan for all you do!

Reply | Quote

I don’t know if Susan approves or not, but UR29 patches a man-in-the-middle vulnerability that is exploitable. I’d install it.

Reply | Quote

Apologies, missed it.  Not tracking issues, okay to install.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Marcus Weldby

Reply | Quote

Reporting in late, have been unwell. Installed the July WIN7 .NET and Rollup with no issues.

(Oh, and made sure that CIEP’s throat stayed cut. It did. Should take out 99% of pesky telemetry.)

But why do I ALWAYS have to re-configure Windows Media Player every time I do a Rollup??

Thanks to all here for repeatedly putting their head in the Sabre-toothed Tiger’s Jaws.

 

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

jburk07

Reply | Quote

I have had to do the Media Player re-configure after every Group B monthly patch also for a number of months now. It is not just the rollup.

It also create a log file regularly.

2 users thanked author for this post.

jburk07, SueW

Reply | Quote

Windows 7 Home 64 bit Group B

I decided to switch to Group A (or so I thought). A check for updates offered .Net Framework KB4507420, Security Intelligence Update for Windows Defender KB915597, MSRT KB890830 and Security Monthly Quality Rollup KB4507449. Ironically, all installed except KB4507449. I downloaded the Security Only Group B patches and they all installed – guess I’m still Group B after all. I did disable all the recommended tasks in Task Scheduler.

2 users thanked author for this post.

jburk07, SueW

Reply | Quote

Oh hey, how does that go with servicing stack updates now? Latest or by kb number?

Because some of those look funny. 1903 got a new SSU on the 27th but numbered earlier than the previous one from the 9th… and I had a bit of a bother some months ago on one system when the exact SSU by kb numbers wouldn’t work and had to get a later one to be able to install a CU.

Yeah, right, 1903… but anyway.

Reply | Quote

Quick question – If we’re Win7 group B and don’t want the bother with the telemetry in the July 2019 security update, is it still okay to install the IE11 update?

Thanks

Reply | Quote

I actually don’t see why not, it’s a cumulative IE11 patch.
However, here comes the caveat, the ‘security patch’ in Group B is non-cumulative which means, if you decide to Group B ‘security patch’ next month, July’s security fixes won’t be applied leaving the device vulnerable. Then troubleshooting issues start to get messy..

If you should want to install the July Security Only Update and wish to reduce telemetry, might I suggest AKB2000012 by abbodi86.

IMHO I’m now convinced that Group A is the way forward to prevent this scenario from happening. Woody, what’s your take on this? Head scratching time..

If debian is good enough for NASA...

2 users thanked author for this post.

Lars220, Myst

Reply | Quote

Yes, you can install only the IE11 CU.
But the telemetry is not the only thing in the July CU. The fix for the new Meltdown/Spectre vulnerability is also in the SO KB4507456.
See this Blog Post.

2 users thanked author for this post.

Lori, walker

Reply | Quote

? says:

windows 7 security only patching was extinguished in july

see post #1904580 for details

i guess i could keep booting a fully patched telemerty laden version after january 2020 and send signals back to the mothership kinda like Voyager 2…

Reply | Quote

@anonymous:

After reading all of the comments relevant to this untenable situation, I can only feel that “we who are totally non-computer literate” are “up the proverbial creek without any kind of paddle”.   I don’t want to wait too long, however don’t know which way to jump at this point in time, and I think there are many others who have this lack of “experience and computer knowledge” to deal with it all.   Good luck to us all, and I’m thankful  there are so many who have the outstanding knowledge and experience to share with us.

Reply | Quote

I installed the Group B, Security Only updates for Win 7 and IE11, the .Net update, and the Office 2010 patches yesterday.  I disabled all the telemetry items as given to us by nice people on Woody’s site.  I should emphasize that you should give some time after each reboot for the updates to work in (15 to 20 minutes).  I watch the CPU usage on Task Manager to see when it stops.

So far knock on wood, things seem to be okay and all settings are where I put them.  Nothing has been said one way or another, but I’m assuming the KB4507456 Win 7 update can be uninstalled if a problem comes up.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

3 users thanked author for this post.

Bill C., SueW, jburk07

Reply | Quote

Charlie, did you use Abbodi86’s steps (see #219238)  or AJ North’s steps?  Thx for letting your fellow Group B’ers.

Reply | Quote

A J North’s.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Just now received KB3150513 … “The updated definitions help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system”, on W7/32 – sent by Windows Update. It came in as important/recommended.

With KB4507456 snooper update and now this, it is obvious that it is all about data gathering for upgrading purposes and not for diagnostic/trouble shooting statistics.

We may soon see yet another ‘get W10’ offer to those with so-called compatible systems. I am not expecting a rehash of the previous unethical GWX offer, but I ma expecting a popup (or the likes) with a YES and hopefully a NO button. I am not anticipating a ‘do not ask again’ box to check.

Reply | Quote

? says:

thank you NoLoki! i still haven’t gotten over finding $Windows.~BT on C:\ over 4 years ago

just been (re) reading:

https://en.wikipedia.org/wiki/Criticism_of_Windows_10

think i’ll go out for another long walk

 

Reply | Quote

Today I finally had a moment and installed the Windows 7 x64 July patches: for Office 2010, the July MSRT and the .Net rollout, as well as the July IE11 Cumulative Security update. But had no luck with the July Security Only update. Something I did, I think, cut short its install. It did not go through the “Installing Update” stage with the growing green bar, but declared itself installed all the same and in no time at all. When I checked in Windows Updates the list of installed updates, it did not appear anywhere. I searched for it by KB number, and it was found. I tried to uninstall it to have another try at installing it properly, but that failed with an error message. I restarted the machine, which fiished installing the IE11 update. But then I tried, once more, to see if I could install the Security Only KB4345459 and I got — again — the message that this was already installed. So I used a restore point I had created before installing IE11 to undo the whole thing and then tried, once more, to install Security Only, but had no luck: the system informed me, yet again, that this was already installed, although, again, it showed nowhere in the lists of installed updates. I reinstalled IE11 without problems and then said to myself: “Well, I am going to let this July Security Only patch rest in peace. At least this way, this time, I won’t get any of the telemetry in its bag of nasty tricks. If others (Group W) can live long and prosper without ever, if they are to be believed, installing any patches whatsoever, then I could, probably, survive with a botched install of July’s Security Only.”

Such is life. That, as I’ve been told by an usually reliable source, is not half as bad as its alternative. If anybody has any advice that is not too complicated to apply, I’ll be interested to read about it.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Hi there.

Did you perhaps download the wrong update (or get your dates mixed-up)?

KB4345459 is the Win 7 “Security Only Quality Update” that was released on 16 July 2018; KB4507456 is the “SOQU” for July 2019.  Hope that solves your issue.

Good luck!

Reply | Quote

Thank you, AJNorth, Sir! Thank you so very, very much! Not the least reason for being thankful is that you have completely demonstrated that, indeed — and as I have suspected all along — I did do something wrong!

Now, following your most illuminating suggestion, I have succeeded in installing the July SO patch without any obvious bad side effects, so far.

Oh, this is SO weird! Unique, in fact, in my, by now, very long patching history! I imagine this happens to people who rush to do things very, very slowly that they lose track of things, as myself in this particular case.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

AJNorth

Reply | Quote

My pleasure; glad everything turned out well!

Reply | Quote

Quick question about July updates for Win 10 1903. I just now have gotten notice on my laptop that the following updates are ready for downloading, and wanted to just ask if it is safe to do so now. I am assuming yes, since these are July patches, but wanted to just make sure, since this is just the second time I’m getting updates for this laptop.

Win Defender Update KB 2267602 (V1.299.1542.0) This KB is the same number as the June Defender Update – are they always the same, just a different version number?

July Malicious Software Tool KB890830

July Cumulative Update KB4507453

July Cumulative .NET update KB4506991

Thanks!

Reply | Quote

Those are the correct updates for July.
Have fun with the new laptop!

1 user thanked author for this post.

LHiggins

Reply | Quote

Thanks! We are – it is really fast and has a gorgeous display. But so much that is different from Win 7, so I am taking things slowly!

Thanks for the confirmation of the updates. Will run wushowhide before I download them.

Reply | Quote

Group A with Win7 Pro 32bit on HP dc7900- sff deskside with Wolfdale Intel Core2 Duo/Southbridge

No issues with the 7420 .net KB, or the SMQR 7449 and MSRT 830 installs.  Internet connectivity and WMP all intact, too.

Really appreciate the sundry inputs I read through above from everyone to help keep misery to a minimum.

Enjoy the dog days of August, all!

2 users thanked author for this post.

jburk07, Myst

Reply | Quote

Here’s my feedback after updating last night:

Note: I had results similar to Sueska’s (#1899427). I had already disabled each of the scheduled tasks under Application Experience [AitAgent, Compatibility Appraiser, Program Data Updater] and CEIP [Consolidator, KernelCeipTask, UsbCeip], and verified this prior to installing July’s SO.

1 – imaged my disk with Macrium Reflect Free

2 – downloaded Updates KB4507456 (July SO) and KB4507434 (IE11 July Cumulative)

3 – installed the July SO and IE11 Updates and then rebooted; waited 15 minutes

4 – re-checked Application Experience and CEIP: under Application Experience, AitAgent remained disabled, but Compatibility Appraiser and Program Data Updater were now ‘Ready’ so I disabled both. The 3 tasks under CEIP remained disabled.  (I double-checked this morning, and all 6 tasks are still disabled.)

5 – updated MS Security Essentials’ Virus & Spyware Definitions manually to eliminate Windows Update’s “Optional” ‘Definition Update for Microsoft Security Essentials – KB2310138’

6 – checked “Windows Update” => 6 Important (all checked): 3 Office 2010 and 3 Win 7; 3 Optional: all unchecked

7 – unchecked and hid “Important” Update KB4507449 (July Rollup)

8 – hid the unchecked Optional update KB4507437 (July Preview Rollup)

9 – hid the unchecked Optional update KB4493132 (the “Get Windows 10” nag patch)

10 – hid the unchecked Optional update KBKB3150513 (as noted in Bill C’s results #1904809)

11 – checked “Windows Update” again => 5 Important: 3 Office 2010 and 2 Win 7: all checked; 0 Optional

12 – unhid 0 hidden updates to install

13 – installed 5 Updates: 3 Office 2010 (KB4464572, KB4462224, KB4475509), 2019-07 Security and Quality Rollup for .NET Framework (KB4507420) and MSRT (KB890830)

14 – rebooted and waited around 45 minutes

Note: Windows Media Player needed to be reconfigured once again.

Many thanks to Woody, PKCano, abbodi86, Sueska, Bill C, and everyone else who continue to contribute their time and expertise, or who post their own results!

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

4 users thanked author for this post.

jburk07, Bill C., Charlie, Lars220

Reply | Quote

@SueW:   Isn’t the KB4507449 (Monthly Quality Rollup for Win 7 for x64, the one that has the “telemetry” cooked into it?  I’m sure there are many who are having nightmares about what will transpire, “if and if it’s NOT” downloaded and installed.

It would be interesting to get an idea of how many are taking the risk of installing this one versus not installing.   Thank you for posting the information..

1 user thanked author for this post.

SueW

Reply | Quote

@walker
The one people are discussing about having telemetry is the Security-only update for Group B.

You are in Group A. You should go ahead and install KB4507449 Rollup. You have been installing Group A Patches all the time.

2 users thanked author for this post.

Microfix, SueW

Reply | Quote

@PKCano:  I sent two replies to you thanking you for REALLY making my day.   It was absolutely wonderful.    I checked several times and was unable to locate my reply so I am sending another one.   Your assistance has been a real “life saver” for me.

I cannot begin to ever say “thank you” enough for all of the amazing and outstanding assistance you have provided for all of  the members.  Thank you, thank you, and thank you again.    You are absolutely amazing, and “PURE GOLD“.

2 users thanked author for this post.

Fred, PKCano

Reply | Quote

I really don’t understand all the theatre involved with Windows 7 updating. We’re five months away from an obsolete operating system. Why not just install all updates?

As a side question, why are we still seeing KB4507437 [2019-07 preview of monthly quality rollup for win7 x64] after already installing KB4507449 [2019-07 monthly rollup]?

Reply | Quote

anonymous wrote:

As a side question, why are we still seeing KB4507437 [2019-07 preview of monthly quality rollup for win7 x64] after already installing KB4507449 [2019-07 monthly rollup]?

KB4507437 ( 2019-07 Preview of monthly quality rollup) is an UNCHECKED Optional update that was released AFTER the 2019-07 SQMR. It contains non-security fixes that are not in the July CU. The Preview updates are intended for testing only, and the new fixes they contain will be rolled into the next month’s Security CU on Patch Tuesday.

1 user thanked author for this post.

JohnS1606

Reply | Quote

I see. Thank you.

Reply | Quote

I just rolled back Windows 10 updates that updated my computer sometime today. My Windows 10 version is 1903 build 18362.10005.

When I clicked my Search bar in the taskbar, all I could see was a big black box. My search window came back when I uninstalled today’s update. Sorry, I didn’t notice the build number of today’s update.

Thought you would want to know in case this happens to anyone else.

Reply | Quote

The latest released version of 1903 is Build 18362.267.
Are you running an Insider Preview or Slow Ring version?

Reply | Quote

[Alex5723]

WScejonesjr wrote:

I just rolled back Windows 10 updates that updated my computer sometime today. My Windows 10 version is 1903 build 18362.10005.

When I clicked my Search bar in the taskbar, all I could see was a big black box. My search window came back when I uninstalled today’s update. Sorry, I didn’t notice the build number of today’s update.

Thought you would want to know in case this happens to anyone else.

Your new slow ring build was 18362.10012.

https://blogs.windows.com/windowsexperience/2019/08/08/announcing-windows-10-insider-preview-build-18362-10012-18362-10013-19h2/#0prhPPgudFAYfQUL.97

• This reply was modified 5 years, 7 months ago by Alex5723.

Reply | Quote

This is to help all. I want to thank Sueska, GoneToPlaid, SueW and my friend “CH”.

Windows 7 SP1 64bit, with Broadcom network card. Group B.

Installed all July’s updates; IE KB4507434, then IE KB4510979, SO KB4507456, .NET 3.5.1 SO KB4506976 and MSRT today.

From the catalog; Installed IE KB4507434 1st, KB4510979 2nd, SO KB4507456 3rd, SO .NET KB4506976 4th, and MSRT (from WU) last.

Installed one at a time, *with Network disconnected*.

Rebooted in between each update letting it sit 1 or 2 minutes after update was installed (when hard drive light settled down).

As per SUEW I did the same. “I had already disabled each of the scheduled tasks under Application Experience [AitAgent, Compatibility Appraiser, Program Data Updater] and CEIP [Consolidator, KernelCeipTask, UsbCeip], and verified this prior to installing July’s SO.”
(For me, Compatibility Appraiser was missing. It was installed after KB4507456. I then disabled it).

After the Windows 7 SO KB4507456 install, I went through Scheduled Tasks, found and compared before/after, the below:

AitAgent was set to run at 2:30am -presumed altered- but it did honor the set disabled state. If it wasn’t disabled by me, it too would be running.

ProgramDataUpdater – was “ready”, set to disabled again.

PerfTrack – disabled (stayed the same)

Autochk Proxy- Disabled (deals with CEIP) was left alone.

CEIP was -presumed- updated and set run times, but it did honor the set disabled state. If it wasn’t disabled by me, it too would be running.

DiskDiagonostic Data Collector & Resolver – Disabled (disk & system info for CEIP). It did honor the set disabled state. If it wasn’t disabled by me, it too would be running.

Media Center has: AccountWindows Search, ConfigureInternet Time Service, DispatchRecoveryTasks, ehDRMInit, InstallPlayReady, mcupdate, MediaCenterRecoveryTask, ObjectStorRecoveryTask, OCURActivate, OCURDiscovery, PBDADiscovery, PBDADiscoveryW1, PBDADiscoveryW2, PeriodicScanRetry(disabled, an old trigger of 2006), PvrRceoveryTask, PvrScheduleTask, RecordingRestart (disabled), RegisterSearch, ReindexSearchRoot, SqlRecoveryTask, UpdateRecordPath. ALL had “last time run never”. After install all appeared the same “ready” except for 2 of them mentioned as “disabled”. No new run times, no new triggers (I do not use Windows Media Player).

Is the Scheduled Task “WindowsErrorReporting” needed (WindowsError Queued files)? I already have Windows Error Reporting Service disabled, so I will probably go and disable the Scheduled Task.

Control Panel > Administrative Tools > Services, find Diagnostics Tracking Service. I did NOT have that service. I never installed KB2952664 nor any get win10 patches (Group B).

It was mentioned to add a registry key of: HKLM\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable\0. I did not have that key and I did not create the key. If Abbodi86 or other askwoody MVPs say, “yes, you should”, then I will. (Is this registry key definitely needed?)

No network issues. No oddities.

Rebooted 3 times and let it sit for several minutes. (15 min. – so MSCORSVW of .net could run)

I would recommend people on the last reboot to go to the desktop and let it sit 45 to 60 minutes to Process Idle Tasks, let the trusted

installer (as per PKCano) do its thing and the MSCORSVW of .net can get done.

If others here are interested, one can run the MSCORSVW .net image compiler (NGEN) manually. (I do).
https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx

You can also force Processing of Idle Tasks if you want by the administrative command prompt: rundll32 advapi32.dll,ProcessIdleTasks

You can enter that then walk away for 15 to 20 minutes. If the drive light is still on, it is still running, walk away again. Do not allow

the computer to go to sleep. Reset the Power Options to 1 hour sleep if needed. Laptops make sure you are on AC power not battery!

And like ELLY said, you could keep task manager open and look at the MSCORSVW process and see if it is still running.

Thanks to all here.

Windows 7 Group B

1 user thanked author for this post.

SueW

Reply | Quote

? says,

thank you for the detailed patch report and tip ‘o the fedora to SueW as well! your posts take the guesswork right out of the process. i lost the ngen speed ’em up years ago so it is nice to have it although mscorsvw.exe usually runs for 11-14 minutes and at this late stage of the win7 patching game i really don’t mind the wait. i see trusted installer run for 10-13 minutes and then move on. i’m skipping the SO for July and beyond if they also contain the telem just don’t want their plumbing .dlls, .exe’s., mui’s and associated winSxS in the mix. the win7 started life around 4GB and now is a plump 20GB after all the patching…

1 user thanked author for this post.

SueW

Reply | Quote

Win 7 SP1 Home Premium 64-bit; Group B
Following the directions of AJNorth & Sueska regarding telemetry and SueW’s excellent and precise record of her updating & installation of this July’s patches (minus Office) the updates went with only very minor glitches plus fixing Media Player and same as others above, post Task Scheduler telemetry check fix. The only problem is that when checking for updates, I was never offered the Net Framework KB4507420 patch, even with repeated checks. So I’ve gone to the Microsoft Update Catalog and have 3 security updates to choose from: which one should I download and install? I think it’s the 162.4 MB choice, but I’m not sure. Your help would be greatly appreciated. Thanks!

1 user thanked author for this post.

SueW

Reply | Quote

KB4507420 is a Rollup, a bundle of updates for different versions of .NET. If you are patching .NET manually you need to know which versions of .NET are installed on your computer. The patch for different versions have individual KB numbers different from the Rollup. (See the linked pages.) What you see installed is the Individual KBs, not the Rollup KB number.

That is why it is best to update .NET through Windows Update. WU will determine what is on your computer and install the patches for the version(s) you have installed. If there is no patch for your version, you may not be offered any through WU.

3 users thanked author for this post.

Lori, walker, Fred

Reply | Quote

Thank you for your quick response and for the information.

Reply | Quote

PKCano, thanks again for your input. Actually, as an apparent Group B “for REALLY dumb dummies” member, I usually wait monthly til the last minute to install whatever patches are available. When checking for further WU at the end, I will hide any unchecked + checked patches that show up that do not belong in my personal patching roster for that month. Those patches that I hide, apparently can be patches that I will be needing for the next month, which is what happened with 2019-07 Security and Quality Rollup for .NET Framework KB4507420. After a light bulb suddenly flickered on above my head, I checked my hidden patches and found my KB4507420. I just downloaded and installed it without incident. Sorry to have bothered you in the middle of the night.

Reply | Quote

Probably few folks check back here, but I wanted to mention some of my recent experience…

Friday I took it upon myself to bring 6 machines at work up to date.

Two were mine (my desktop workstation and a VM within), three were high end server farm machines that were recently installed (e.g., less than two months ago, bought new and Win 10 v1903 installed afresh by a coworker), and one was a coworker’s office machine.

Of those six systems EVERY SINGLE ONE exhibited errors upon running SFC /VERIFYONLY. All had to be repaired by running DISM /Online /Cleanup-Image /RestoreHealth then SFC /SCANNOW. Fortunately that succeeded in every case.

These systems are closely and carefully managed and kept up to date every month when Woody here takes us to MS-DEFCON 4 or higher.

2 of the 6 machines I personally verified as of last month’s patches to pass an SFC check cleanly. I presume the other 4 must have been clean at some point, though I can’t be certain.

How is it Windows 10 has become so fragile, so apt to soil itself, that it requires geek chops to recover virtually every machine just used normally? How many folks, even in Engineering lines of business, even know to use DISM? What do regular folks do?

-Noel

6 users thanked author for this post.

jburk07, Microfix, MrToad28, Lars220, Charlie, geekdom

Reply | Quote

I periodically run system checks — different operating system, same lack of trust.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

What made you run system file checker after installing the latest round of patches? Is it just  your company’s SOP (Standard Operating Procedure, for the uninitiated), or were there issues during or immediately after installation that brought about the need for using SFC?

R/

Bob99

Reply | Quote

It is a matter of personal habit going way back.

I just always check, before and after updating. If it finds a problem before, I fix it before attempting updates. If it finds a problem after I fix is so that maybe – just maybe – next time I won’t find one before.

-Noel

1 user thanked author for this post.

jburk07

Reply | Quote

Noel Carboni wrote:

What do regular folks do?

Move to Linux Mint 19.2 ?  …  🙂

Thanks Noel for the reminder about the Command Prompt DISM and SFC commands, remember to ‘Run as Administrator’.  I have done that with Win10 v1803 and recently with version 1809. I am not using 1903 yet. Were all 6 of your computers on v1903? What type of problems were you having? I am learning about LM19.2 in my Win7 VirtualBox.

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

Reply | Quote

If only it were so easy to just hop to another OS.

The two office systems were v1809, the VM and the three test machines in the server farm were v1903.

I kept my own office system on Windows 10 for Workstations v1809 simply because it has not yet been offered v1903 and I’m in no hurry to beta test the new version. I have it set to the most conservative setting, formerly known as “Current Branch for Business” I guess, as I need the machine to be stable (which it is). It was clean before the update but gathered some kind of SFC problem during the update, which I then fixed.

The other office system running Windows 10 Enterprise had an SFC problem before the update, which I fixed, then it was offered v1903 this time around, so I went ahead and put the new version in. That went quite smoothly, and wasn’t corrupted (SFC-wise) upon login after the upgrade.

The three server systems have the most “stock, out of box” configurations of Windows 10 Enterprise. All three of those showed SFC problems before the update, which I fixed, and after the update no additional corruption was detected.

-Noel

1 user thanked author for this post.

Lars220

Reply | Quote

That’s the Windows Defender sfc/scannow DISM bug. It’s well-known, and comes from a change inside of Windows Defender. The only permanent fix will come in the form of a future Windows 10 Feature Update which will incorporate the correct internals for handling the changed WD updates behaviors.

See:

https://www.bleepingcomputer.com/news/microsoft/windows-10-sfc-scannow-cant-fix-corrupted-files-after-update/

and

https://support.microsoft.com/en-us/help/4513240/sfc-incorrectly-flags-windows-defender-ps-files-as-corrupted

 

-- rc primak

Reply | Quote

rc primak wrote:

That’s the Windows Defender sfc/scannow DISM bug. It’s well-known, and comes from a change inside of Windows Defender. The only permanent fix will come in the form of a future Windows 10 Feature Update which will incorporate the correct internals for handling the changed WD updates behaviors.

See:

https://www.bleepingcomputer.com/news/microsoft/windows-10-sfc-scannow-cant-fix-corrupted-files-after-update/

and

https://support.microsoft.com/en-us/help/4513240/sfc-incorrectly-flags-windows-defender-ps-files-as-corrupted

 

My Win 10 v.1809  build 17763.615 has the same issue wherein sfc /scannow said it found corrupted files but could not repair them.

Next, i ran this command:  DISM.exe /Online /Cleanup-image /Restorehealth

The result was:  [==========================100.0%==========================] The restore operation completed successfully.

Then i ran sfc /scannow again. The result was:

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windirLogsCBSCBS.log. For example C:WindowsLogsCBSCBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

Hopefully, all is well!

2 users thanked author for this post.

rc primak, Noel Carboni

Reply | Quote

@Woody:

I have not received ANY notices of updates to the subjects I am subscribed to since August 9th.     What is wrong with the system?   I have no problem with logging in, and trying to find a subject to read the replies to, however I have NOTHING being sent to my email for notifications since August 9th.    Is anyone else having problems with this?    I am lost without my notices of new messages.    I have no idea what the problem could be….  Thank you for any help you be able to provide.  Your website is the “pot of gold” at the end of the rainbow.  THANK YOU ONCE AGAIN.    🙂

Reply | Quote

Be sure your Notifications are not going into the Spam or Trash folder in your email.
If you want notifications from a whole topic, click the “Subscribe” button at the top of the topic.

If you want a notification from a reply you make, be sure to check the box at the bottom of your reply.

Reply | Quote

@PKCano:    I have never had any problems receiving the “alerting” emails since I’ve been a member of this forum.   I always check all spam and trash before clearing, so I don’t know what is occurring.   I have not changed anything at all, when my “alerts” suddenly stopped and have not started again.   Thank you for the tips, which I have always strictly adhered to.   Again, and again, I “thank you”.

Reply | Quote

@walker
What browser are you using?
In Firefox, there is a setting to allow notifications.
Tools/Options/Privacy & Security/Permissions/Notifications
If you click on the “Settings” button, you can allow notifications from:
Https: // www. askwoody. com  (Don’t put any spaces in it like I did.)

Reply | Quote

PKCano:    MIRACLE OF MIRACLES!!!   Your notification on this “alert” is the FIRST I’ve received since my “alerts” suddenly stopped!!   I have done nothing difference, so I don’t know the reason why, however I am SO thankful that I have received the “alert”.    THANK YOU for all of the recommendations (however I’ve never had to use anything other than what I’ve always used).    This is VERY strange, however I’m not questioning it!   I AM SO HAPPY!!!

I only hope it continues without anymore problems.    As always “THANK YOU” for all of the time and effort you expend helping all of us, PK!!      🙂  🙂

Reply | Quote

PKCano wrote:

@walker
What browser are you using?
In Firefox, there is a setting to allow notifications.
Tools/Options/Privacy & Security/Permissions/Notifications
If you click on the “Settings” button, you can allow notifications from:
Https: // www. askwoody. com  (Don’t put any spaces in it like I did.)

Does that have anything to do with email notifications from subscribed threads?

Reply | Quote

[MrToad28]

Updated 8 Windows 7 PC’s on 8/4..Using JULY Roll-ups. No problems seen. Skipped the June update.

• This reply was modified 5 years, 7 months ago by MrToad28.

1 user thanked author for this post.

jburk07

Reply | Quote

When reading Woody on Windows (August 2 column – It’s Time to Install Most of July’s Office and Windows Patches) at Computerworld.com I noticed this statement:

“There are plenty of full-image backup products, including at least two good free ones: Macrium Reflect Free andEaseUS Todo Backup.”

Both of those backup programs are good. In fact, I often use Macrium Reflect Free. I’m curious, however, as to why Woody didn’t mention Windows own System Image backup. It’s known as Backup and Restore (Windows 7) these days, and it still does a good job. So, why no mention?

Reply | Quote

Microsoft has buried the old Win7 backup program. Persistent talk says that it fails in some cases.

2 users thanked author for this post.

Lori, rc primak

Reply | Quote

I’m running Windows 7, Home 64 bit. I installed all the important July updates that were checked without incident. But I noticed since the update, my disk space has gone down spontaneously by 3 gig! Can this be due to the addition of the telemetry in the July roll Up? Otherwise the system seems normal, just seeing this disconcerting drop in disk space. Any help would be greatly appreciated!

Reply | Quote

Restore points may account for the extra space rather than telemetry. Try running the disk clean up utility to see how much space you might recover?

cheers, Paul

2 users thanked author for this post.

rc primak, OldBiddy

Reply | Quote

Thank you, Paul, for this suggestion. I will try it and see if it recovers any space.

Reply | Quote

Hello OldBiddy,
PaulT may have a point in that System Restore points are made by the MS updates. However I would had thought eventually the maximum amount of the drive would had been met, thereby having the oldest restore points drop off. However, it is a good thought and should be looked into.

I would also suggest you run Microsoft’s “Disk Cleanup”, press the “Clean up System Files” button, and see about further cleaning by removing the “old MS updates and Previous Windows version OS” and Delivery Optimization files. Reboot afterwards. Do not panic if it takes some time to reach the desktop again. We have seen as long as 45 minutes of a “black screen” and then up pops the login or the desktop. It does have to delete the files and redo pointers and that takes time.

After every MS update, a day or two later, I run Ccleaner. I use the older 5.29 or 5.30 version before Avast bought them. It usually find 500 megs to remove, 400 megs of that being logs and error logs. Unless you want to have your Windows 7 upgraded to windows 10, I see no reason to make send or keep any error logs that windows 7 may acquire. If you are not intending to upgrade to Windows 10 on that computer, you might consider turning off (disable) the “Windows Error Reporting service”.

Hope this helps.

2 users thanked author for this post.

Lori, OldBiddy

Reply | Quote

Oldbiddy here. Can’t seem to sign on to the forums – pwd not working though I haven’t changed anything. I did successfully sign on earlier.
But just wanted to let Paul and anonymous know that running disk clean freed up considerable space – about 10 gig!!! All those old windows updates and SP1 backup files took up a lot space. I figured I shouldn’t need the Service Pack backups since my nearly 10 year old laptop will be obsolete in the next few months. I do have my data files backed up and can move them to whatever new machine I get next.
Many thanks to anonymous and Paul for your help. So glad it worked 😊. Although it’s still a puzzle to me why I lost so much disk space within the span of a week.

Reply | Quote

This is really strange. I’m not signed in but my post shows my name. I get an error when I try to sign on saying either my userid or password is wrong, but I was still able to post as myself. Not being officially signed in though, so I can’t see the option to thank anyone. And I never use the keep me signed in option. Maybe my account is corrupted in some way.

Reply | Quote

Your name is on it because I put it there, not because you could post as yourself when not logged in. I have magic like that. 🙂 LOL

1 user thanked author for this post.

OldBiddy

Reply | Quote

Thanks for doing that PKCano! I know I’m not the sharpest tech tool in the shed, but this really confused me! But what do you suppose is wrong with my account, not being able to log in? Should I just reset my password?

Reply | Quote

That will work, but write it down.
Yes, I know, but it’s the only way for us old people. 🙂

1 user thanked author for this post.

OldBiddy

Reply | Quote

You know, this is absolutely true 😋. I do write things down – that’s the only password manager I can handle! And I’m sure you’re not old at all, PKCano – you’re just trying to make me feel better, bless your heart 😊.

 

Moderator note: PK has left the room 😀

1 user thanked author for this post.

Lars220

Reply | Quote

Windows 7 SP1 Ultimate, x64, Group B.

Yesterday I decided to install the so-called Security-Only update KB4507456. After restarting, apart from the scheduled tasks added in the Task Scheduler, I have noticed in the the Event Viewer this warning message:

“A provider, InvProv, has been registered in the Windows Management Instrumentation namespace Root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.”

Doing some searching in the web, I have not found something really definite about this, but I suspect that it relates with the notorious  KB2952664 …

1 user thanked author for this post.

SueW

Reply | Quote

anonymous wrote:

I suspect that it relates with the notorious  KB2952664 …

Yes, it is, and dates back to year 2015

https://www.sevenforums.com/system-security/365182-provider-invprov-has-been-registered-windows-management-ins.html

1 user thanked author for this post.

SueW

Reply | Quote

I never would have thought to look at Event Viewer unless I read your post, but I also have 2 of the same warning messages. Each warning has the same date and time (right after I installed KB4507456), the same source [WMI] and the same Event ID [63].

I’m tempted to delete these; have you?

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

I have deleted the known telemetry tasks, but I have not touched the WMI providers. In fact, I do not know how you can remove such a provider and whether this will cause other side effects on my PC.

2 users thanked author for this post.

Lori, SueW

Reply | Quote

Hi @anon, thank you for your response. I had disabled the telemetry tasks again (although I was tempted to delete them as you did!).

As to removing the InvProv provider, one could delete each of its ‘Warning’ events in Event Viewer > Custom Views > Summary page events, where the Actions for each event, including Delete, are in the right-hand margin. If deleted, I’m not sure what any side effects would be either, though my system didn’t have this provider prior to installing KB4507456.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

woody
I am getting Noscript blocking netdna-ssl.com & windows.com on this page!!

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

1 user thanked author for this post.

woody

Reply | Quote

I had a report of a similar (but not identical) scripting/ad blocking package having a fit with Susan Bradley’s post here.

Ends up it was a simple mistake — the second link was pasted as http, when it should’ve been https. Changed it to https, and the warning went away.

I wonder if you’re seeing something similar?

 

Reply | Quote

Still present!
and

??

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

We have a big problem with Internet Explorer on Windows 7 x64 and June+July Monthly Rollup Updates and Cumulative security update for Internet Explorer.

I made a video about that problem – https://youtu.be/DWISubnC5sI

In two words – IE starts sooo long and works soooo slow after problem updates. When you uninstall update – IE fast as it can be again.

If we install some of next updates, we have IE problem:

KB4503292 (June Monthly Rollup)

KB4507449 (July Monthly Rollup)

KB4503259 (Cumulative security update for Internet Explorer: June 11, 2019)

KB4507434 (Cumulative security update for Internet Explorer: July 9, 2019)

We don’t have any problems with KB4507456 (Security-only update)

Today we try to install KB4512506 (August Monthly Rollup) – no problem, all fine. But August updates are just released and on DEFCON2.

Does somebody have same issue?

Or it is some kind of our specific issue?

1 user thanked author for this post.

woody

Reply | Quote

We are seeing this same behavior here as well. Oddly enough though, not everyone has the 4507449 update installed. It does appear to be specific to Windows 7 users though.

Reply | Quote

See this…

https://twitter.com/tompurvis/status/1162427238559694849

 

1 user thanked author for this post.

Anton Karlan

Reply | Quote

See this…

Yes, adding 127.0.0.1 ie11welcome.microsoft.com to host file make IE start much faster!

I think this is the reason!

Reply | Quote

See https://www.askwoody.com/2019/ms-fixes-the-bug-that-causes-a-looooong-delay-in-starting-internet-explorer/

Does that fix the problem?

1 user thanked author for this post.

Anton Karlan

Reply | Quote

Does that fix the problem?

Yes, as I wrote in post, August updates fix the problem. But we see, that it starts from June, it continued in July and fixed in August.

Nobody else experiences that issue? If it is something specific to us, I wish to know the cause of that problem.

Reply | Quote