Windows 7 scan speedup

Topic

New Reply

Standard disclaimer: We’re going to be discussing today’s patches, but DON’T ASSUME THAT YOU SHOULD INSTALL THEM. You have plenty of time to wait and
[See the full post at: Windows 7 scan speedup]

1 user thanked author for this post.

ve2mrx

Reply | Quote

Replies

@Woody,

I can confirm the following…all month, since installing KB 3185911 last month from krelay, my check for updates has been lightening fast. I had not followed Canadian Tech’s suggestion to install KB 3172605 even though I had KB 3020369 previously installed.

After setting my machine to Never Check yesterday, this evening I tried to do a manual check and things reverted back to high CPU usage and a long scan for updates which I ultimately stopped via Services (Task Manager–>Services–> scroll to Windows Update–>Go to the navigation pane on the left side and click Stop). Obviously, last month’s speed up patch KB 3185911 no longer works.

I’ve downloaded KB 3172605 and it’s sitting on my desktop waiting to be installed. That said, maybe it was the frustration of seeing the long scan time return again, or maybe it was realizing that the new Security Only update for W7, KB3192391, is a whopping 79MG, but, I’m tired of this. I’m seriously considering going to group W…and never installing another Windows Update ever again.

Reply | Quote

That’s certainly a reasonable reaction.

One alternative: Wait until you’re serious about installing updates (a week or two or three), then launch the scan just before you go to bed.

Remember, the scan is only useful for those in Group A, and those who want to install the .NET patch.

Reply | Quote

change Windows Update to “never check for updates”
restart the Windows Update service (kills any active patch scans)
install the following and reboot when mentioned:
3020369 (will sometimes scan for updates for a very, very long time before allowing you to install it)
3112343 (reboot after)
3172605 (reboot again after)

Those 3 patches are definitely the fix. It’s built into our MDT image now and we’re seeing zero issues with patch scans from within Windows as well as with Kaseya. The 3112343 seems to allow itself to install even though there are obvious things that seem to supercede it feature-wise.

We’ve got 40 of 40 desktops (different models), all prepped with the same driverless image, all taking ~5 minutes to do windows update scans. It’s a good day again.

Reply | Quote

I tried installing the Windows 8.1 counterparts to these and they just sit there forever saying “Looking for updates on this computer.” the standalone installer is crap.

It seems to work like this. People who don’t want updates get the updates and people who want to update don’t get the updates. IT’S MADDENING!

Reply | Quote

So those three updates can make the WIndows update scan speed up?

I got the first two, but I don’t have 3172605. So if I did apply that one and when testing a scan, it’ll be fast?

Reply | Quote

I’ll wait until after Halloween to try it out.

But is there an update to download for the windows defender for October? aLSO THE malicious software tool for october? Because if I can download those manually thqan using windows update-then I’d be good.

Reply | Quote

On Win7, the Defender updates will install automatically. For now, the MSRT is the least of your worries.

Reply | Quote

I mean those two are alright-windows defender update and malicious software tool for the month. Those are the ones I like to download since those programs need updating once a month (defender had different updates each week-twice a week, but I download the one update each patch month).

So if there are any manual links to them I’ll be happy to download em since my windows update is off.

Reply | Quote

If you turn Windows Update off, using the method I described here

http://www.infoworld.com/article/3128983/microsoft-windows/how-to-prepare-for-the-windows-781-patchocalypse.html

you will still get Defender updates.

Reply | Quote

In my own experience KB3112343 is not necessary. I would suggest you use KB3138612 (the March 2016 Windows Update client) instead if you think it is necessary.

When I rebuilt a number of my Windows 7 virtual machines from scratch, I just installed KB3020369 and KB3172605. Windows Update will then quickly scan and display the updates.

( The only exception where KB3138612 was needed was when I installed the Traditional Chinese (Hong Kong) version of Windows 7. In that case I need to install KB3138612 before KB3172605, otherwise the Windows Update program simply does not work.

In other language versions I tried (US English / Traditional Chinese (Taiwan) / Simplified Chinese / Japanese) KB3138612 was not necessary.

This experience is probably not too irrelevant to most readers here, but I thought it prudent to mention it. )

Hope for the best. Prepare for the worst.

Reply | Quote

You need KB3020369 and KB3172605 only. At least that is what my experience when rebuilding Windows 7 told me.

http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c

Hope for the best. Prepare for the worst.

Reply | Quote

@Anon,

“I tried installing the Windows 8.1 counterparts to these and they just sit there forever saying “Looking for updates on this computer.” the standalone installer is crap.”

After you download the file and put it on your desktop, you have to go into Services and STOP Windows Update (see the First comment in this thread).
Once Windows Update service is stopped the “looking for updates” last about 10 seconds and the install is under a minute. Honestly, once you get it right, the stand alone installer is smooth as dolphin skin.

Reply | Quote

@Woody, on another of your threads, I just made 2 connected comments about the part of the above blogpost that says:

“3172605 is a rollup patch (and thus suspect) that, among other things, breaks Bluetooth on Intel machines,

but Intel has a new driver.”

====
In case some readers of AskWoody.com who have Intel Bluetooth drivers in their computers did not see my other comment, I would like to post an edited version of it here in this thread,
hoping that it might save even one person some lost time and some hassle:

–
–
Intel does not have new drivers for all the affected Windows 7 drivers. I don’t think they have one for mine. And it appears that they plan not to create a new version for a substantial group of older drivers/customers.

The same old list is still going around — the following comment is dated October 3rd but the list of drivers is the old one, from August 9:
https://communities.intel.com/thread/104851

They do not list all their drivers there, and they say
“A solution for additional adapters will come a few weeks later.”

But has there been a newer list created? I am not sure.

—-
There are a number of threads in the Intel customer forum about this issue. In the last page of comments of the following thread,
https://communities.intel.com/thread/104414?start=30&tstart=0,
there are recent comments from several users whose drivers Intel has decided not to replace.

Some of those comments:

“Intel (or Microsoft) is going to have to do something about the drivers for the discontinued Bluetooth adapters. Starting in October, Microsoft will be releasing Windows7/8… updates only as roll-ups, meaning if they include the patch that breaks Bluetooth, you can’t avoid it and receive other updates”

“intel ..dont forget your customers! “not possible” is no solution.”

“It is ms-patchday and the laptop runs now hours-long with high CPU-usage and is nearly not usable. Should that be the future every month from now on? or install ms-patch and lose the bluetooth-functionality?”

And what Intel tells people like them (and me) on that thread is:
“As we mentioned, it is not possible to provide a fix for older adapters.
Bluetooth will function if you remove the updates and prevent Windows from applying them;
or, you can proceed with the Windows updates knowing that Bluetooth will not work.”

You can either have Windows Updates and have KB 3172605/3161608 and go with Group A downloading,
or you can have your computer’s Bluetooth working.
One or the other.

===
Therefore, this is the *second* bad Windows patch that, through no fault of my own, with my computer set-up still being the same as it came originally from the factory, is going to prevent me from being in Group A and accepting Windows Updates as Microsoft intends me to.

===
So if readers here have Intel Bluetooth on a computer that is more than 2 years old, don’t assume that you can go right into Windows Update “Group A” or that you can safely install KB3161608/KB3172605 — first, check out which Intel Bluetooth driver is in your machine, see if it’s on the list of drivers that Intel has published a fix for, and get that fixed, prior to forging ahead with Windows Updates.

If Intel has not provided a fix for your Bluetooth driver, you will either have to
1) lose the Bluetooth functionality in your machine (and get lots of error messages in your Event Viewer even if you never try to use the Bluetooth feature!) or
2) not accept cumulative Windows Updates from now on.

Reply | Quote

Still gonna wait until it’s safe to install any updates.

But can you still scan if you didn’t update the windows defender?

Reply | Quote

ARGH~….This is getting confusing. And I know windows defender always updates each week-twice, but still I am keeping it off until I know it’s safe to install anything.

I’m waiting until after Halloween. But I’m gonna defragment the computer just to keep it defraged and space it out along with scan even if my windows defender isn’t up to the latest update.

Reply | Quote

@Louis,

My understanding, though I may be wrong,
is that if you only want the Security-Only Update, you can get it from the Update Catalog manually and you do not have to run the Windows Update scan, waiting for it to take forever, so you don’t even need to worry about a speed-up patch in that case.

—
A question to anyone —

If you want the cumulative Security+Non-Security Rollup, isn’t it also available in the Update Catalog, just like the Security-Only update is?
…Other than for the ease and familiarity of being in the most automated sub-section of Group A (telling Windows Update to run automatically, as it wishes), why would anyone need to run Windows Update?
Can you find everything that Group A is going to want, with no waiting, if you pull it all from the Update Catalog? Or are there some updates that will not be in the Update Catalog and will only be provided through Windows Update?

Reply | Quote

Put it this way… without KB3172605, last month my checks took upwards of 30 hours. This month, with it? 3 checks that each took less than a minute.

Reply | Quote

Try disconnecting from the internet entirely… that should help.

Reply | Quote

Okay, so We’re back to time-delayed update scans. So if I want the .NET updates, Defender and MSR tool, do the update scan and wait. Is that right? Or do those also show on the WUC?

Otherwise, if some really bright, ambitious, and generous persons continue to list the Security only updates, I’ll just download them and wait.

P.S. The reason I don’t want MS monthly “Rollups” isn’t about snooping. It’s because the d*** updates have broken my machine so many times that I don’t trust them. The fewer there are, the better.

Reply | Quote

@Woody,
Thank you for all your great articles on Windows updates. I have read the Dalai’s post on KB 3020369 and KB 3172605 a few times and still don’t understand it. Could you please explain in layman’s terms how KB 3020369 and KB 3172605 speed up the Windows updates scan? Also, you mentioned to read Dalai’s post for details about problems with both KB 3020369 and KB 3172605. What are the problems for both in layman’s terms?

Thank you!

Reply | Quote

@Woody,
Thank you for all your great articles on Windows updates. I have read the Dalai’s post on KB 3020369 and KB 3172605 a few times and still don’t understand it. Could you please explain in layman’s terms how KB 3020369 and KB 3172605 speed up the Windows updates scan? Also, you mentioned to read Dalai’s post for details about problems with both KB 3020369 and KB 3172605. What are the problems for both in layman’s terms?

Thank you!

Reply | Quote

Megan Ryan,
I am running Win7x64 Home Premium. I installed 3172605 and 3185911 on 10/3/16 when I installed my September updates. I previously installed 3020369 and have been applying the speed-up patches each month. I heard that 3172605 was supposed to be a permanent fix for the slow update searches but who can really say? I was leary of it and held off for awhile but based on info that Intel fixed their Bluetooth drivers I installed it last week. I’ve not noticed any issues with Bluetooth and my search for updates is approximately 5 minutes including searching for today’s October updates. So these updates so far work for me. No telling what will happen when we get Woody’s ok to install October patches later. I have a plain vanilla laptop with no special software other than antivirus.

Reply | Quote

FYI: more info on difference in WU scan speed between (Mar ’16 WU Client update) 3138612 and the June ’16 WUC update (3161608) in the July ’16 rollup update: 3172605

Base: no W10 upgrade or Telemetry updates installed

Yesterday -with Mar ’16 WUC installed- a scan in Windows Update (WU) took < 10 mins.

Interesting, Windows Update MiniTool (WUMT) took 5 mins!!

That indicates to me that there was some sort of “supersedence” slow-down with 3138612 during WUMT-scans eventhough WU-scans were still fast.

Reply | Quote

+1 for those three patches.

Win10 22H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF.

Reply | Quote

^EDIT:^ a paragraph and a half got deleted; reply should read:

FYI: more info on difference in WU scan speed between (Mar ’16 WU Client update) 3138612 and the June ’16 WUC update (3161608) in the July ’16 rollup update: 3172605

Base: no W10 upgrade or Telemetry updates installed

Yesterday -with Mar ’16 WUC installed- a scan in Windows Update (WU) took 5 mins.

That indicates to me that there was some sort of “supersedence” slow-down with 3138612 during WUMT-scans eventhough WU-scans were still fast.

Reply | Quote

>> I tried installing the Windows 8.1 counterparts to these and they just sit there forever saying “Looking for updates on this computer.” <<

So, I wonder why Windows 8.1 has suddenly started having the same update problems as Windows 7?

The last time I installed Windows 8.1 was about 2 or 3 months ago and the initial check for updates took less than a few minutes. And, after the first reboot, the rest of the updates appeared almost immediately.

Now, W8.1 is having the same "wait forever" check for updates? I'm sorry – but it seems more and more likely that this whole W7/8.1 update fiasco has been deliberately 'engineered' by MS to frustrate people and get them to move to Windows 10.

And, their behaviour with GWX over the past year doesn't help me think about giving them the benefit of the doubt.

I think they started with W7 because it had (and still has) the biggest user base now they've decided to move on to frustrating W8.1 users. Possibly because they might think people who get fed up waiting for W7 updates might move to W8.1 instead of W10.

Just my opinion, of course

Reply | Quote

please DELETE both of my replies… for some reason, parts of it are not showing up Thanks

Reply | Quote

@Woody: There’s an even simpler solution. However, I was only limited to testing this on 3 machines but all of them found the updates in a matter of minutes.

So what is this magical solution that seems to be better than installing unrelated servicing stack patches and rollups?

Straight up install one of the latest standalone Wwindows Update Clients. No joke, that is all there is to it.

After finishing the installation for Windows 7, upon the first boot install KB3112343 or KB3138612. Reboot after installing the patch, search for updates and you should be seeing the 200+ patches in a matter of minutes

http://www.sevenforums.com/windows-updates-activation/385734-update-issues.html

http://forum.notebookreview.com/threads/how-to-speed-up-the-first-windows-7-update-scan.796219/

Reply | Quote

krelay says :”It’s sufficient to install one of the Servicing Stack Updates”. The latest one (KB3177467)is not needed.

Reply | Quote

I am now on Group Linux on my big laptop, and Group W on my desktop and the older little laptop. The latter after having Update running for 2 days without success. I see Linux in my future. The one good thing about the W10 fiasco and the removal of any control over updates is that it’s turned this previously low level tech-literate user into a beginner geek.

Reply | Quote

Surprised to see the update check take mere seconds today.
Had switched from check but ask before downloading to never check yesterday, fearing some auto-update to Windows Update or smth of the sort, but after seeing nothing like that reported I dared a manual check and it was very brief, after taking between 20 min and 1h whenever the month’s security updates were released before.
Just installed (well, ran) the MSRT to get it out of the way. Other than that, see the .NET update and the October bundle under important and that one supposedly clearing “upgrade” related stuff in optional since I had left it there so far.
2952664 stayed hidden, interestingly. Had hidden it when the new version appeared, so ended up with 2 instances of it in hidden, now I checked and saw just the new instance, with a release date of yesterday, but it did not unhide itself, as such patches kept doing when rereleased before.

Reply | Quote

KB3112343 was necessary for us as it allows Kaseya to use the windows components to do a proper scan of missing patches. Without that patch installed, the patch scans consistently fail and show no patches available.

We tried each Windows Update update individually in dozens of VMs until we determined that this one patch was the culprit as to why some PCs were patch scanning and others were not. Later versions of the patch do not fix that issue.

I know it hasn’t been formally identified yet by anyone else as something that helps with scans, but it definitely does something on the backend with the built-in windows components that allows for a proper patch scan to be performed.

Reply | Quote

If your WU setting is set to anything other than “Never Check” breaking the internet connection might be a good trick. However, simply changing the WU setting to Never Check and killing the WU service has worked for me every single time without fail.

I update numerous systems remotely so disconnecting from the internet isn’t an option. Changing the WU setting to Never Check & killing the service has worked for me perfectly more than 100 times over the past several months!

Reply | Quote

I changed my computer settting to NEVER check for updates a couple of days ago.
Late yesterday afternoon (10/11) I did a manual Windows Update search. It only took a couple of minutes.
The results were…
kb3185330
kb3188740
kb890830

Just a few minutes ago, reading Cavalary’s post regarding doing a manual check for updates then checked for hidden updates and the kb2952664 was there etc. etc.
I deceided to check my hidden updates as I hid that kb and many others.

They are all gone! I have no more hidden updates! None, zip.
WTH?

Reply | Quote

Ok, I just did another manual Windows update.
Took less then 2 minutes.
Results same as above for important plus now I have 2 Optionals
Silverlight and MSE definitions

Deceided to checked hidden updates, and they are all there now.
WTH?

Reply | Quote

I tried Windows Update check on my Vista box last night and gave up after an hour. Installed KB3191203 this morning and subsequent check took 30 mins. (See bulletin MS16-120)

Reply | Quote

Excellent news. Thanks!

Reply | Quote

My update parameters are set at: Show me the updates, but I’ll decide. The first batch of Oct updates just came through on my Win 7 Pro 64-bit laptop. Of course I will wait my usual 3-4 weeks to let the dust settle before my monthly task of weeding the “Yes” from the “No” updates.

Regarding the grinding of CPU and memory for Win 7 updates: I never had the patience for the machinations of various circuitous paths to speeding-up that whack-a-mole process.

My approach was to simple (a) let the update process grind to show me the list after released and then (b) stop the update service each day when I logged into my laptop. Then, when I figured out the updates I wanted installed, I let the process grind overnight.

However, last month I did spend about 15 min and found that I had the past installed updates mentioned on this site that speed the update process. So far, I have found that the Win 7 update list generation does not grind away…so far. So perhaps MS has finally fixed this issue with their new update approach. We’ll see.

GL to all, and many thanks to Woody for his service to millions of users!

Reply | Quote

Just installing KB3172605 was enough to speedup the search. Then I just installed the .NET Framework update from WU and grabbed the security-only patch from the Microsoft Update Catalogue thingy. Not touching the whole October rollup offered on WU. It’s possessed by Satan I am sure. This little old netbook should be OK for another month now..

Reply | Quote

It might sound like a nutcase but let’s see how it goes for our own private PCs at home:

Step 1 – download either KB3185330 rollup and extract win32k.sys as follows:

https://download.microsoft.com/download/B/5/2/B529D2A4-14F5-4306-BB73-7AC1A6311629/Windows6.1-KB3185330-x86.msu

expand Windows6.1-KB3185330-x86.msu -f:Windows6.1-KB3185330-x86.cab .
expand Windows6.1-KB3185330-x86.cab -f:win32k.sys .

https://download.microsoft.com/download/3/0/7/30782EFF-DD02-4462-9E95-BBE736663934/Windows6.1-KB3185330-x64.msu

expand Windows6.1-KB3185330-x64.msu -f:Windows6.1-KB3185330-x64.cab .
expand Windows6.1-KB3185330-x64.cab -f:win32k.sys .

Step 2 – verify either file is actually extracted properly:

x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23545_none_bb64e18111fe25dawin32k.sys
Win32k.sys 6.1.7601.23545 2,399,232 12-Sep-2016 20:28 x86 None Not applicable

amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23545_none_17837d04ca5b9710win32k.sys
Win32k.sys 6.1.7601.23545 3,218,944 12-Sep-2016 20:37 x64 None Not applicable

Step 3 – grab this tool called “Replacer” and replace an existing version of win32k.sys with the latest one from extracted from KB3185330 rollup:

http://www.askvg.com/right-click-replacethis-free-portable-utility-to-replace-system-files-in-windows-7/

Step 4 – reboot and disable “Windows Update” service temporarily:

net stop wuauserv

Step 5 – run that “Check for updates” again

wuapp.exe

Reply | Quote

Thanks for your post. I have found it accurate and mirroring my own experiences on the Intel forums.

My first attempt to update the drivers resulted in a blue screen at start. Only a safe mode start and then a system restore saved it.

I then found that some Intel drivers are for the wireless only and not the BT/wireless combo. I finally downloaded the Intel Driver Update utility which identified 2 sets of drivers – the BT and the wireless. I installed the BT with great trepidation and it WORKED! I have not updated the wireless at this point. I also played it safe and did not install KB3172605. Why mess with success.

As I was doing the update, I came to the conclusion (dangerous thought) that the Intel directions to remove the old drier first may have been the problem. I suspect the Intel Driver Update Utility looks at the hardware AND driver version. Without a driver version (if you uninstalled it) it might not be accurate.

I have a desktop with an true Intel MB with Intel LAN chips and drivers. For that board it was always install the new drivers in ‘repair’ mode which updates the drivers and kept the settings. It has been 100% successful. That was what made me think the Intel forums guidance my be incorrect. When I did the BT update using the Driver Update Utility, it selected the correct file, did the install and it defaulted to the ‘repair’ setting.

I am not sure I am correct, but that is my experience.

PS: Given that this business grade laptop has always been a bit picky with a first connect to wireless, but it good thereafter makes it great for standard locations, but at times a pain for roaming. My live image tests with Ubuntu 16.04 LTS and most recent Linux Mint LTS distros show it is much better at connecting. I suspect it may be the Lenovo Business utility for connecting. I have found Linux to be great for roaming with a laptop.

Reply | Quote

Does the July 2016 Rollup (KB3172605) collect any user data for Microsoft?

Reply | Quote

Isn’t this Abbodi’s technique? Sounds great – but it’s way too complicated for normal people.

Reply | Quote

Me too. Don’t trust the updates to work properly

Reply | Quote

Oh, I set it to never check and killed WU in the task manager as well… I just also disconnected from the internet because it was still taking forever for me last time I tried it without doing so.

Reply | Quote

INTERESTING!!! I just checked to do a screenshot of my hiddens and they are GONE!!! They were there last night but gone now.

My Win7-64 Pro box is set to Never check. I ran a manual scan to see how long it took and took a screen shot for possible later reference in the update catalog. I was served up the rollup, the .Net rollup, the MSRT, a Word security patch and the Silverlight patch. I installed nothing and shut down WU. I suspect revealing the October 2016 rollup wiped out the hidden files since they would be superceded by the rollup.

What do you think?

Reply | Quote

No, it is possessed by Satya… (smile)

Reply | Quote

Hi Woody, for a clean install of windows 7 pro edition (April 2016) for which WU is never able to return anything, does a list of ALL the critical security KBs (ALL patches that should be applied) exist somewhere?

Reply | Quote

From WUC:
.NET rollup
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=kb3188740
.NET security only
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=kb3188730
(for next month and thereafter, look for the new kb numbers to be posted by someone on this site, or try ++framework)
MSRT
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=october+2016+malicious
(for next month and thereafter, adjust search string accordingly)

From Download Center:
.NET
It doesn’t seem to index downloads by the kb numbers, but you can find a specific one with a google search for “download kbXXXXXXX site:microsoft.com” (or use any other search engine that supports the site: feature; replace the Xes with the actual number you want).
MSRT
https://www.microsoft.com/en-za/download/malicious-software-removal-tool-details.aspx

Whether they will still keep posting on Download Center in the future is unknown. The MSRT will probably always be available there, though.

Make sure you always download for the correct Win version (double check the download title and filename carefully)!

Defender
https://www.microsoft.com/security/portal/definitions/adl.aspx
There is a list of links for many different products – MSE and Defender among them – halfway down the page. Note that these are not WU packages but plain executables; I personally have never used this method.

Reply | Quote

Make sure you install KB 3020369 and KB 3172605?

If so, use Windows Update and just look for patches that say “Security.”

Reply | Quote

Just dawned on me. If in Group B don’t need kb3172605 containing the speed up patch cause the new way doesn’t come via w update. Duh

Reply | Quote

@ Kate C;

Re:

“The one good thing about the W10 fiasco and the removal of any control over updates is that it’s turned this previously low level tech-literate user into a beginner geek.”

+1 But…..if I had my druthers I’d spend my time on something else.

Reply | Quote

@Woody@tleonard;

Re:
“It might sound like a nutcase but let’s see how it goes for our own private PCs at home:”

And that does…..????

Reply | Quote

Group “L”!

Reply | Quote

Did you get individual Vista patches, or one big rollup?

Reply | Quote

Well I did overlook one step above as all the systems I support already have their WU settings set at Never Check.

After you CHANGE the WU setting to Never Check you must restart the system.

Another thing… killing the process in task manager isn’t the same as stopping the service. Stopping the service needs to be done from the “Services” panel.

Reply | Quote

@Bill C.,

Thank you for confirming that what I wrote is broadly correct in your experience, and as compared to what you have read on the Intel customer forums.

Your expertise of dealing with installing and perfecting these drivers (even to the point of realizing that Intel’s instructions were partially incorrect and making the correct adjustments in them yourself) is way beyond my understanding/capability, but I’m glad you got it to work for you, at least the part before you stopped updating in order to avoid “pressing your luck” too far!

There seems to be no straightforward path for me as a non-techie to take, so I’m going to leave my Intel bluetooth situation as is.

I can’t be in the Group A Windows Update group anyway, because of a different patch from spring 2015 that clashed with my Lenovo. (Did your Lenovo also have problems with kb3033929?)

Reply | Quote

Yep.

Reply | Quote

Individual except for a rollup .NET patch.
I’ll probably skip that and pick the individual security-only versions I need from the links in the bulletin when I’m ready.
Scan time is down to 10 mins. after booting from power off, nothing else installed yet.

Reply | Quote

I thought about your issues with Lenovo and KB3033929 after replying to me in another thread. This is related to a major shift in security on the internet in general, i.e. moving from SHA-1 encryption to a stronger model based on SHA-2, in fact SHA-256 or SHA-384. Your issue is not a widely reported problem at the moment and I am wondering if other components are out of date, like the Lenovo laptop BIOS or security software installed on the laptop. 2 years old laptops are not so old and any manufacturer and in particular the major ones like Lenovo provides support for at least 3 years.
SHA-2 is something which was not considered as extremely important at the time of Windows 7 release back in 2009 and is one of those things which suddenly come up as critical and depend on a lot of other components which need to be up to date.

Reply | Quote

Okay! That’s what I’ve been saying here in several posts in the last 2 days, and wondering why everyone was rushing to get 3172605 on their systems, but no one else was saying this about Group B’s not needing to use Windows Update in the first place, so I thought I had a misunderstanding somewhere.
That is good news.

Reply | Quote

Just fired up the Lenovo laptop without KB3172605 with the internet wireless turned off and checked for my hidden updates and they were gone! I have not used the machine since 10/5 and they were there then. Last updates were 9/28.

Since it had not connected to the internet, it looks like something set a delete hidden updates flag.

Group B trending to Group W for me. I wonder if any others other than Post 16 and myself have this.

Reply | Quote

Wow… very cool.

How did you determine the command line for the verification (Step 2)?

Any links where I could learn more about your technique?

Reply | Quote

Spare yourself the trouble and install 3172605
unless you decided to stop updating

Reply | Quote

It’s all magic, smoke and mirrors. Some people much smarter than I figured it out.

The big problem is that 3172605 kills some Intel Bluetooth drivers – and Intel hasn’t bothered to fix it.

Reply | Quote

No it doesn’t

Reply | Quote

Regardless of reasoning behind the patches which was explained many times here, they would have to be installed eventually. Just install them manually first and everything else that comes on the pipe next.

Reply | Quote

Yes it is abbodi’s technique and it is too complicated and it is there only for academic purpose. Just install the official patch as is.

Reply | Quote

As I understand it, tleonard is attempting to extract the component of this month’s “speedup patch” and install it to achieve the same effect as previous months’ speedup patches, at least until the November Patch Day.

Hope for the best. Prepare for the worst.

Reply | Quote

Thanks for that.

Reply | Quote

I want to add to the confirmation. I have KB3020369, and installed kb3172605. My update scan time after installation was 3 minutes. Previous scan unknown because it never did return results. I don’t have an intel bluetooth to worry about, but I may uninstall 3172605 anyway.
Currently allowing install of .NET and Word security update, along with MSRT and Defender.

Reply | Quote

@ch100,

Thank you for thinking about my issues and giving me some suggestions to look into.

My computer is probably closer to 3 years old than it is to 2 years old, by this point in time.

If the age of the computer is important in terms of getting the manufacturer updates, I think that Lenovo provides me with updates still, so that is no problem for my computer: There is a special update checking program on the computer that connects with Lenovo’s servers and it still works.

–
Answers to your questions about my components:

1. the bios

My bios is confirmed as the latest version.

I check my computer’s status monthly with the Lenovo servers via the Lenovo ThinkVantage System Update program on my computer.

—
2. security software

The only security software I have is Norton Internet Security, and it’s up to date.

(Well, I do have a passive Malwarebytes and a passive Ccleaner, and they are up to date also.)

—
As I explained earlier, I wonder if it is the fact that there is a weird manufacturer-installed partition (based on the factory installation disk settings, and not changed by me at all), which does not behave correctly.

The partition caused me several different, time-consuming problems when I first got the computer, but then I got those straightened out – I had to reinstall the system from the factory disks several times, but then it worked okay, and the partition seemed to be okay.

However, after a year, when trying to install kb3033929, the weird partition might have clashed with kb3033929.

The reason I think that the weird partition caused my computer’s problem with kb3033929 is based on the Microsoft technet forum’s discussion thread about various problems with installing kb3033929, which last week I quoted from on my descriptive message to you about my problems with kb3033929.

They noted that there were some customers who might have a strange-acting manufacturer-created partition that clashes with kb3033929. If that was happening on a person’s computer, the advice from those technicians was not to try to reinstall this patch, because the only option was to wait for Microsoft to have a solution.

Now, I don’t know how these things are inter-related: would updating the bios affect the way the manufacturer-created partition would interact with a windows update patch?

I HAVE updated the computer’s bios since the last time I tried to install kb3033929, so it’s now a newer bios (it is the most recent one that Lenovo has published for my computer).

If I were to try kb3033929 again, I’d want to be pretty sure that it was safe to install, because it put me through a lot of pain before — reboot loop, BSOD, incomplete system restore, screwed up external programs that had to be reinstalled.

Whereas a lot of people will want to try new things to see if they will work,
when it comes to major stuff that I can’t afford to break and don’t know how to fix, like a computer, a car, prescription medications, or whatever, I go the conservative route — the physician’s creed of “first, do no harm” is my motto.

Reply | Quote

@Anonymous,

kb3172605 is an “optional” patch and, at this point in time anyway, that means that it does NOT “have to be installed eventually”.

My impression is that you don’t have to install it if you don’t want to (or if you are wary about it), and your computer will be okay without it.

I have not installed it because it does not work with my Intel bluetooth driver. My computer is fine without it. Other people here have reported that their computers are fine without it.

One day, if that patch is moved from “optional” to “security and important”, then you will likely wish to install it then.

Reply | Quote

@Kate C.,

Whereas it’s turned *this* tech-illiterate user (me)
into a nervous wreck.

I’m not really a nervous wreck, of course, but it’s taken so much time, so much mental energy, and it hasn’t really achieved anything except for letting me keep my computer working slightly less well than it used to. One step forward, nineteen steps back.

I’m not so much a geek, more like a nerd, and I was already an intermediate nerd (but not with I.T., which is not my cup of tea).
It’s probably the portable aspects of the nerdiness tendency that have helped me survive the Microsoft pain and annoyances of the last 18 months.

In that time, maybe I could have picked up a qualification as a pastry chef or a tax preparer or something else remotely useful and productive.

But no, what I have to show for it is an excel spreadsheet of kb numbers, 200 posts on askwoody.com, a brain bruise, and a hobbled computer that is simply 18 months closer to obsolescence.

Reply | Quote

Thanks for the info. However, in my case it took almost 1½ hours after manually installing KB3191203 before the Windows Update check found the other updates. I had not tried checking for updates before installing KB3191203, so I cannot say with certainty whether it was an improvement or not. I think it is though. In previous months without manually installing the “magic patch” Windows Update check could go on for many hours without coming up with any result, therefore I guess 1½ hrs. is an improvement.

I still long for previous years though, when update checking took 30 minutes max, usually 20 minutes or even less

Reply | Quote

Bill C
I’m post 16.
After I did a manual Windows Update, I checked
for hidden updates and they were back.

However,
when I turned off my computer and then restarted it…
I went to windows update again and just checked for “hidden updates” and they were gone again.

Did a manual update and they were back.

Reply | Quote

I forgot to mention,
I did all the “magic” patches from day 1.
I did Canadian tech’s fix.
and I also noted that I had that “3rd” patch mentioned.
Windows Update takes only a couple of minutes now.
Where as before, it was slow, slow, slow as was my MSE definitions download.
So it appears that,
something I did is working for me.
As I’ve said before, the only updates I have done in the last year and a half were “critical” updates, with the exceptions of the “magic” patch and Canadian tech’s fix.

Although I was tempted to download all the other “security” patches I have hidden, I’m a little hesitant to do so.

Windows 7 SP1 64 bit (purchased in 2013)

Reply | Quote

Thanks Woody!

Another question: Should I avoid any of the security only patches for windows 7 that’s out there, either because they broke windows and there’s no fix or because it snoops too much? Or are they generally all safe bets?

Reply | Quote

Wait for ms Defcon 3

Reply | Quote

I meant in terms of the security updates from the previous months and years, since it’s a clean install that was done on this particular windows 7 laptop which was reinstalled due to the never-ending WU scan back in March/April (the rest of my devices are upgraded to windows 10 version 1511). Is there any security patch prior to this month’s patches that I should hide/avoid?

Reply | Quote

We’re of two minds on the topic.

Some folks only install patches clearly identified as “security.”

Others install all of the patches, up until this month.

And many step between those two extremes.

The one thing almost everybody agrees on: Don’t install KB 2952664. If you found that you installed it, uninstall it.

http://www.infoworld.com/article/3127809/microsoft-windows/detested-get-windows-10-snooping-patch-kb-2952664-reappears.html

In the end, it’s a question of whether you’re in the “Group A” or “Group B” camp.

Reply | Quote

Out of curiosity I left 2 machines running, searching for updates. One has the supposed magic patches installed, the other does not. The first took 38 hours, the second finally found the updates after 69 hours. No I have not installed any of them and at this point I don’t intend to.

Reply | Quote

OUCH! That’s dedication for ya.

Which magic patch? Win7, I assume.

Reply | Quote

Instead of installing KB 3020369 and then KB 3172605. Why not install KB 3177467 then KB 3172605? KB 3177467 appears to be a newer than KB 3020369.

Reply | Quote

Either will work
but 3177467 is an exclusive update, must be installed first and alone and doesn’t allow pending servicing status, until you reboot

Reply | Quote

I want to thank the folks that put up the speed up Win 7 Kbs (KB 3020369 and KB 3172605). I don’t know what I would have done without the help of these great posters of these. I downloaded both (following instructions) and found I had one of them but not the other. They did their install thing (REM: NEVER on Win update site!!!!! before install–I deliberately made sure my wifi was OFF when I made the checkmark change). Worked like a dream–installed–did a restart and then went to updates–checked for updates and waited 2 1/2 minutes and then the updates popped up.

KB ….664 was now an unchecked optional choice–on my hubbies update (he never has issues with his Gateway–I do (Toshiba)–664 was a recommended on his. Hmmmmm.

I did not choose to DL 664.

Woody, this site is so valuable!…maybe next month these Kbs will still work?????

Thank you all.

Reply | Quote

How do you find out each month which Kbs are needed for the speedup?

Reply | Quote

The people who find the KBs are magicians. Actually, they know exactly what to look for.

In the future, there won’t be any speedup patches. You’ll either join Group A – in which case you’ll get the speedup patch automatically, or you’ll be in Group B, and you’ll download and install the patches manually.

The end of an era is at hand.

http://www.infoworld.com/article/3128983/microsoft-windows/how-to-prepare-for-the-windows-781-patchocalypse.html

Reply | Quote

That is now my experience. Updates are set to never. When I check hidden updates or smanually run a check, it show no hiddens. However, if WU returns some updates, it WILL show the hiddens, but if I close WU without installing, the hiddens will not reappear until I do a complete scan.

On the laptop, since I cannot add the magic KB due to the Intel BT issue, it is SLOW. I guess the laptop is now group W, since I will not wait hours. When the dust clears I may check the catalog and update manually, but will probably swap in an SSD and go to group L for Linux.

Reply | Quote

Woody,

Wait for Patch Tuesday in November, then just visit MS Catalogue, type in the October Rollup numbers, navigate to Package Details and view the patch numbers that replace them

Reply | Quote

Tricky. I like it!

Reply | Quote

@Lea,

Woody has published some blog articles here on askwoody.com on the topic of security patches prior to Oct. 2016 which people recommend to hide/avoid. The most recent article he did on this subject was just 2 or 3 weeks ago.

If you look through the archives of this site, you will find that many blog articles and comment threads touched on your question. Many people have contributed their lists of patches to avoid in the past year.

Unless you want to accept everything that Microsoft wants for your computer, which is now called “Group A” here on askwoody.com, you will have to study the issue of patches released prior to October 2016 that various people have said to avoid, and figure out what the right path is for you to take.

Reply | Quote

1) According to M$, KB3172605 was “re-released on September 13, 2016 to address an issue in one of the included updates”.

2)The KB page no longer has a “Known issues in this update” section.

So apparently the new version fixes the Bluetooth bug.

Reply | Quote

The extraction and verification went fine.

When I ran Replacer, I tried to drag-n-drop win32k.sys into the dialog box without success.

Reply | Quote

I have checked out of WU for quite awhile, shut off since June’s updates. But I am going to add a virtual box and install a Linux set-up and some programs I need, hopefully tomorrow, and decided I should check back in. I’d rather minimize snooping but not miss out if there are any important security updates. So, given that I’ve had WU turned off for 4 months, do you have any recommendations? I am willing to install Kb’s one at a time forever. Any thoughts appreciated. Thanks!

Reply | Quote

@poohsticks

Kind of off-topic but here’s some more good news for you and other Lenovo users. Not so good for some other brands.

http://www.ghacks.net/2016/05/31/oem-updaters-put-pcs-at-risk/

Reply | Quote

What if Group B have Office?
they still need the speedup fix to get Office updates via WU?

Reply | Quote

kb3172605 was updated ~Sept. 12. The x86 version of the updated patch at
https://support.microsoft.com/en-us/kb/3172605
has files in it dated Sept 8. But the x64 version files are all dated July 15 — nothing newer. This goes for the .msu file from the KB site as well as the Update catalog source. Anyone know what this is all about?

Reply | Quote

MU catalog has the new version for both
http://www.catalog.update.microsoft.com/Search.aspx?q=kb3172605

Reply | Quote

And so it does… using Firefox. I had used internet explorer to access MU 3 hours ago, and got the old version for W7X64 with a different filename. Weird. Tnx!

Reply | Quote

So KB3020369 and KB3172605 are the updates needed to speed up windows update right? Just 2 updates to speed up WU? Or is there something else Woody?

Reply | Quote

Woody,

I tried your above method following the instructions on infoworld, but I can’t install the five primary KBs, they all stop with error popup stating 0x80080005 can’t execute from the server.

Microsoft community has no appropriate answer regarding the error code.

Reply | Quote

Which article are you referring to?

Try this:

http://www.infoworld.com/article/3136677/microsoft-windows/how-to-speed-up-windows-7-update-scans-forever.html

Reply | Quote

Thank you for such a rapid response.

I had gooled and found this one: http://www.infoworld.com/article/3105605/microsoft-windows/2-easy-steps-to-speed-up-windows-7-update-scans.html

Will read through and try the updates in the more recent article.

Reply | Quote

Not a goof! I’m amazed by the number of people who are still referring to the older versions of the articles. The Nov 4 article is the latest, though – and I’m worried that something will happen to upset the applecart.

1 user thanked author for this post.

ve2mrx

Reply | Quote

Hi all!

@Woody, I’m wondering if this article should get a revisit considering the recent SHA-2 patch and SSUs?

Martin

Reply | Quote