Newsletter Archives

• The bugs in this month’s Win10 version 1903 and 1909 Cumulative Update have prompted MS to issue a call for help – but where’s the telemetry?

  Posted on April 27, 2020 at 07:26 CDT by woody • Comment in the Forums

  It’s good that Microsoft has acknowledged the bugs in this month’s Cumulative Update. I’ve looked and looked, and haven’t found any patterns. So I feel their pain.

  But… why isn’t Windows telemetry picking this stuff up? We’re sending copious quantities of data to Microsoft every time we use Windows. MS says they aren’t using it to sell things to us. Okay. But if the telemetry isn’t there to pinpoint and fix these kinds of problems, why do we bother?

  Details in Computerworld Woody on Windows.

  Windows Patches/Security April 2020 Black Tuesday, telemetry

• This month’s Win7 and 8.1 “security only” patches install and activate telemetry systems

  Posted on September 12, 2019 at 10:31 CDT by woody • Comment in the Forums

  Back in July, we discovered that the Win7 security-only patch was installing and activating telemetry (read: snooping) subsystems.

  The August security-only patches didn’t include telemetry, and many of us breathed a sigh of relief.

  Now it looks like the September security-only patches have telemetry once again — and not just for Win7.

  Details in Computerworld Woody on Windows.

  Windows News KB 4516033, KB 4516064, snooping, telemetry, Win7, Win8.1

• Windows Blog: “Data, insights and listening to improve the customer experience”

  Posted on March 7, 2019 at 14:03 CST by woody • Comment in the Forums

  Yesterday, Rob Mauceri and Jane Liles published a white paper on the Windows Blog that talks about using telemetry to figure out if a patch is ready for deployment:

  We approach each release with a straightforward question, “Is this Windows update ready for customers?” This is a question we ask for every build and every update of Windows, and it’s intended to confirm that automated and manual testing has occurred before we evaluate quality via diagnostic data and feedback-based metrics. After a build passes the initial quality gates and is ready for the next stages of evaluation, we measure quality based on the diagnostic data and feedback from our own engineers who aggressively self-host Windows to discover potential problems. We look for stability and improved quality in the data generated from internal testing, and only then do we consider releasing the build to Windows Insiders, after which we review the data again, looking specifically for failures.

  In other words, MS looks at the telemetry from dog food runs and, if all looks copacetic, the Insiders get it.

  I’m not going to snark about it (you folks can do that better than I). It’s obvious that the people involved have advanced tools at their disposal, they’re good at what they do, and they know the statistical analysis cold.

  But you have to ask yourself… If the model’s so great, why did Destiny 2 and CoD get hit so badly last week?

  Why do we continue to get solid, acknowledged bugs with almost every Windows patch on Patch Tuesday?

  And… how on earth did Win10 version 1809 get let out of its cage?

  Windows Patches/Security telemetry, Windows updating

• Windows 10 Enterprise: Does setting telemetry to zero disable cumulative updates?

  Posted on March 20, 2018 at 06:17 CDT by woody • Comment in the Forums

  A very interesting post this morning from Günter Born. In a nutshell:

  • If you’re running Win10 Enterprise
  • And you aren’t connected to an update server
  • And you set the level of telemetry to “Security data only” (HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection\AllowTelemetry set to 0)

  You don’t get any cumulative updates.

  Sounds like a bug to me. Can anyone out there confirm?

  UPDATE: @teroalhonen pointed me to the Microsoft documentation for the AllowTelemetry setting:

  Security level

  The Security level gathers only the diagnostic data info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.

  Note

  If your organization relies on Windows Update for updates, you shouldn’t use the Security level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.

  Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is diagnostic data data about Windows Server features or System Center gathered.

  Sure enough — it’s not a bug, it’s a feature!

  Windows Patches/Security Cumulative Updates, telemetry, Win10 Enterprise

• MS re-re-..release (again) of KB 2952664 and KB 2976978

  Posted on June 6, 2017 at 16:09 CDT by PKCano • Comment in the Forums

  We’re seeing a recurrence of the two snooping patches KB2952664 for Win7 and KB2976978 for Win8.1. The last time they showed up, was on March 7th, but now they’re back……

  MS re-re-..release of KB2952664 and KB2976978

  Microsoft describes them as a “Compatibility update for keeping Windows up-to-date.”

  This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.

  They are appearing as unchecked Optional now, which means they won’t be installed unless you check the corresponding box in Windows Update.
  Their status may change next week to Recommended and, for some, they may show up as checked Important on Patch Tuesday.

  Windows Patches/Security KB 2952664, KB 2976978, snooping, telemetry, Windows patches

• Win10 telemetry tweaking

  Posted on December 20, 2016 at 04:57 CST by woody • Comment in the Forums

  Interesting letter from UKBrianC:

  Reading the discussion re. killing Cortana and the suggested tweaks from the WinAero site got me thinking what is the general opinion on the reducing telemetry suggestions on the same site?

  http://winaero.com/blog/how-to-disable-telemetry-and-data-collection-in-windows-10/

  The reduction in CPU activity I have seen has been significant in the “first half hour” after startup but I don’t know if something important is being missed that will cause problems down the line. It has worked well for me so far (updates have been successfully installed/no errors or crashes) but defining what that even means is difficult because how do we really know what is still being collected/sent?

  (I can answer the last question – we don’t have any idea what is being collected or sent.)

  Other telemetry

• Care to join a Win7 snooping test?

  Posted on November 23, 2016 at 05:42 CST by woody • Comment in the Forums

  This from MrBrian:

  I am conducting Windows telemetry technical tests similar to Ed Bott’s tests (https://www.askwoody.com/2016/the-inside-scoop-on-windows-snooping/), but instead I am testing Windows 7 x64, and I am using Microsoft’s Process Monitor instead of Resource Monitor.

  Background information from Microsoft: “Windows 7, Windows 8 and Windows 10 Telemetry Updates (Diagnostic Tracking)” – https://blogs.technet.microsoft.com/netro/2015/09/09/windows-7-windows-8-and-windows-10-telemetry-updates-diagnostic-tracking/.

  The October 2016 monthly rollup previews and November 2016 monthly rollups contain the Diagnostics Tracking Service, as did some previous Windows updates. See http://www.infoworld.com/article/3132377/microsoft-windows/microsoft-previews-telemetry-push-with-new-win781-patches-kb-3192403-3192404.html for more information.

  The first question that I’d like to address is: does participation in the operating system’s Customer Experience Improvement Program change what the Diagnostics Tracking Service does? Background information about the Customer Experience Improvement Program is at https://www.microsoft.com/products/ceip/en-us/default.mspx.

  How to test:

  1. Set the operating system’s Customer Experience Improvement Program participation setting to the desired setting by following the instructions at http://www.infoworld.com/article/2981947/microsoft-windows/the-truth-about-windows-7-and-81-spy-patches-kb-3068708-3022345-3075249-and-3080149.html.

  2. We need to know the PID (Process ID) of the instance of process svchost.exe that runs the Diagnostics Tracking Service. We’ll do so by using Resource Monitor. Start Resource Monitor by following the instructions at http://www.digitalcitizen.life/how-use-resource-monitor-windows-7. In the CPU section of the Overview tab, find the row with “svchost.exe (utcsvc)” in the Image column and note its corresponding PID in the PID column. This value changes every time you start the operating system.

  3. If you don’t have Process Monitor, download it from https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx.

  4. To reduce memory consumption in Process Monitor, make sure Filter->Drop Filtered Events is ticked. Then exit Process Monitor and start it again to ensure this setting has taken effect.

  5. Add a filter by using Filter->Filter to add filter “PID is <number from step 2> Include”. As an example, my filter is “PID is 472 Include”. Make sure there isn’t more than one filter of type “Include”.

  6. Press the Clear button to clear the output.

  7. Run Process Monitor for at least 70 minutes (and preferably longer) to see patterns that may emerge in the output.

  8. You can toggle capturing of events on or off by pressing the Capture button.

  When Process Monitor has run for a few days on my computer, I’ll report the results here. Feel free to run your own tests and report your findings; be sure to include which operating system you are testing.

  Windows Patches/Security Diagnostics Tracking Service, KB 2952664, telemetry

• Is it possible Microsoft will install telemetry in a Security-only update?

  Posted on November 16, 2016 at 05:28 CST by woody • Comment in the Forums

  Interesting question from MA:

  This is a question about the “Group B” approach to safely updating Windows 7.

  If I understand correctly, the Group B approach is to install the security-only patches from the Microsoft Update Catalog rather than from the (formerly) beloved Windows Update. Things like .net patches would still be installed via Windows Update.

  Is it possible for a security-only patch installed in this way (from the Microsoft Update Catalog) to be a patch for, say, a telemetry function that has so far been evaded by using the Group B approach?  If this can occur, then what happens to the attempted installation of such a security-only patch?  In particular, is it possible that finding no target, this patch can then cause the unwanted telemetry function to be installed?

  My answer:

  Is it possible? Sure. In the post-Get-Windows-10 era, anything’s possible.

  But I think it’s highly unlikely. Microsoft has promised thousands of corporate customers that it won’t play games with the Security-only updates. It’s hard to imagine shenanigans that would cause Microsoft’s credibility with the industry to fall even lower. This would be one of them.

  Far more likely at this point is that Microsoft will introduce bugs in Security-only updates, which are subsequently fixed exclusively in the Monthly rollups, the Group A patches, which contain both security and non-security elements (and, potentially, added telemetry).

  I’m looking at one reported case now. If anything solidifies (and I can wrap my head around it), I’ll be sure to yell real loud.

  Windows Patches/Security Group B, telemetry
• « Older Entries