List of Windows 7 telemetry updates to avoid

Discussion in 'privacy general' started by Stefan Froberg, Aug 24, 2015.

  1. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    KB2952664 Compatibility update for upgrading Windows 7
    KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
    KB3021917 Update to Windows 7 SP1 for performance improvements
    KB3022345 Update for customer experience and diagnostic telemetry
    KB3035583 Update installs get windows 10 app in Windows 8.1 and Windows 7 SP1
    KB3068708 (replaces KB3022345) Update for customer experience and diagnostic telemetry
    KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
    KB3080149 Update for customer experience and diagnostic telemetry
     
  2. PallMall

    PallMall Guest

    Checked- Thanks
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Is there somewhere a list for Windows 8.1?
     
  4. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Thanks. I've hidden all these but it's good to see a list.
     
  5. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    Thanks for the list Stefan , having it neatly formatted like that makes for an easy search in the Update history.

    Only KB3021917 slipped past me but I'm wary of uninstalling it.
    Last time I tried to remove one , the process was left hanging , and on reboot , all of Update history was gone !

    It's almost as if M$ had intentionally made uninstalling updates problematic .... or is that simply paranoia ? - :)

    edit
    PS
    - even after carefully avoiding all GWX updates , I notice that a resource hogging process runs as an svchost.exe
    for the first 5 minutes after booting .
    Process Explorer shows it to be a service called "AeLookupSvc" .
    Has anybody else seen this ?
    M$ meddling again .... or just more paranoia ?
     
    Last edited: Aug 25, 2015
  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,870
    Location:
    UK
  7. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    Thanks for that stapp , I've not come across that website before .

    Like many people on here , I give windows updates a 2 week "quarantine" before even thinking about installing.
    It was during this period that AeLookupSvc got my attention.

    Killing the process caused a second windows update icon to appear in the notification area .... Weird !
     
  8. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Good thread, thanks.
     
  9. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    Turned @Stefan Froberg KB list into a batch file for everyone, along with some GWX KB files that may be installed.
    Code:
    ECHO OFF
    REM --- remember to invoke from ELEVATED command prompt!
    REM --- or start the batch with context menu "run as admin".
    SETLOCAL
    
    REM --- (as of 2015-08-26):
    REM  KB3012973 - Upgrade to Windows 10 Pro
    REM  KB3021917 - Update to Windows 7 SP1 for performance improvements
    REM  KB3035583 - GWX Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
    REM  KB2952664 - Compatibility update for upgrading Windows 7
    REM  KB2976978 - Compatibility update for Windows 8.1 and Windows 8
    REM  KB3022345 - Telemetry [Replaced by KB3068708]
    REM  KB3068708 - Update for customer experience and diagnostic telemetry
    REM  KB2990214 - Update that enables you to upgrade from Windows 7 to a later version of Windows
    REM  KB3075249 - Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
    REM  KB3080149 - Update for customer experience and diagnostic telemetry
    
    REM --- uninstall updates
    echo uninstalling updates ...
    start "title" /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
    echo  - done.
    
    timeout 10
    
    echo ... COMPLETED (please remember to REBOOT, and Hide the Following KB Updates)
    echo ...3012973
    echo ...3021917
    echo ...3035583
    echo ...2952664
    echo ...2976978
    echo ...3022345
    echo ...3068708
    echo ...2990214
    echo ...3075249
    echo ...3080149
    echo  - done.
    
    
    pause
    REM --- EOF
     
  10. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    Nice, thanks. I've been manually uninstalling updates.
     
  11. Holysmoke

    Holysmoke Registered Member

    Joined:
    Jun 29, 2014
    Posts:
    139

    you are a good person, thanks

    this guy https://www.hackread.com/microsoft-updates-spy-on-windows7-8-users/ recommends the following be removed

    If you want to stick to Windows 7, 8 or 8.1 and want to remain untracked then we will recommend you to stay away from the following updates:

    KB2876229 SKYPE, If you want Skype then install it.

    KB2923545 RDP

    KB2970228

    KB3035583

    KB2990214

    KB3021917

    KB3068708 Telemetry

    KB2592687

    KB2660075

    KB2506928

    KB2952664 x2

    KB3050265

    KB2726535

    KB2994023

    KB3022345 Replaced by KB3068708 Telemetry

    KB3022345 Caused false sfc result

    KB2545698 (IE9)

    KB3065987
     
    Last edited: Aug 26, 2015
  12. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    @Holysmoke ill look into these KB's as well and will update the batch file accordingly.

    Much appreciated.
     
  13. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    So based on @Holysmoke list, the majority are fixes for the Botched Windows updates that have been occurring over the last year or so. Some are from 2011 and are for remote desktop sharing. As im not focusing on creating a batch file to remove botched updates, these will not be included.

    I will only focus this list on Telemetry and W10 notifications or upgrades that are being forced on us.

    Updated list, added 4 KBs

    KB 3068707 - Customer experience telemetry points
    KB 3050265 - Windows Update service updated to accept upgrade to W10
    KB 2977759 - W10 Diagnostics Compatibility telemetry
    KB 3044374 - W8,8.1 Nagware for W10

    Code:
    ECHO OFF
    REM --- remember to invoke from ELEVATED command prompt!
    REM --- or start the batch with context menu "run as admin".
    SETLOCAL
    
    REM --- (as of 2015-08-26):
    REM  KB3012973 - Upgrade to Windows 10 Pro
    REM  KB3021917 - Update to Windows 7 SP1 for performance improvements
    REM  KB3035583 - GWX Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
    REM  KB2952664 - Compatibility update for upgrading Windows 7
    REM  KB2976978 - Compatibility update for Windows 8.1 and Windows 8
    REM  KB3022345 - Telemetry [Replaced by KB3068708]
    REM  KB3068708 - Update for customer experience and diagnostic telemetry
    REM  KB2990214 - Update that enables you to upgrade from Windows 7 to a later version of Windows
    REM  KB3075249 - Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
    REM  KB3080149 - Update for customer experience and diagnostic telemetry
    REM  KB3044374 - W8,8.1 Nagware for W10
    REM  KB2977759 - W10 Diagnostics Compatibility Telemetry
    REM  KB3050265 - Windwos Update services update to upgrade to W10
    REM  KB3068707 - Customer experience telemetry point. W7,8,8.1
    
    
    REM --- uninstall updates
    echo uninstalling updates ...
    start "title" /b /wait wusa.exe /kb:3012973 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:2977759 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3050265 /uninstall /quiet /norestart
    echo  - done.
    start "title" /b /wait wusa.exe /kb:3068707 /uninstall /quiet /norestart
    echo  - done.
    
    timeout 10
    
    echo ... COMPLETED (please remember to REBOOT, and Hide the Following KB Updates)
    echo ...3012973
    echo ...3021917
    echo ...3035583
    echo ...2952664
    echo ...2976978
    echo ...3022345
    echo ...3068708
    echo ...2990214
    echo ...3075249
    echo ...3080149
    echo ...3044374
    echo ...2977759
    echo ...3050265
    echo ...3068707
    echo  - done.
    
    
    pause
    REM --- EOF
    Still working on way to automatically hide these KB entries in Windows Update. Work in progress...

    regards.
     
  14. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    780
    Thanks a lot for this, just tried the new script here. :thumb:
     
  15. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Microsoft intensifies data collection on Windows 7 and 8 systems - gHacks Tech News
     
  16. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    Many thanks TS4H, Stefan, and Holysmoke :) Makes life a lot easier.
     
  17. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    No problem @RJK3 if you hear of any more please post and ill update the list accordingly.

    On another note, does anyone know of the KB that is responsible for the *%#& Smiley in Internet Explorer?
     
  18. Holysmoke

    Holysmoke Registered Member

    Joined:
    Jun 29, 2014
    Posts:
    139
    the following paragraph infuriates me from the ghacks article above about MS...........

    While users may disable some, for instance by using privacy tools (of which there are plenty), others cannot be disabled or stopped that easily, for instance because of hardcoded host and IP address information that bypass the Hosts file of the operating system.


    a long time member at dslreports says the following:


    www.msdn.com
    msdn.com
    www.msn.com
    msn.com
    go.microsoft.com
    msdn.microsoft.com
    office.microsoft.com
    microsoftupdate.microsoft.com
    wustats.microsoft.com
    support.microsoft.com
    www.microsoft.com
    microsoft.com
    update.microsoft.com
    download.microsoft.com
    microsoftupdate.com
    windowsupdate.com
    windowsupdate.microsoft.com
    You can't block above names with hosts file. They all were hardcoded in this DLL:
    %WINDIR%\system32\dnsapi.dll

    more terror about MS from long time poster at dslreports:

    All text typed on the keyboard is stored in temporary files, and sent (once per 30 mins) to:
    oca.telemetry.microsoft.com.nsatc.net
    pre.footprintpredict.com
    reports.wes.df.telemetry.microsoft.com

    Telemetry is sent once per 5 minutes, to:
    vortex.data.microsoft.com
    vortex-win.data.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net

    Typing the name of any popular movie into your local file search starts a telemetry process that indexes all media files on your computer and transmits them to:
    df.telemetry.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    cs1.wpc.v0cdn.net
    vortex-sandbox.data.microsoft.com
    pre.footprintpredict.com

    When a webcam is first enabled, ~35mb of data gets immediately transmitted to:
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    vortex-sandbox.data.microsoft.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net

    Everything that is said into an enabled microphone is immediately transmitted to:
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    vortex-sandbox.data.microsoft.com
    pre.footprintpredict.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    telemetry.appex.bing.net
    telemetry.urs.microsoft.com
    cs1.wpc.v0cdn.net
    statsfe1.ws.microsoft.com


    While the inital reflex may be to block all of the above servers via HOSTS, it turns out this won't work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted.
     
    Last edited: Aug 28, 2015
  19. Lil Geek

    Lil Geek Registered Member

    Joined:
    Aug 28, 2015
    Posts:
    1
  20. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    @Holysmoke Im not sure where in this forum I said W10 was quiet privacy wise once configured according but going what you just posted I might need to retract my statement. This is just unbelievable..:'(. I must admit that there is a lot of controversy around privacy in W10. Some are absolute lies and have no merit and some are plausible. But when you start to see info like this, even if its unfounded you start to think otherwise.

    Behind every lie there is some merit of truth

    Even this some merit is enough for me to question whether I should just move away from MS, and Google/Android for that matter. Ill be sure to add/double check those domains to my Hosts batch file.

    @Lil Geek Thanks for that link. Im really no good with Script but ill have a go. The information in that link plus some others gives me enough to go off with some modification.

    regards.
     
  21. powaa

    powaa Registered Member

    Joined:
    Feb 2, 2015
    Posts:
    9
  22. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    @Holysmoke - it sounds to me very much like this is crying out for an independent verification of what is actually happening (currently reports are hearsay and appear to apply to W10 not W7, though the same concerns might apply with a subset of information). Controls and monitoring could clearly be set up via a distinct firewall/dns, and IP addresses accessed and correlated with reverse lookup. Any hardcoded IP addresses or hosts file bypass could be trapped that way.
    If nothing sufficiently trustworthy and rigorous shows up, I'll probably do this myself with a pfsense setup and packet capture.
    However, it's not clear to me that you'll ever be playing anything other than whack-a-mole with blocking urls and ip, and, for example, they could easily tunnel information through ssl to an "essential" url and unpack it there.
    It's also worth mentioning a factor noted in the discussion you reference, namely that it may be that, if the ipv4 connections are unavailable, the client machine may attempt outbound connection via ipv6 and toredo. A reminder, if any were needed, to turn ipv6 off everywhere unless you actually need it and know the implications.
     
  23. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I am surprised that we haven't heard something a lot more concrete by now with packet info and actual documentation of what's going on. Surely someone of a tech type has done some investigating by now.. Which leads me to think that perhaps nothing much is going on after all, since we haven't seen direct proof of anything devious. Not sure... but I would indeed like to see some down to Earth investigation of things documenting exactly what IS going on..
     
  24. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    343
    Location:
    Down Under the Southern Cross
    G'day Mate.
    Looking all over various forums for someone that maintain and update such a list, and with details of what those things can do.
    You and all other guys involved made my day.
    Thanks a lot indeed.
    VS
     
    Last edited: Aug 30, 2015
  25. jcarerra

    jcarerra Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    40
    This is great material.
    It would be most useful if the lists were clearly segregated into applying to
    Windows 7
    Windows 8
    Windows 8.1
    Windows 10

    As I was reading through, it was hard to pick out which ones apply to my OS; at places, the discussion is unclear which it applies to, or jumps from one to another. Not being critical--this is great stuff-- just suggesting a possible improvement.

    I have one 7 machine and one 8.1. I want to stop ALL of the spying.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.