News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • 2000004: How to apply the Win7 and 8.1 Monthly Rollups

    Home Forums Knowledge Base 2000004: How to apply the Win7 and 8.1 Monthly Rollups

    Viewing 17 reply threads
    • Author
      Posts
      • #116993 Reply
        woody
        Da Boss

        AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups

        By @woody

        Published 29 July 2017 rev 1.12

        For those in “Group A” — the ones who want to use Microsoft’s preferred patching method, and aren’t overly concerned about increased telemetry (which is to say, snooping), here’s how to get your monthly rollup going, without succumbing to Automatic Updating.

        For those in “Group A” who want to minimize Microsoft’s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program before you begin.
        Click Start > Control Panel > Action Center. On the left, click the link to Change Action Center settings. Under Related settings, click Customer Experience Improvement Program settings. Choose No, I don’t want to participate in the program. Click Save changes.

        Step A1: Get your settings right.

        In Win7, click Start > Control Panel. In Win 8.1, press Win-X and choose Control Panel. Click System and Security. Under Windows Update, click the link marked “Turn automatic updating on or off.” Make sure Windows Update is set to “Never check for updates (not recommended),” then check the boxes marked “Give me recommended updates the same way I receive important updates” and “Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows.” Click OK.

        Step A2: Check for updates.

        Back in the Control Panel, under Windows Update, click the link to Check for Updates. (You may have to click Check for Updates a second time.) If you’ve done a Group A run in previous months, the check should go quickly. If it lingers for hours, follow these steps. Don’t check any unchecked boxes. If you have no intention of updating this machine to Win10 in the near future, look for KB 3150513 and make sure it’s unchecked.

        Step A3: Get rid of problematic updates.

        The list of problematic updates changes every month, so you’ll have to watch the main AskWoody blog page for details. Look for MS-DEFCON posts; they’re clearly marked. In general, if you have no intention of updating this machine to Win10 in the near future, look for KB 3150513 and uncheck the box.

        Step A4: Install the patches.

        Click the button marked Install Updates and follow the instructions. You’ll end up with the Security Monthly Quality Rollup; all of your Office patches; maybe some .Net patches; Adobe Flash fixes; the Microsoft Security Essentials update; and the usual MSRT scanner. After the reboot, everything will be set to block automatic updates.

        Step A5: Wash, rinse, repeat.

        Go through Steps A2 to A4 again, to see if Windows Update picked up any new patches. Repeat until there aren’t any more additional patches. When you’re done, you’re done, but be sure to watch this site next month to see when the unpaid beta testers are done.

        You have to update your Windows computer. But you don’t have to update it according to Microsoft’s timetable.

        13 users thanked author for this post.
      • #117019 Reply
        MrBrian
        AskWoody_MVP

        What is KB3010513?

        Also, after completing step A4, I recommend to keep repeating steps A2 to A4 until there are no ticked by default updates remaining after step A3.

        1 user thanked author for this post.
      • #117263 Reply
        MrBrian
        AskWoody_MVP

        As far as I know, there is no need to avoid KB 3150513.

        • #117268 Reply
          ch100
          AskWoody_MVP

          As far as I know, there is no need to avoid KB 3150513.

          KB3150513 does not have any meaning and it cannot be installed on Windows 7 and 8.1 without KB2952664/KB2976978 as pre-requisite. It can be installed on Windows 10 and 2016 because the pre-requisite is already built-in.
          I think we are wasting time with non-sense trying to analyse various patches instead of recommending end-users how to tune and use their computers at their maximum potential.

          • #201199 Reply
            cesmart4125
            AskWoody Plus

            One time I didn’t follow Ms. Susan’s advice, and I wound up with no audio.  Simply uninstalling the patch and going back to an earlier restore point didn’t fix the problem.  Unfortunately, I didn’t understand how to use Macrium Reflect and hadn’t used it beforehand.

            Attachments:
      • #117583 Reply
        MrToad28
        AskWoody Lounger

        Please explain advantage of this “turn off automatic updates” method over “check for updates but let me choose whether to download and install them” option.

        I’ve never had an update install without my having initiated it using the “check for updates…let me choose” option. Am I missing something?

        1 user thanked author for this post.
        • #117628 Reply
          AlexN
          AskWoody Lounger

          Mostly, it saps your computers performance heavily.  But it also will eventually auto-install the updates whether you like it or not.

          Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
          A weatherman that can code

          4 users thanked author for this post.
          • #117914 Reply
            MrToad28
            AskWoody Lounger

            Prior to the May patches…or more specifically the May .net patch, I wasn’t experiencing system drag, but after that .Net patch CPU cycles went way high…40-50% on several Win7-64 pc’s.

            The primary culprit seems to be trusteninstaller.exe I stopped it and then switched to “Never check..” and that seems to have halted the CPU overrun.

            • #117915 Reply
              PKCano
              Da Boss

              The primary culprit seems to be trusteninstaller.exe

              trustedinstaller.exe is the installer for Windows Update. It sometimes runs high CPU for as much as 10 minutes after update/reboot to complete the install process.

              3 users thanked author for this post.
      • #117585 Reply
        MrToad28
        AskWoody Lounger

        I would add the following cautious options:

        If you have multiple similar PC’s with similar configurations, patch the least important one first it see if anything specific to your boxes doesn’t play well with the current patch.

        Create one or more restore points before patching.

        Apply major patches…the security roll-up and the .net roll-up separately and create a restore point in between.

        1 user thanked author for this post.
      • #117634 Reply
        Marty
        AskWoody Plus

        I’ve been in Group A for several months, but I have never understood the rationale for accepting ““Give me recommended updates the same way I receive important updates”. I do not check that box, since I don’t want anything but the updates that are designated as “important”. And having followed this procedure for several months, the list of optional/recommended updates has remained, without any of them having been installed.

        • #117640 Reply
          PKCano
          Da Boss

          Group A follows the above instructions. Guess you must not be in Group A, but somewhere between Group A and Group B (which does not check “Give me recommended updates the same way I receive important updates” box).

          • #1628321 Reply
            Myst
            AskWoody Plus

            I’m in the same category then, in between GrpA/B because I have always avoided receiving Recommended Updates the same as Important. In this month’s patching process should I switch back, and as noted by Woody to receive all Recommended Updates the same as Important? Thanks

            Win7 Home x64 MacOS Chromebook

            • #1628329 Reply
              PKCano
              Da Boss

              For now, you should just worry about the May updates. Come back with your question later in the month – get protected from the vulnerability first.

              1 user thanked author for this post.
      • #117654 Reply
        MrToad28
        AskWoody Lounger

        May I assume the April recommendation not to install optional roll-up preview patches still stands?

        I’m not keen on being an unpaid patch beta tester…

        • #117655 Reply
          PKCano
          Da Boss

          Don’t install any “Preview” patches. They are unchecked by default.

          1 user thanked author for this post.
      • #117770 Reply
        rb
        AskWoody Lounger

        Dummie here and hoping to get some help.

        I’m stuck at step one. Not sure when it happened (I suspect it’s when I installed GWX Control Panel back when; it’s since been uninstalled), but I’m not able to change my WU setting to “don’t check”; it’s stuck on “check but let me choose” and any option to change it is grayed out.

        Just read from AlexN above that this setting saps my computer’s performance. Could this be a reason why my fan revs so much? That noise irks me to no end.

        I believe the settings issue has been addressed before, so I apologize for returning to it, but I missed the solution, or if there is one.

        Many thanks for the wealth of knowledge shared here.

        • #117788 Reply
          ch100
          AskWoody_MVP

          You have group policy configured.
          If you are not aware of it, then it is possible that other software set it for you.
          Windows Update MiniTool is known to do this.
          If you use WUMT, then configure for Automatic and your settings should become available again.

          • #117866 Reply
            rb
            AskWoody Lounger

            Thanks for your reply, ch100.  No, I don’t have WUMT.  How would I go about determining if group policy is configured, and if it is, how may I reverse it?

            Really appreciate your help and patience.

      • #117916 Reply
        BrianL
        AskWoody Lounger

        @ PKCano    Do I get rid of Trusted Installer, or just find a way to disable it?  My Windows  update settings have been stuck on “Don’t download or install without permission” and it is grayed out.  I can check or un-check the boxes below the selection bar….. In picking the change settings, that is where this is.  It has been grayed out since I had the severe blue screen problem on the first of Dec 2016.  The computer was cleaned and the  original OS was reinstalled. It stopped running correctly again last of March.  I used “safe Mode” and changed out of “raid” and checked ‘OK’ and rebooted; blue screen gone and windows came right up.  But update setting was still grayed.  After reinstall, using RAID, I could not even ask it to look for updates.  After changing out of RAID, even with change setting grayed I could look for updates and they would come in. I didn’t loose any  files.

        • #117922 Reply
          PKCano
          Da Boss

          Do I get rid of Trusted Installer

          TrustedInstaller.exe is the installer for Windows Update. You definitely DON’T want to get rid of it.

          RAID is sometimes the default BIOS setting (older PCs). I’ve been caught by that myself a couple of time too.

          It has been grayed out since I had the severe blue screen problem on the first of Dec 2016

          Did you have GWX Control Panel on your computer before the blue screen. It blocked the settings so GWX wouldn’t change it to Auto and install Win10. There is a Registry setting I think will fix it. If you’re not familiar with the Registry, get someone who is to help you. I think 5 may be what you want.

          1) Hold WindowsKey + R
          (is hold Start & press R on your keyboard)

          2) Type: “regedit”
          Hit Enter

          3) Go to:
          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

          Find AUOptions.
          Double Click AUOptions or Right Click Modify

          > You can change the values data from 1 through 5 <

          1. Install updates automatically (recommended)
          2. Download updates but let me choose whether to install them
          3. Check for updates but let me choose whether to download and install them
          4. Install updates automatically / Never Check For Updates
          5. Enable the option box to choose manually

           
          Edit to correct numbering

          3 users thanked author for this post.
          • #118050 Reply
            rb
            AskWoody Lounger

            @PKCano Thank you! Such a simple solution to my problem as well! However, when I changed the value to 5 (enable me to choose option manually), back at the Windows Update Settings page, there were only 3 options to choose from: install updates automatically; download but let me choose; check for updates but let me choose..; NO option to “Never check for updates” listed.

            Since the GWX campaign ended and with it my GWX Control Panel, I’ve been in group B. However, seeing that Woody’s recommending those of us with limited computer experience/knowledge to move to Group A, I don’t really understand why it’s best to enable “Never Check for updates”.

            Question: On the list of values you provide above for the AUOptions, how would I set it to 4 “Never Check for Updates” vs 4 “Install Updates Automatically”? Is there a toggle button or something that will make it clear what I’ve chosen?

            1 user thanked author for this post.
            • #118052 Reply
              PKCano
              Da Boss

              Unplug your computer from the Internet so you won’t get any surprises and try it. See what 4 does. You can always change it back. It may be 4 gives you what you want. Let us know what you find.

              1 user thanked author for this post.
              • #118055 Reply
                rb
                AskWoody Lounger

                Good news: following my switching the value to 4, the WU settings page simply offered all 4 options, including the one to turn off updates! At long last!

                I’m a happy camper, thanks to you.

                1 user thanked author for this post.
              • #118056 Reply
                PKCano
                Da Boss

                🙂 🙂

                1 user thanked author for this post.
      • #117995 Reply
        BrianL
        AskWoody Lounger

        @ PKCano  I have regedit on my bar at bottom of screen along with services, for easy access. I have fiddled with both and am somewhat acquainted with them.  Am going to try your  suggestions in the next hour.   ALSO, I downloaded “WireShark”, but haven’t used it yet. Also downloaded “MS Malicious Software  Removal Tool”.  So far entering a software screen or web page or changing screens is a little slower than before and but changing within screens is fast as ever.

      • #117996 Reply
        BrianL
        AskWoody Lounger

        @ PKCano  Did as you stated in regedit and it worked perfectly.  Thanks to you for your invaluable instructions.

      • #118106 Reply
        BrianL
        AskWoody Lounger

        @ PKCano  till have not use WireShark.  Will let you know how it worked>

      • #118322 Reply
        BrianL
        AskWoody Lounger

        @ PKCano  Question?  In the windows update settings I have no Red label. In other words the box with “Never check for updates”  is not there.  The other boxes are.  As per your advice I went into regedit and found the correct line and change it to 5.  That gave me a choice that was available before.  as I had no choices before.   I think that back in November/December 2016 I had a collapse of my Windows 7 SP1 x64, the Computer
        Sepecialist that I had reinstall the original OS did as I instructed (I don’t want to install any updates from MS anymore).  Could this have causes the update acquiring problem?

        • #118325 Reply
          PKCano
          Da Boss

          In the Registry setting, try 4. I think it will give you four choices, Never being one of them.

      • #127142 Reply
        MrBrian
        AskWoody_MVP

        In steps A2 and A3, I recommend removing the sentence mentioning KB 3150513.

        • #127152 Reply
          PKCano
          Da Boss

          Since Group A is (supposedly) not concerned with telemetry, they probably have installed KB2952664/KB2976978. But if they are not planning to upgrade, is there any reason to need KB3150513?

          • #127166 Reply
            MrBrian
            AskWoody_MVP

            Yes, because KB 3150513 contains the latest definitions for KB2952664/KB2976978. I see no good reason for a user with KB2952664/KB2976978 to do extra work to avoid the latest definitions for KB2952664/KB2976978.

            1 user thanked author for this post.
            • #127219 Reply
              ch100
              AskWoody_MVP

              I think this has more to do with uninstalling in the correct order if the patches got installed or if there is a change of mind.
              People should be aware that the installation order is KB2952664 and next KB3150513, while for uninstalling, it should be quite the opposite, first KB3150513 (all patches if multiple) and next KB2952664 (again, all patches, if multiple).

      • #127168 Reply
        MrBrian
        AskWoody_MVP

        Recommendation: Add a step at the end (for those that care about telemetry) linking to 2000007: Turning off the worst Windows 7 and 8.1 snooping.

        • #127176 Reply
          PKCano
          Da Boss

          Group A is for people not concerned about telemetry. “Keep it simple, just do it.”
          The part to turn off CEIP is already there.

          • #127183 Reply
            MrBrian
            AskWoody_MVP

            In that case, for the sake of consistency, perhaps the recently added CEIP paragraph should be removed.

            • #127189 Reply
              MrBrian
              AskWoody_MVP

              The presence of the CEIP paragraph without also mentioning AKB2000007 might give users the false impression that doing the CEIP part is sufficient.

              • #127193 Reply
                PKCano
                Da Boss

                Group A people are not inclined to the complexities of removing telemetry in detail. Turning off CEIP can be done easily through the GUI and I believe is sufficient for people who “aren’t overly concerned about increased telemetry” as the topic states.

                I am not inclined to make it overly complicated for this group (unless there is overwhelming consensus to do so).

              • #127215 Reply
                ch100
                AskWoody_MVP

                Error Reporting which I mentioned is in the same class.
                In Windows 10 can only be turned off via Group Policy or by direct editing of the registry.
                In Windows 7 and 8.1 it can be configured in GUI.
                It tends to record and send more relevant data back to Microsoft than CEIP, but I turn it off for reasons of space wasted and performance.

                1 user thanked author for this post.
      • #137451 Reply
        MrBrian
        AskWoody_MVP
      • #150835 Reply
        BrianL
        AskWoody Lounger

        To rb : I found that the use of so high powered programs might cause the fan(s) to run But a dirty fan will most likely be the culprit. Turn off, unplug and use vacuum to clean all fans. Fans attract dust you can’t see.

      • #194572 Reply
        cesmart4125
        AskWoody Plus

        Patch Watch may have been like this previously; however, I didn’t notice it.  For kb 4103718, it says this is the monthly roll up and there have been networking issues.  There’s no mention of kb4103718 being safe to install.  A similar situation exists for kb4099633 and the updates for Office 2010.

        Should I wait until next weekend to install May’s updates?  Thanks in advance for your advice.

        Win 7 32 bit SP1, Office 2010 SP2, Intel Core 2 Duo @ 1.80 GHz, 4.0 GB RAM

        Attachments:
        1 user thanked author for this post.
        • #194576 Reply
          PKCano
          Da Boss

          The Master Patch List (see button at top of blog home page) is a guide to whether the patches have problems (or not).

          The DEFCON number at the top of the page is a guide to patching. When Woody raises the DEFCON mumber to 3 or above, he also publishes an article in ComputerWorld that contains the cautions and instructions for updating safely.

          3 users thanked author for this post.
    Viewing 17 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: 2000004: How to apply the Win7 and 8.1 Monthly Rollups

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.