News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • 2000007: Turning off the worst Windows 7 and 8.1 snooping

    Home Forums Knowledge Base 2000007: Turning off the worst Windows 7 and 8.1 snooping

    Viewing 12 reply threads
    • Author
      Posts
      • #117301 Reply
        woody
        Da Boss

        AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping

        By @woody

        Published 21 May 2017 rev 1.0

        This is likely the most controversial topic for Windows 7 (and 8.1) customers, everywhere. I expect the comments will go on forever.

        We know that Microsoft is snooping. We know that the snooping is getting worse. But we don’t know what’s being snooped. We don’t know how the “telemetry” is used to change things. And we don’t have any way to review the collected data, contest it, or delete it.

        In other words, we’re flying blind. In the absence of hard facts from Microsoft, all we really have is an uneasy sense that many of the more recent Win7 and 8.1 updates are sending more data back to the mothership than some folks would like.

        That said, here’s what I would suggest for a moderately concerned Windows 7 or 8.1 user.

        Step 1. Turn off the Customer Experience Improvement Program.

        Click Start > Control Panel > Action Center. On the left, click the link to Change Action Center settings. Under Related settings, click Customer Experience Improvement Program settings. Choose No, I don’t want to participate in the program. Click Save changes.

        Step 2. Uninstall KB 2952664 (Win7) or KB2976978 (Win8.1) if you can.

        Click Start > Control Panel > Programs > Programs and Features > Installed Updates, then Uninstall an update. Sort the list by Name or “Installed on” date. Look for “Update for Windows 7 (KB2952664).” Right-click on it and choose Uninstall.

        Unfortunately, KB 2976978 can’t always be uninstalled.

        Step 3. If you are not going to upgrade this computer directly to Windows 10, uninstall KB 3150513 if you can.

        Instructions are similar.

        There’s a lengthy discussion by @PKCano in AKB 2952664 including several suggestions from @MrBrian for disabling specific services and a synopsis by @abbodi86. AKB 2952664 also lists several additional KB patches you may want to delete.

        Perhaps not surprisingly, this is exactly the approach recommended by @MrBrian.

        To haul out the bigger guns, if you’re handy with batch files, there’s a script maintained by @abbodi86 that’ll stop the Unified Telemetry Client service and the Compatibility Telemetry Appraiser services and remove their registry entries. (If you have to ask, “What’s a script?” don’t bother with this approach — it’s too advanced for you.)

        Many of you are looking for blocklists — a specific list of KB numbers to uninstall, and/or a list of services to disable and/or a list of ports to block. You’re welcome to post your favorite list here, in the replies. But for those of you who don’t want to wade into the deep part of the gene pool, realize that we fundamentally don’t know what Microsoft’s doing.

        10 users thanked author for this post.
      • #117333 Reply
        MrBrian
        AskWoody_MVP

        In my opinion, of the three steps listed, only step 1 is mandatory. If you’ve done step 1, then even if you don’t do step 2, according to my Windows 7 tests, very little telemetry from KB 2952664 (Win7) gets transmitted to Microsoft. If you’ve done step 1, then the main reason to do step 2 is to stop the gathering of telemetry, which happens even if step 1 is done, and can consume nontrivial cpu and disk resources.

        6 users thanked author for this post.
      • #117334 Reply
        MrBrian
        AskWoody_MVP
      • #117336 Reply
        MrBrian
        AskWoody_MVP

        From Windows 7, Windows 8 and Windows 10 Telemetry Updates (Diagnostic Tracking):

        “There are a few more settings that you can turn off that may send telemetry information:

        To turn off Windows Update telemetry, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

        Turn off Windows Defender Cloud-based Protection and Automatic sample submission in Settings > Update & security > Windows Defender.

        Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article 891716.”

        I’ll add one more: Windows Error Reporting.

        2 users thanked author for this post.
        • #117707 Reply
          ch100
          AskWoody_MVP

          I would add that Windows Error Reporting should be disabled on All Users to avoid sending data for the whole system. Even if the data sent are not considered harmful, there is the potential for creating huge logs (tens of GB) filling the drive C:\ and as such consideration should be given to this setting.
          In Windows 10, Windows Error Reporting can be disabled only by using a Group Policy, or possibly by directly editing the registry.

          1 user thanked author for this post.
        • #119759 Reply
          MrBrian
          AskWoody_MVP
      • #117338 Reply
        MrBrian
        AskWoody_MVP

        For those interested in privacy issues involving network connections to Microsoft, both telemetry and non-telemetry, you may wish to browse Links: Microsoft privacy statements and Windows network connections to Microsoft.

        2 users thanked author for this post.
      • #117361 Reply
        anonymous
        Guest

        As a somewhat easier way to find random “KB” numbers in the list of installed updates, at least in Windows 7, the “Search Installed Updates” box at the right-hand end of the Address Bar can be used to search for a specific KB number.

        After going to Control Panel, Programs and Features, and clicking on “View Installed Updates” in the left side bar (and waiting for awhile for the list of updates to come up…), then the Search Installed Updates function can be used.

        EG: to find if KB2952664 is currently installed on a system, just start typing KB2952664 in the Search Installed Updates field.  As you type K, B, 2, 9, 5, 2… the list of installed updates will be narrowed down to any matching as much of the KB number as you have entered.

        Once you have found the update you are looking for (or not if nothing is found), it can be clicked on to see if it can be uninstalled.

        Repeat for KB3150513 (or any other KB you are looking for).

        This is much easier that scrolling down a HUGE list of updates on a system (eg: my current old laptop has 536 updates installed!), and doesn’t require any sorting or grouping of the update list.

        I can’t remember where I found out about this, but I know it is sure lots easier than trying to find an update by scrolling up and down, and trying to pick the KB number out of a mass of text on the screen.

        3 users thanked author for this post.
        • #117553 Reply
          PKCano
          Da Boss

          If you click on the title of the column (Update name, date, etc) it will sort on that column. It is a toggle – first click ascending, next click descending, etc. That puts the updates in each section (updates, Security update. .NET…) in alphanumeric order, and looking for an update by its KB number is easy.
          (Works like a spreadsheet)

          1 user thanked author for this post.
      • #117382 Reply
        owdrtn
        AskWoody Lounger

        Turn off Windows Defender Cloud-based Protection and Automatic sample submission in Settings > Update & security > Windows Defender.

        Don’t see any such thing on Win7 ? Could this apply only to later OS ?

        1 user thanked author for this post.
        • #117501 Reply
          Noel Carboni
          AskWoody_MVP

          Pertinent settings in Windows Defender on Win 7:

          Win7Defend1

          Win7Defend2

          There might be some terminology confusion on Windows 7 between “Microsoft Security Essentials” and “Windows Defender”, since the former grew into the latter on later OS versions. If you have MSE, note the MAPS setting:

          MAPS

          -Noel

          Attachments:
          4 users thanked author for this post.
      • #117677 Reply
        SueW
        AskWoody Plus

        Don’t see any such thing on Win7

        When I searched for Windows Defender, this is what I got:

        Windows-Defender-Turned-Off-1

         

         

         

        Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

        Attachments:
      • #117939 Reply
        anonymous
        Guest

        #117301

        I’m a newbie from the Comments on AKB 2000003 “Group B” ongoing list of w 7 & w 8.1 updates.  Thank you for the telemetry preventive course of action.  Will pass on to other newbies who need the help.

      • #153814 Reply
        anonymous
        Guest

        Woody, you may want to let folks know about this fantastic tool:

        Here you are!

        Between this and the scripts and settings mentioned above, you can get pretty good protection against snooping.

        1 user thanked author for this post.
        BB
        • #153824 Reply
          PKCano
          Da Boss

          With third-party, particularly ones that make changes to the Registry and the Hosts file, it is highly recommended that you understand what it does before using it.

          1 user thanked author for this post.
        • #153875 Reply
          Kirsty
          Da Boss

          I came across a youtube video by Barnacules Nerdgasm on S&D Anti-Beaon by accident recently. There are details and links here, and is well worth the time to view.
          PS It’s a couple of years old, but gives a good idea to the novice.

      • #188268 Reply
        Canadian Tech
        AskWoody_MVP

        The next time you rebuild a Win7 machine, follow this process to avoid the vast majority of the known/suspected snooping updates:

        Change the Windows Update setting to NEVER and never change that, ever
        After Win7 install, BEFORE you start Windows Update, Install KB3020369 and KB3138612.
        Restart
        Start Windows Update. A list of +-200 will be offered
        Go down the list of proposed updates till you get to the first one that is NOT labeled Security
        select the first one, look to the right for the release date
        If that date is at or before December 31, 2014, accept it. In other words leave it checked.
        If that date is AFTER December 31, 2014, Right-click on it and choose Hide.
        Do not check any unchecked update
        Do not use ANY optional updates, especially drivers
        Do this on each successive Windows Update pass.

        This methodology is based on the fact that ALL Windows 7 development ended on December 31, 2014. Virtually all the updates that were not Security are in fact unnecessary and contain the vast majority of the privacy/snooping/Win10 updates.

        I have used this procedure many times over the last several years and results have been excellent. No problems whatsoever.

        I must add this information however. I do not install any “roll-ups” except .net. I install the security only updates that can be gotten from the catalog for October 2016 through May 2017, and have not applied any, not a single update since. My 150 or so clients have never experienced a problem since I began this policy. In fact they run flawlessly and turned into stable reliable systems.

        CT

        12 users thanked author for this post.
        • #205416 Reply
          GoneToPlaid
          AskWoody Plus

          You are dead on about drivers. I always get new hardware driver versions straight from the OEMs and never from Microsoft. There have been several occasions where Microsoft’s versions of the OEM’s newer hardware drivers messed up things on my computers.

          Drivers which you should never accept from Microsoft, and which you should always get from the OEMs:

          Audio

          Chipset

          Graphics

          ME (Intel Management Engine)

          Networking

          USB

          It is what it is, from years of past experience.

           

      • #218629 Reply
        anonymous
        Guest

        Using Canadian Techs’ recommendations of avoiding any non-security updates from January 2015 forward, I browsed my installed updates list and come across several. KB2990214 and KB3075851 have multiple posts here saying to avoid them. Should I uninstall them now or better at this point to just leave things alone? I don’t want W10 force installing but haven’t had any issues of that so far.

        Others listed as installed.

        KB4345459 : But this was from https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/ so it must be okay.
        KB3141092
        KB3077715
        KB3087985
        KB3064209
        KB3065979
        KB3020369
        KB3023607

        • #218636 Reply
          PKCano
          Da Boss

          The patches listed at the top of AKB2000003 as having telemetry are probably the worst offenders. Uninstall them. Turn off CEIP, Windows error reporting, and Smart Screen Filter. There is no way yo are going to avoid the telemetry, but those things should minimize it.

          1 user thanked author for this post.
        • #218665 Reply
          Canadian Tech
          AskWoody_MVP

          If and when I find any of the following updates on a system, I uninstall them routinely:
          KB971033
          KB2882822
          KB2952664
          KB2977759
          KB2990214
          KB2999226
          KB3021917
          KB3022345 SFC
          KB3035583
          KB3068708 SFC & telemetry enabler
          KB3064683
          KB3072318
          KB3075249 telemetry enabler
          KB3080149 telemetry enabler
          KB3081954
          KB3090045
          KB3118401
          KB3123862
          KB3138378
          KB3138962
          KB3139923
          KB3146449
          KB3150513
          KB3163589
          KB3173040
          KB3184143

          CT

          7 users thanked author for this post.
          • #218844 Reply
            walker
            AskWoody Lounger

            @CT:  If I ever had a reference on uninstalling an update from the computer, I have long since misplaced it.  Could you possibly provide some simple instructions for this action?  Your assistance  is sincerely appreciated, as always.  Your advice is always “right on” and very much appreciated.    🙂

            • #218845 Reply
              Canadian Tech
              AskWoody_MVP

              Walker….

              Windows Update, Installed updates, WAIT a long time till you see the green bar complete its long trip to the right

              Now, one at a time, search for each of the listed updates, uninstall them. You must remove the earlier search item, then wait until the list is re-created each time. You need to wait till you see the number at the bottom of the search window exceed a few hundred.

              You do not need to restart after each uninstall, click later, until you are done.

              Then, clear the search box and after the list is again displayed (the number at the bottom again exceeds several hundred), enter another KB number.

              Restart the PC. It may take a long time to process this.

              CT

          • #218858 Reply
            EP
            AskWoody_MVP

            KB3184143 is okay to install on Win7 & Win8.1 – this update removes the GWX stuff; no concrete evidence of any “snooping” stuff in the update files

      • #2071612 Reply
        anonymous
        Guest

        Thanks!

        (Is this the correct way to thank the author??)

        • #2071784 Reply
          PKCano
          Da Boss

          Many times the posts with just “thanks” on them get removed – there could be a great many of them otherwise.
          The best way to thank, is to Register (it’s free, or you can donate). Then, there is a “Thanks” button that will get your message across along with your ID.
          (And you won’t have to wait for your post to be moderated)

    Viewing 12 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: 2000007: Turning off the worst Windows 7 and 8.1 snooping

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.