News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • 2000007: Turning off the worst Windows 7 and 8.1 snooping

    Home Forums Knowledge Base 2000007: Turning off the worst Windows 7 and 8.1 snooping

    This topic contains 23 replies, has 13 voices, and was last updated by  EP 12 months ago.

    • Author
      Posts
    • #117301 Reply

      woody
      Da Boss

      AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping

      By @woody

      Published 21 May 2017 rev 1.0

      This is likely the most controversial topic for Windows 7 (and 8.1) customers, everywhere. I expect the comments will go on forever.

      We know that Microsoft is snooping. We know that the snooping is getting worse. But we don’t know what’s being snooped. We don’t know how the “telemetry” is used to change things. And we don’t have any way to review the collected data, contest it, or delete it.

      In other words, we’re flying blind. In the absence of hard facts from Microsoft, all we really have is an uneasy sense that many of the more recent Win7 and 8.1 updates are sending more data back to the mothership than some folks would like.

      That said, here’s what I would suggest for a moderately concerned Windows 7 or 8.1 user.

      Step 1. Turn off the Customer Experience Improvement Program.

      Click Start > Control Panel > Action Center. On the left, click the link to Change Action Center settings. Under Related settings, click Customer Experience Improvement Program settings. Choose No, I don’t want to participate in the program. Click Save changes.

      Step 2. Uninstall KB 2952664 (Win7) or KB2976978 (Win8.1) if you can.

      Click Start > Control Panel > Programs > Programs and Features > Installed Updates, then Uninstall an update. Sort the list by Name or “Installed on” date. Look for “Update for Windows 7 (KB2952664).” Right-click on it and choose Uninstall.

      Unfortunately, KB 2976978 can’t always be uninstalled.

      Step 3. If you are not going to upgrade this computer directly to Windows 10, uninstall KB 3150513 if you can.

      Instructions are similar.

      There’s a lengthy discussion by @pkcano in AKB 2952664 including several suggestions from @mrbrian for disabling specific services and a synopsis by @abbodi86. AKB 2952664 also lists several additional KB patches you may want to delete.

      Perhaps not surprisingly, this is exactly the approach recommended by @mrbrian.

      To haul out the bigger guns, if you’re handy with batch files, there’s a script maintained by @abbodi86 that’ll stop the Unified Telemetry Client service and the Compatibility Telemetry Appraiser services and remove their registry entries. (If you have to ask, “What’s a script?” don’t bother with this approach — it’s too advanced for you.)

      Many of you are looking for blocklists — a specific list of KB numbers to uninstall, and/or a list of services to disable and/or a list of ports to block. You’re welcome to post your favorite list here, in the replies. But for those of you who don’t want to wade into the deep part of the gene pool, realize that we fundamentally don’t know what Microsoft’s doing.

      8 users thanked author for this post.
    • #117333 Reply

      MrBrian
      AskWoody_MVP

      In my opinion, of the three steps listed, only step 1 is mandatory. If you’ve done step 1, then even if you don’t do step 2, according to my Windows 7 tests, very little telemetry from KB 2952664 (Win7) gets transmitted to Microsoft. If you’ve done step 1, then the main reason to do step 2 is to stop the gathering of telemetry, which happens even if step 1 is done, and can consume nontrivial cpu and disk resources.

      5 users thanked author for this post.
    • #117334 Reply

      MrBrian
      AskWoody_MVP
    • #117336 Reply

      MrBrian
      AskWoody_MVP

      From Windows 7, Windows 8 and Windows 10 Telemetry Updates (Diagnostic Tracking):

      “There are a few more settings that you can turn off that may send telemetry information:

      To turn off Windows Update telemetry, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

      Turn off Windows Defender Cloud-based Protection and Automatic sample submission in Settings > Update & security > Windows Defender.

      Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article 891716.”

      I’ll add one more: Windows Error Reporting.

      2 users thanked author for this post.
      • #117707 Reply

        ch100
        AskWoody_MVP

        I would add that Windows Error Reporting should be disabled on All Users to avoid sending data for the whole system. Even if the data sent are not considered harmful, there is the potential for creating huge logs (tens of GB) filling the drive C:\ and as such consideration should be given to this setting.
        In Windows 10, Windows Error Reporting can be disabled only by using a Group Policy, or possibly by directly editing the registry.

        1 user thanked author for this post.
      • #119759 Reply

        MrBrian
        AskWoody_MVP
    • #117338 Reply

      MrBrian
      AskWoody_MVP

      For those interested in privacy issues involving network connections to Microsoft, both telemetry and non-telemetry, you may wish to browse Links: Microsoft privacy statements and Windows network connections to Microsoft.

      2 users thanked author for this post.
    • #117361 Reply

      anonymous

      As a somewhat easier way to find random “KB” numbers in the list of installed updates, at least in Windows 7, the “Search Installed Updates” box at the right-hand end of the Address Bar can be used to search for a specific KB number.

      After going to Control Panel, Programs and Features, and clicking on “View Installed Updates” in the left side bar (and waiting for awhile for the list of updates to come up…), then the Search Installed Updates function can be used.

      EG: to find if KB2952664 is currently installed on a system, just start typing KB2952664 in the Search Installed Updates field.  As you type K, B, 2, 9, 5, 2… the list of installed updates will be narrowed down to any matching as much of the KB number as you have entered.

      Once you have found the update you are looking for (or not if nothing is found), it can be clicked on to see if it can be uninstalled.

      Repeat for KB3150513 (or any other KB you are looking for).

      This is much easier that scrolling down a HUGE list of updates on a system (eg: my current old laptop has 536 updates installed!), and doesn’t require any sorting or grouping of the update list.

      I can’t remember where I found out about this, but I know it is sure lots easier than trying to find an update by scrolling up and down, and trying to pick the KB number out of a mass of text on the screen.

      3 users thanked author for this post.
      • #117553 Reply

        PKCano
        Da Boss

        If you click on the title of the column (Update name, date, etc) it will sort on that column. It is a toggle – first click ascending, next click descending, etc. That puts the updates in each section (updates, Security update. .NET…) in alphanumeric order, and looking for an update by its KB number is easy.
        (Works like a spreadsheet)

        1 user thanked author for this post.
    • #117382 Reply

      owdrtn
      AskWoody Lounger

      Turn off Windows Defender Cloud-based Protection and Automatic sample submission in Settings > Update & security > Windows Defender.

      Don’t see any such thing on Win7 ? Could this apply only to later OS ?

      1 user thanked author for this post.
      • #117501 Reply

        Noel Carboni
        AskWoody_MVP

        Pertinent settings in Windows Defender on Win 7:

        Win7Defend1

        Win7Defend2

        There might be some terminology confusion on Windows 7 between “Microsoft Security Essentials” and “Windows Defender”, since the former grew into the latter on later OS versions. If you have MSE, note the MAPS setting:

        MAPS

        -Noel

        Attachments:
        4 users thanked author for this post.
    • #117677 Reply

      SueW
      AskWoody Plus

      Don’t see any such thing on Win7

      When I searched for Windows Defender, this is what I got:

      Windows-Defender-Turned-Off-1

       

       

       

      Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

      Attachments:
    • #117939 Reply

      anonymous

      #117301

      I’m a newbie from the Comments on AKB 2000003 “Group B” ongoing list of w 7 & w 8.1 updates.  Thank you for the telemetry preventive course of action.  Will pass on to other newbies who need the help.

    • #153814 Reply

      anonymous

      Woody, you may want to let folks know about this fantastic tool:

      Here you are!

      Between this and the scripts and settings mentioned above, you can get pretty good protection against snooping.

      • #153824 Reply

        PKCano
        Da Boss

        With third-party, particularly ones that make changes to the Registry and the Hosts file, it is highly recommended that you understand what it does before using it.

        1 user thanked author for this post.
      • #153875 Reply

        Kirsty
        Da Boss

        I came across a youtube video by Barnacules Nerdgasm on S&D Anti-Beaon by accident recently. There are details and links here, and is well worth the time to view.
        PS It’s a couple of years old, but gives a good idea to the novice.

    • #188268 Reply

      Canadian Tech
      AskWoody_MVP

      The next time you rebuild a Win7 machine, follow this process to avoid the vast majority of the known/suspected snooping updates:

      Change the Windows Update setting to NEVER and never change that, ever
      After Win7 install, BEFORE you start Windows Update, Install KB3020369 and KB3138612.
      Restart
      Start Windows Update. A list of +-200 will be offered
      Go down the list of proposed updates till you get to the first one that is NOT labeled Security
      select the first one, look to the right for the release date
      If that date is at or before December 31, 2014, accept it. In other words leave it checked.
      If that date is AFTER December 31, 2014, Right-click on it and choose Hide.
      Do not check any unchecked update
      Do not use ANY optional updates, especially drivers
      Do this on each successive Windows Update pass.

      This methodology is based on the fact that ALL Windows 7 development ended on December 31, 2014. Virtually all the updates that were not Security are in fact unnecessary and contain the vast majority of the privacy/snooping/Win10 updates.

      I have used this procedure many times over the last several years and results have been excellent. No problems whatsoever.

      I must add this information however. I do not install any “roll-ups” except .net. I install the security only updates that can be gotten from the catalog for October 2016 through May 2017, and have not applied any, not a single update since. My 150 or so clients have never experienced a problem since I began this policy. In fact they run flawlessly and turned into stable reliable systems.

      CT

      10 users thanked author for this post.
      • #205416 Reply

        GoneToPlaid
        AskWoody Plus

        You are dead on about drivers. I always get new hardware driver versions straight from the OEMs and never from Microsoft. There have been several occasions where Microsoft’s versions of the OEM’s newer hardware drivers messed up things on my computers.

        Drivers which you should never accept from Microsoft, and which you should always get from the OEMs:

        Audio

        Chipset

        Graphics

        ME (Intel Management Engine)

        Networking

        USB

        It is what it is, from years of past experience.

         

    • #218629 Reply

      anonymous

      Using Canadian Techs’ recommendations of avoiding any non-security updates from January 2015 forward, I browsed my installed updates list and come across several. KB2990214 and KB3075851 have multiple posts here saying to avoid them. Should I uninstall them now or better at this point to just leave things alone? I don’t want W10 force installing but haven’t had any issues of that so far.

      Others listed as installed.

      KB4345459 : But this was from https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/ so it must be okay.
      KB3141092
      KB3077715
      KB3087985
      KB3064209
      KB3065979
      KB3020369
      KB3023607

      • #218636 Reply

        PKCano
        Da Boss

        The patches listed at the top of AKB2000003 as having telemetry are probably the worst offenders. Uninstall them. Turn off CEIP, Windows error reporting, and Smart Screen Filter. There is no way yo are going to avoid the telemetry, but those things should minimize it.

        1 user thanked author for this post.
      • #218665 Reply

        Canadian Tech
        AskWoody_MVP

        If and when I find any of the following updates on a system, I uninstall them routinely:
        KB971033
        KB2882822
        KB2952664
        KB2977759
        KB2990214
        KB2999226
        KB3021917
        KB3022345 SFC
        KB3035583
        KB3068708 SFC & telemetry enabler
        KB3064683
        KB3072318
        KB3075249 telemetry enabler
        KB3080149 telemetry enabler
        KB3081954
        KB3090045
        KB3118401
        KB3123862
        KB3138378
        KB3138962
        KB3139923
        KB3146449
        KB3150513
        KB3163589
        KB3173040
        KB3184143

        CT

        7 users thanked author for this post.
        • #218844 Reply

          walker
          AskWoody Lounger

          @CT:  If I ever had a reference on uninstalling an update from the computer, I have long since misplaced it.  Could you possibly provide some simple instructions for this action?  Your assistance  is sincerely appreciated, as always.  Your advice is always “right on” and very much appreciated.    🙂

          • #218845 Reply

            Canadian Tech
            AskWoody_MVP

            Walker….

            Windows Update, Installed updates, WAIT a long time till you see the green bar complete its long trip to the right

            Now, one at a time, search for each of the listed updates, uninstall them. You must remove the earlier search item, then wait until the list is re-created each time. You need to wait till you see the number at the bottom of the search window exceed a few hundred.

            You do not need to restart after each uninstall, click later, until you are done.

            Then, clear the search box and after the list is again displayed (the number at the bottom again exceeds several hundred), enter another KB number.

            Restart the PC. It may take a long time to process this.

            CT

        • #218858 Reply

          EP
          AskWoody_MVP

          KB3184143 is okay to install on Win7 & Win8.1 – this update removes the GWX stuff; no concrete evidence of any “snooping” stuff in the update files

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: 2000007: Turning off the worst Windows 7 and 8.1 snooping

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel