• 2000012: Neutralize Telemetry & Sustain Win 7, 8.1 Monthly Rollup Model

    Home » Forums » Knowledge Base » 2000012: Neutralize Telemetry & Sustain Win 7, 8.1 Monthly Rollup Model

    Author
    Topic
    #219238

    AKB 2000012: How To Neutralize Telemetry and Sustain Windows 7 and 8.1 Monthly Rollup Model

    by @abbodi86

    Published September 24, 2018 | rev 1.0

     
    # Background #

    Microsoft had backported two main parts of Windows 10 Telemetry system to Windows 7 and 8.1

    1) Unified Telemetry Client

    – introduced in updates KB3068708/KB3080149, and became part of the Monthly Rollup since October 2016 preview rollup

    – represented by the Diagnostics Tracking Service (DiagTrack) and the event trace session (AutoLogger-Diagtrack-Listener)

    – handle the diagnosis tracking and logging, and the online telemetry reporting endpoints

    2) Microsoft Compatibility Appraiser

    – introduced in KB2952664/KB2976978, and now become part of the Monthly Rollup staring September 2018 preview rollup

    – represented by the “Application Experience” schedule tasks (Microsoft Compatibility Appraiser, ProgramDataUpdater, AitAgent)

    – the actual telemetry controller and runner, handles the compatibility evaluation and collecting, and device inventory

     
    # Neutralization #

    Despite the infamous reputation and some exaggeration, these Telemetry components in Windows 7/8.1 updates are not deeply implemented into OS and can be easily disabled or eliminated
    this can be done officially with few manual steps, or a simple batch script (with exra little-aggressive setings)

    1) W10Tel.cmd

    – copy or download the contents from this paste bin, and save as .cmd file
    https://pastebin.com/zeJFe08G

    – execute it after installing the Monthly Rollup and rebooting
    you only need to run it once, and to be safe, once after each new rollup installation

    – you can also use Task Scheduler to run the script with each system startup, e.g.
    copy the script to C:\Windows directory
    open command prompt as administrator, and execute:
    SCHTASKS /Create /F /RU "SYSTEM" /RL HIGHEST /SC ONSTART /TN W10Telemetry /TR "cmd /c %windir%\W10Tel.cmd"

    2) Manual:

    the demonstration is done on Windows 7, same steps applies for Windows 8.1 too

    – DiagTrack service

    open Services from Task Manager
    or from Control Panel > Administrative Tools > Services

    find Diagnostics Tracking Service, right-click and select Properties
    change Startup type to Disabled, then click on Stop button

    – WMI AutoLogger-Diagtrack-Listener

    right-click on Computer icon and select Manage (This PC in Windows 8.1)
    or from Control Panel > Administrative Tools > Computer Management

    expand to the node Performance > Data Collector Sets

    from Event Trace Sessions, right-click on AutoLogger-Diagtrack-Listener or Diagtrack-Listener and Stop it (you may also delete it afterwards)

    from Startup Event Trace Sessions, right-click on AutoLogger-Diagtrack-Listener and select Properties, then clear Enabled check from Trace Session tab (you may also delete it afterwards)

    you can also disable AITEventLog and SQMLogger too (those are already exist in the system, not added by updates)





    null

    – Compatibility Appraiser tasks

    launch Task Scheduler from Start Menu
    or from Control Panel > Administrative Tools > Task Scheduler

    goto Task Scheduler Library > Microsoft > Windows > Application Experience
    disable all tasks (you may also delete them too)

    do the same with tasks in Customer Experience Improvement Program




     
    # Closure #

    Deleting schedule tasks or WMI logger is totally safe, and just to avoid being re-enabled unexpectedly
    they don’t affect the OS functions in any way

    Except the show stopper bugs and errors, Monthly Rollup does not need to be avoided for the sake of telemetry hustle

    Total of 54 users thanked author for this post. Here are last 20 listed.
    Viewing 40 reply threads
    Author
    Replies
    • #219315

      Thank you @abbodi86 , for collecting these ideas together at the top of a new topic. I think this option fits my needs better than group hopping. My needs may be different than others. It is good to have alternative methods described so well.

      5 users thanked author for this post.
    • #219320

      Egads this is too advanced for the likes of me. I’ll just have to consider going back to Group B or just accept the tracking. Rats!

    • #219332

      @abbodi86, Nice post! NEEDS TO BE AN AKB 😉
      I have a couple of questions..
      1. Regarding switches: /d 1 /f do these switches signify:
      /d=decimal     1=numerical value (1=on 0=off)    /f= force (Thanks PKCano)

      2. Having run the cmd
      sc stop Diagtrack then sc delete Diagtrack
      wouldn’t most of the pastebin script be redundant in that case? then I could manually adapt to suit the systems.

      "-rw-rw-rw-" extreme computing
      2 users thanked author for this post.
      • #219491

        Yes, 0 and 1 are mostly the binary translation of ON and OFF

        i never use or recommend sc delete Diagtrack
        disabling the service is perfectly enough

        and WMI Autologger and Compatibility Appraiser can still function without it

        2 users thanked author for this post.
        • #219522

          Had these done anyway for W7/ W8.1, just better to check against the script for anything I may have missed. IIRC I done most of these via Task Scheduler, cmd prompt and registry edits (exported before deletion where applicable) over a year ago. Just a different method of what I’d already done 🙂 All good!
          Script is now on standby for October 2018 patches onward for re-introduction in SQMR updates. sigh.

          "-rw-rw-rw-" extreme computing
    • #219353

      Egads this is too advanced for the likes of me. I’ll just have to consider going back to Group B or just accept the tracking. Rats!

      Don’t feel bad, its waay over my head also!

      Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

      2 users thanked author for this post.
      • #219401

        Thank you, @fernlady. Maybe it’s time for me to just move on to a Chromebook or MacBook at this point. Although Google’s snooping may be worse than MS’s.

    • #219503

      Nice script.

      Only thing is that I tend more to disable jobs than delete them, though the point could be made that deleting a job does make it more difficult for the software to re-enable.

      -Noel

      2 users thanked author for this post.
      • #219523

        There is exactly that scenario Noel (I’m covering all bases), from my POV the Diagtrack service was removed to make it more difficult for MS to re-introduce (unless a SFC repair is done). One has to wonder whether the Diagtrack service will be introduced into SQMR patches as well as kb3068708/ kb3080149?

        "-rw-rw-rw-" extreme computing
        • #219547

          For what it’s worth, this script doesn’t break serviceability as checked by SFC, so I wouldn’t think an SFC /SCANNOW would change anything back. DISM on the other hand, I don’t know.

          ScreenGrab_W10VM_2018_09_25_092551

          -Noel

          2 users thanked author for this post.
        • #219561

          Diagtrack is part of SMQR since October 2016

          1 user thanked author for this post.
        • #219565

          You are correct abbodi86. One observation I have found is, that having removed Diagtrack completely a few months ago, I check after every monthly SQMR patch installation and have found no evidence that it returns on two different computers (both W8.1)

          "-rw-rw-rw-" extreme computing
          2 users thanked author for this post.
        • #225511

          Agreed… I had the same experience with 8.1 since the first SMQR to contain the telemetry rolled my way.  Wow, has it been two years since Patchocalypse already??

          I installed the rollup (following the Group A suggestions), then immediately used Abbodi86’s guide that was current at that time to ferret out the nooks and crannies where the telemetry bits were hiding (thanks once again for that, Abbodi86).

          I removed rather than disabled the DiagTrack service, and as you said, Microfix, it never came back while pursuing Group A (I kept checking after each SMQR to be sure).  I know that disabling it is sufficient to keep it from doing what it does, but there is something satisfying about deleting the loathsome thing rather than simply disabling it, and as has been noted, it’s easier to simply turn a service back on than to reinstall one (though the SMQRs could easily do either).

          Dell XPS 13/9310, i5-1135G7/16GB, Kubuntu 22.04
          Dell G3 15/3579, i7-8750H/16GB, Kubuntu 22.04

          1 user thanked author for this post.
    • #219557

      @abbodi86, have you done performance testing to determine if not logging events gives back any machine performance?

      Long ago I had done all of what you described, except disabling the AutoLogger-Diagtrck-Listener trace logging. I can’t imagine it will do THAT much for performance, but hey, every little bit helps. I’ll report back after I get another run of nightly jobs tonight and can compare the times.

      Thank you for sharing your knowledge here!

      -Noel

      1 user thanked author for this post.
      • #219562

        Not really, the idea of this block/disable tweaks is not for the sake of performance
        just to keep unnecessary addions away

        Compatibility Appraiser (CompatTelRunner.exe) will cunsume high amount of system resources during evaluation, specially first time

        1 user thanked author for this post.
      • #219755

        By the way, my nightly product builds took no less time last night than the night prior, when I had not disabled the log. 55 minutes 14 seconds vs. 55 minutes 18 seconds. The builds vary more than that from night to night.

        -Noel

    • #219566

      Nadella’s gang has some competition in the race to collect Telemetry, it seems:

      Google secretly logs users into Chrome whenever they log into a Google site

      Firefox collects data on you through hidden add-ons

      3 users thanked author for this post.
      • #219567

        There’s no monopoly on telemetry.

        On hiatus {with backup and coffee}
        offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
        offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
        online▸ Win11Pro 21H2.22000.675 x64 i5-9400 RAM16GB HDD Firefox101.0b6 MicrosoftDefender WuMgr
        2 users thanked author for this post.
    • #219660

      Thanks for these excellent and clear instructions, @abbodi86! I wouldn’t mind going to Group B for my own machine, but it would be a pain to to go that route for the other 2 machines I update, and I wouldn’t have attempted the script since I wouldn’t know how to undo something if I mess up in executing the process. But these manual steps are very clear and not onerous. I had done some of them earlier, but I’ll be interested to see what happens to my settings after the October rollup.

      I really appreciate your time and effort.

      Linux Mint Cinnamon 19.3
      Group A:
      Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux
      Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro
      Win 10 Pro x64 v21H2 Ivy Bridge, dual boot with Linux

      1 user thanked author for this post.
    • #222570

      1) Unified Telemetry Client

      – introduced in updates KB3068708/KB3080149, and became part of the Monthly Rollup since October 2016 preview rollup

      Did NOT know this was in Monthly Rollup. Never install previews (& never will), so it’s been baked in since November 2016. I was surprised since Windows Update still shows as Recommended (do not receive Recommended updates the same as Important). Followed your manual instructions for disabling Telemetry Client services (I had already disabled DiagTrack) & Compatibility Appraiser tasks. Am still switching to Group B after Patch Tuesday, especially if KB2976978 still shows in Windows Update as Important, like KB3010149 does in Recommended. Would rather be Safe (& on Win8.1) than Sorry (& on Win10 whatever).

      2 Machines for Now!
      #1: Windows 8.1, 64-bit, back in Group A.
      #2: Getting close to buying a refurbished Windows 10 64-bit, recently updated to v1909. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
      Wild Bill Rides Again...

      2 users thanked author for this post.
      • #223384

        Some updates cannot be totally superseded (from Windows Update POV) except with metadata
        and preview rollups cannot metadata-supersede important updates (KB2976978) in this case

        KB3080149 is not completely superseded for Windows 8.1
        likewise WU client update KB3044374

    • #225429

      Thank you so much for the script! Just to clarify: Is there any functional difference between running this script after installing a rollup versus exclusively installing Security Only patches? In other words, does a Group A system where one installs the latest rollup and then runs the above script make any additional network connections than an identical system that has installed only Group B patches? Would there be any additional (telemetry related) CPU usage on the Group A version?

      If the answer is no, then it seems the reasons for going Group B are rapidly vanishing!

      1 user thanked author for this post.
    • #226618

      Is it safe to delete diagtrack.dll?

      • #226659

        SFC will nag about it and restore it, Win8.1 dism /restore-health likewise

        so the deletion is not needed

    • #327473

      I just noticed the cmd script is unable to access certain subdirectories under the C:\ProgramData\Microsoft\Diagnosis path. (The icacls command issues “Access is denied.”) If I try to manually view the contents of these subdirectories, it’s not enough to simply access as administrator; I’m told I have to take ownership of the directory.

      • #327479

        I believe the script that creates the Task Scheduler task sets it up to run as “System,” not as administrator.

    • #347244

      I’ve been in group b since the beginning.

      The last time I updated though was the first important Service Stack update back in 05-26-2017 with KB4019264.  I knew there was things I had to do to keep up with Security since then, but every time I would come here and try to figure out which I had to do the list was long and didn’t have the time to fuss, so I just kept procrastinating. Lately though I Knew it was time I had to do something. After spending a hour reading which ones I needed to install, and during that I came across Woody saying it’s just best now to just go to group and save yourself all the hassle of keeping up with group B… and then I found this post thread he by abbodi86

      Thank heavens, I absolutely love it! So simple. I’ve now become Group A and I’ll just run this script.

      So I go to Windows update expecting to find all kinds things since I’ve been in group b for so long, but the only thing I saw needed (besides NET, Visual c++) was this 2019-03 monthly Quality Rollup for Win7 KB4489878 ..oddly though I did not see Service Stack Update KB4490628 that was suppose to be there, and I don’t have it installed either – why did the SSU not show up? ..because as I said the last SSU or any update I did was back in 2017!  I did not want to install KB4490628 separately though since it was not listed so I just went ahead with KB4489878  ..hopefully since I assume it’s cumulative it contains everything I need?

      Anyway I installed it, quick and easy, and after reboot I ran abbodi86 telemetry cmd and here’s what it did:

      abbodi86telemetry

      ..it was nice not to fuss with doing it all manually any more!  I see there was some things in the script it says it did not do, and I assume that was because of obvious reasons? I changed the script to /t 30 ..only because I needed an extra moment to take the screenshot and I only had one chance to catch what it said, so I made sure I had time and gave it 30 secs

      Thank you abbodi86

      • #347255

        So I go to Windows update expecting to find all kinds things since I’ve been in group b for so long, but the only thing I saw needed (besides NET, Visual c++) was this 2019-03 monthly Quality Rollup for Win7 KB4489878 ..oddly though I did not see Service Stack Update KB4490628 that was suppose to be there, and I don’t have it installed either – why did the SSU not show up?

        The Servicing Stack did not show up because it HAS to be installed exclusively (by itself). It does not show up in the Important Updates queue until there are no pending updates (checked or unchecked) in the update queue. The Servicing Stack is the update for the updating mechanism and is very important. You should install it.

        I see there was some things in the script it says it did not do, and I assume that was because of obvious reasons.

        The script needs to be run as “System,” not just from an eleveted command prompt. Along with the script, there is a command line in @abbodi86 ‘s AKB that sets up a Scheduled Task, run as “System” on bootup. To make it work, locate the script in the correct folder and run the command to create the Scheduled Task as per the instructions in the AKB.

        2 users thanked author for this post.
      • #347407

        Like @PKCano said, while it’s best to create/run Scheduled Task as “System”, there is no need to worry about those Access denied files, they don’t have an effect as long as DiagTrack service and WMI tracker are disabled, and the Appraiser tasks

        1 user thanked author for this post.
    • #347276

      I created a new reply to you PKCano and it showed up, but when I edited it and submitted then it completely disappeared? Was it deleted? …I’m just learning this forums format so, pardon. I will retype it again…

      The Servicing Stack did not show up because it HAS to be installed exclusively (by itself). It does not show up in the Important Updates queue until there are no pending updates (checked or unchecked) in the update queue. The Servicing Stack is the update for the updating mechanism and is very important. You should install it.

      Okay then, thank you. I created a partition image just before I started so I will just restore it and do it in the correct order this time with the SSU manually done first – if that would be best?  I don’t mind restoring at all it’s easy, and actually prefer it if it’s the best thing to do here?

       

      The script needs to be run as “System,” not just from an eleveted command prompt. Along with the script, there is a command line in @abbodi86 ‘s AKB that sets up a Scheduled Task, run as “System” on bootup. To make it work, locate the script in the correct folder and run the command to create the Scheduled Task as per the instructions in the AKB.

      Most things say succeeded, and I thought the few things listed in my screenshot that did not succeed was just because I already had all the tasks previously set disabled and in Services had the tracking disabled too. Most of his script worked and I see the things deleted out of the task scheduler now. PCKano you are saying not even if I right click and run as Admin it won’t work?

      I can set it up as a task but only want/need to run once, but reading it again abbodi86 says in the first post:

      – execute it after installing the Monthly Rollup and rebooting
      you only need to run it once, and to be safe, once after each new rollup installation

      …that’s what I did – does his first posts first method need to be re-worded again because I’m confused. It says just run it once each time you install a new rollup, and so it’s a cmd file and so I just ran it, even right click to run as admin.  If there was more to his first method why is it not listed? ..thanks for your patience.

      • #347279

        Your original reply got caught in the spambucket. It was due to too fast on the trigger with submit/edit/submit/edit. Slow down and let the system catch up between operations.

        1 user thanked author for this post.
      • #347284

        The telemetry functionality of KB2952664 was built into the 2019-09 Preview Rollup and the subsequent Monthly Rollups starting with 2019-10 SQMR. That’s the reason to necessitate rerunning the script.

        The command creating the Scheduled Task sets it up to run as “System” on bootup. I guess if you have manually deleted the Diagtrack and CEIP related parts, you should be OK. But I don’t trust MS to not put them back next month, so I set mine up to automatically execute as a Scheduled Task. Maybe I’m just lazy! LOL 🙂 (or my memory is failing in my old age)

        1 user thanked author for this post.
    • #347314

      Thank you PKCano. You really didn’t answer my main questions though; also to say I didn’t manually delete Diagtrack etc but his script did, with his 1st way which just says to execute it and is how I ran it. But you said no and that I needed to to it as a “System” task on boot up.  Well so I just ran his 2nd way adding in his scheduled task script was pretty easy. I even see the task added in there now as W10Telemetry, and so I rebooted to let her run and tracked what it did but really don’t see it did anything more because I ‘think’ as my above screenshot shows, it already did everything that was there available to do in his first method.

      Did you look at my screenshot above?  Perhaps when abbodi86 looks at the screenshot since he wrote the script he will understand right away what was done or what’s needed now.  I really don’t think I need to do anything more?  The question though was and is his method #1 to Manually run his ‘W10Tel.cmd’ good enough? Yes/No? ..or is it better to run his method 2 within the task scheduler – I like some clarification on this from abbodi86 too if I may please.

      Also my hinting asking you did I need to restore my OS image and do it all again just because I did not install the latest KB4490628 Servicing Stack Update first? ..so just now instead of restoring I installed it was very quick wanting no reboot. I see this SSU KB4490628 changed the previous version numbering from 6.1.7601.18766 up to 6.1.7601.24383.  Also just checking at WU it still has nothing new for me.

      I’ve now set his W10Telemetry task as disabled and won’t need to run it until I do the next rollup when its imperative. Or like he says I will just run his method #1 ‘W10Tel.cmd’ Manually after the next time I do a cumulative rollup. Yes/No

      Thank you

      • #347319

        Manually or as a Task – whatever gets the job done. Until you forget to run it……..

        If the SSU installed, you should be good. No need to restore.

        2 users thanked author for this post.
    • #347487

      Like @pkcano said, while it’s best to create/run Scheduled Task as “System”, there is no need to worry about those Access denied files, they don’t have an effect as long as DiagTrack service and WMI tracker are disabled, and the Appraiser tasks

      Thank you.  I’ll do both then, I like to manually look at what the cmd prompt says when I first manually run ‘W10Tel.cmd’ after an update, and then manually reboot, but before rebooting I will also toggle my Schedule Tasks W10Telemetry back on and then let it reboot… might not be necessary to do it both ways but won’t hurt right… (then afterwards I’ll disable the task until the next time I update (which is not often) ..because no sense to have it run everyday for no reason right ..until of course the next update. I only update once every few months anyway when something is imperative or is the right MS-DEFCON

      Thanks again, and nice work

      PS – it feels GREAT to move to the easier Group A now.. I see why Woody (and others) suggest it.

    • #348182

      Is there a script like this for Win10 to neutralize telemetry on Win10 too?

      I’ve seen some programs like O&O etc, but just wondering if someone is maintaining a script to do it like is done here, or if it’s not that easy since 10 is more complex, what is the best program to do it on Win10?

      • #348257

        No

        Telemetry is deeply baked into Windows 10, disabling it completely is a lost cause
        disabling it mostly might break other things

        5 users thanked author for this post.
        • #348302

          not only that but (here’s the shocker) disabling telemetry completely in win10 “encourages” the win10 update assistant to upgrade any machine to the newest feature update available (unconditionally), regardless of windows update blocking settings, bypassing them [aka. “forced automatic upgrades”].

          remember this old Computerworld article folks:
          https://www.computerworld.com/article/3261570/microsoft-forces-win10-1709-upgrades-on-pcs-set-to-restrict-telemetry.html

          back then in that article, someone using O&O Shutup10 to disable telemetry completely (the diagnostic data set to 0) caused a Win10 machine to force upgrade to v1709.

          so in essence attempting to disable telemetry completely in win10 seems to make things worse, not better.

          5 users thanked author for this post.
    • #348369

      Okay thank you guys, I understand don’t try to disable telemetry completely, and so then what is the balance, what is the most practical method that can be safely done with Win10?

      I know I want to at least stop Win10 from auto updating itself, and perhaps this link below ‘may be’ the latest method – have you seen this one: ?

      https://github.com/WereDev/Wu10Man

      …or is there something better? (Yes EP I read the Computer world article, thank you)

      As far as telemetry, again what are the minimal things we can do to tame it, without causing a fuss?

      (I don’t mind if you move this post as I don’t want to hijack this Win7/8.1 thread.  I have Win7, Win8, and Win10 computers on my network, and Win7/8 worked perfectly with your W10Tel.cmd – I love it, thank you! …now I need to do a similar (or at least a minimum) of settings for Win10)

      • #348367

        Create a Topic under the version of Win10 you have. Make the title reflect your question about limiting telemetry.

        You can use the Forum tree at the bottom of the right-hand (woodgrain) panel to find the link you need. Topic creation is at the bottom of the page in that Forum. Good exercise!

        3 users thanked author for this post.
    • #1874954

      Many thanks for the removal script!

      Just one question: If I understood it correctly, the script first adds a value HaveUploadedForTarget to the key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser, and a few steps after, it deletes the whole Appraiser key.

      Is this supposed to be this way or should it be the other way round?

      2 users thanked author for this post.
      • #1875123

        It actually should be the other way around, but the HaveUploadedForTarget may not haveany effect

        anyway, updated the script and added support for Win7 EOS KB4493132

        5 users thanked author for this post.
        • #1875310

          Great, thanks for the quick reply & fix!

    • #1883369

      KB 4493123 has reared its ugly head again on PCs running Windows 7 Home Premium x64 as of today 24 July (Sydney Australia date). Have hidden them again.

      1 user thanked author for this post.
    • #1884955

      born is reporting about the KB4493132 update showing up again recently:
      https://borncity.com/win/2019/07/24/windows-7-new-notification-update-kb4493132-july-2019/

      the enterprise and professional editions of Windows 7 will not be offered the KB4493132 update; only “consumer” editions of Windows 7 (home and ultimate) will have it offered

      • This reply was modified 2 years, 9 months ago by EP.
      1 user thanked author for this post.
    • #1896548

      @abbodi86 and all –

      Is it possible to get a listing of the W10Tel.cmd script if it is not too big? Our network policy blocks download sites for security reasons. We would be violating policy if we download it from a different network… That’s a no-no.

      • #1896562

        You can copy and paste it into Notepad. It’s just a small amount of text. Then save it as .cmd on your computer.

        2 users thanked author for this post.
    • #1899530

      My home PC (Win 7 x64) has 3 user IDs defined on it: a user ID with administrative privileges which I use only for system maintenance tasks, a user ID without administrative privileges which I use for day-to-day tasks, and a similar user ID that my wife uses for her day-to-day tasks. If I wish to use W10Tel.cmd on my system, is it sufficient to run it on the user ID that I use for system maintenance tasks, or do I have to run it on all 3 user IDs?

      • #1899682

        All the changes done by the script are system-wide (except the Win 7 EOS notification part (which you don’t need if you don’t install KB4493132)

        running it with the administrative user ID would be enough for all

        3 users thanked author for this post.
        • #1900975

          ? says:

          sorry to bother, can i cut :

          :: ############################
          :: # End Of Support KB4493132 #
          :: ############################
          From there to the end of this section.

          to not run the EOL portion and still have the functionality of your patch? in case the winx upgrade appraisal components are (somehow) added between now and 1/2019. i’m planning to run without “Security Only” patches that contain this “appraisal” nonsense while updating IE and MSE until then…

          thank you!

          Moderator note: Please do not publish @abbodi86 ‘s script on this site.

        • #1901007

          ? says:

          my apologies, will not do that again

        • #1901056

          Yes, no problem
          be sure to keep the :proceed line

        • #1901141

          ? says

          abbodi86:

          reply much appreciated, so i can cut from:

          if (…  blah blah…) (7601 go to) :proceed (from here)

          cut all of EOS info

          then pick up at:

          :proceed

          UTC stuff? just want it to work in case i need to run it.

           

           

        • #1901166

          Yes, basically from line 15 to 31

        • #1901178

          ? says:

          got it, thank you, kind sir! i see the green defcon flag has been raised and since i’m nowhere near to be considered a “normal,” (user) or anything for that matter (left-handed, dyslexic) i think i’ll sit back, relax have a cold drink and see how this all plays out…

          again, thank you abbodi86!

        • #1901257

          @abbodi86:   Since I don’t know what I’m doing (very computer illiterate), I will just watch and see how things turn out (for the present time).   Thank you for all of the excellent information and guidance you continually provide for all of us “users”.    You do an outstanding job, which is very much appreciated! 

      • #1899689

        Tony,

        just run it with your Admin account and it will cover all 3 accounts.

        I don’t have a Windows 7 setup to test it with at the moment but I have always right clicked on W10Tel.cmd and selected “Run as Administrator” from my Admin account (it may prompt to run it as Administrator even if you don’t do that but I’m not sure).

        If you run it from either of the 2 Standard accounts it would probably still prompt you to run it as Administrator and it would probably cover all 3 accounts. Once again, I’m not sure about that so if anyone else knows for sure please chime in.

        Anyway, easiest thing to do would be to just run it from your main Admin account and it will cover all 3 as I have already mentioned.

        Edit: abbodi86 beat me to it (thanks, abbodi). Must learn to type faster.

        PC1: Gigabyte GA-B250M-D3H Motherboard, Intel i5-7600 CPU, 32GB RAM, NVIDIA GeForce GTX 1650 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 21H2 64bit.
        PC2: Asus H81M-PLUS Motherboard, Intel i3-4160 CPU, 16GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Home 21H2 64bit.

        2 users thanked author for this post.
    • #1899868

      In recent years I religiously kept doing a number of tweaks (some described in this thread, some on other blogs) to stop telemetry on my Win 7 systems.  But MS kept pushing updates that re-activated telemetry. So frustrating & disappointing.

      The only thing that really works for me – and is easily reversible – was implementing a Pihole adblocker at home and adding a blocklist a github site maintains for blocking MS telemetry.  The blocklist works well, is easy to disable if needed and is completely independent of Windows.

    • #1900097

      The only one I was able to find there appears to be designed for Win 10’s telemetry and I don’t know if they’d be the same for Win 7. Since you specifically stated you’re running Win 7 is there any chance you could provide more specific info? Like the list’s file name maybe?

    • #1904223

      I ran W10Tel.cmd for the first time on my W7x64 (Home Premium) system today. It generated a number of error messages which are displayed on the screen shot of the command prompt window below.

      W10Tel2

      W10Tel2.cmd is W10Tel.cmd without the W7 EOS KB4493132 section (lines 15 to 31) – I don’t have KB4493132 installed. As can be seen, I redirected the normal output to a text file, but the error messages appeared in the command prompt window.

      I’m not expecting an explanation of what each error message means. But I would like to be reassured that such error messages are expected simply because every W7 system is different.

      • #1904258

        Such errors are expected, the script is straight forward, it try to remove the registry values and/or files without checking if they exist or not
        actually, running reg query will also output error, therefore, it will not make a difference to check or add

        so, just ignore the errors 🙂

        to redirect error output add 2>&1 after text file
        W10Tel2.cmd W10Tel2.log 2>&1

        3 users thanked author for this post.
    • #1904253

      ? says:

      TonyC, maybe have a look at the powershell Bob Villa posted up in #347244 on march 31st while awating abbodi86’s reply?

      2 users thanked author for this post.
      • #1904275

        Yes, I did see Bob’s post and noticed a number of error messages in his command prompt window. Bob appeared to be seeking the same reassurance that I was seeking.

        1 user thanked author for this post.
    • #1904580

      I had been holding back updates on my systems (Windows 7 and 8.1), and liked the sentiment behind this “script”.

      Anyway, long story, I did not see anything specifically mentioning in this thread that you may need to enable DiagTrack in to install some updates. In my case, KB4507448.

      Check your “Application” event log,  and if you see an ‘0x800f0816’ error. Try enabling DiagTrack.

      NOTES:
      Essentially, the message states that it cannot change the state of the update to “staged”:
      Package KB4507448 failed to be changed to the Staged state. Status: 0x800f0816.

      After enabling:
      Initiating changes for package KB4507448. Current state is Resolved. Target state is Staged. Client id: WindowsUpdateAgent.

      That error does not appear to be documented\detailed. For example, in this powershell snippet (NOTE: I feed in two error codes just to confirm the Win32Exception object actually works for the ‘Facility’):

      0x800f0816,0x800f0001 | % { ‘Facility: {0}, Error: {1}, {2}’ -f @(($_ -shr 16 -band 0xfff), ($_ -band 0xffff), ([ComponentModel.Win32Exception]$_).Message) }

      I get these results:

      Facility: 15, Error: 2070, Unknown error (0x800f0816)
      Facility: 15, Error: 1, A section name marker in the INF is not complete, or does not exist on a line by itself

       

      Regard,
      Richard Rudek

    • #1930910

      ? says:



      @abbodi86
      ,

      if you can tell me why Application Experience (CEIP) runs (RunAsInvoker) (compatibility fix runs because it it blocked?) when i update MSE even though it is disabled in the Task Scheduler i would appreciate it. i am opted in to Basic spynet in MSE settings because the real time scanning only works if opted in. i see the invoker run in event log\application experience and can flush out the xml to %temp% (users\appdata\local\temp:

      “xml version=”1.0″

      Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”

      System

      Provider Guid=”{EEF54E71-0661-422D-9A98-82FD4940B820}” Name=”Microsoft-Windows-Application-Experience”/

      EventID>500</EventID Version>0</Version Level 4 /Level Task 0 /Task

      Opcode 0 /Opcode Keywords 0x1000000000000000 /Keywords

      TimeCreated SystemTime=”2019-09-01 Z”/

      EventRecordID 514 /EventRecordID Correlation/ Execution ThreadID=”2184″ ProcessID=”2540″/

      Channel Microsoft-Windows-Application-Experience/Program-Telemetry /Channel

      Computer ?-PC /Computer Security UserID=”S-1-5-20″/ /System- UserData

      CompatibilityFixEvent xmlns=”http://www.microsoft.com/Windows/Diagnosis/PCA/events&#8221;

      xmlns:auto-ns2=”http://schemas.microsoft.com/win/2004/08/events&#8221;

      ProcessId>2540</ProcessId

      StartTime 2019-09-01 Z /StartTime FixID {1C2D58C3-DCD2-41E3-BD0B-25F05028C655} /FixID

      Flags 0x40102 /Flags ExePath C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\MpSigStub.exe /ExePath

      FixName>RunAsInvoker /FixName/CompatibilityFixEvent /UserData /Event”

      thank you!

      • #1931575

        This is not the Appraiser running

        it’s just regular compatibility fix that’s get applied for some programs, part of Application Experience service

        like i said before, the Telemetry Appraiser hooks in (or hijack) the built-in Application Compatibility Experience tasks and event log channels
        but it’s still function as old behavior and provide compatibility shim for programs

        1 user thanked author for this post.
        • #1931711

          ? says:

          ok, great! i missed it when you said it before so thank you for repeating yourself and now i know why it’s in the logs. on another note i was checking for old telemetry patches and i have KB3021927 showing in hklm\software\microsoft\windows\currentversion\componentbasedservicing\applicability\evaluationcache with current state value=0 (not installed) and applicability state value=112 (fully installed, available for binding) i installed it when it was offered as an “enhancement” in 2015 and then uninstalled it via wusa when i found out what it really was, so i gusee it is stuck in the win sxs basement…

          thanks again for your reply

        • #1934402

          You probably mean KB3021917

          ApplicabilityEvaluationCache reflect the result of Windows Update
          it’s deleted with each new update installation or uninstallation, and created by WU upon search

          ApplicabilityState 70 (112) means the update is considered valid by WU and will be offered
          it doesn’t mean the update is installed

          1 user thanked author for this post.
        • #1934438

          ? says:

          abbodi86, you make the world a much better place! yes, i have middle number dyslexia and KB burnout it is KB3021917 and it only shows up in Nir’s WinUpdatesList tool. and yes as you say the correct ApplicabilityState value is 0x70 (112) (valid).

          so the …\cache is a what if pile rather than a what is pile? no wonder i can’t wusa it out of existence, i already did. i really do appreciate you always generously sharing your knowledge…

          thank you!

          1 user thanked author for this post.
        • #1934463

          You are welcome

          Yep, only CurrentState reflect the updates status on the system
          0 – not installed
          50 (80) – installed / superseded
          70 (112) – installed / active

          1 user thanked author for this post.
    • #1950206

      Thank you so much.  After finding out, Mic-SOB’s again added their telemetry BS, I was ready to throw in the towel. Giving up on all updates, till the bitter end of Win 7. I had already done everything you suggested long ago. The one thing I wasn’t sure about, if I downloaded updates with telemetry included, would telemetry reset what I disable and/or create new files that were deleted? Now I know the answer is No. Thanks again, your hard work is very much appreciated!!!

      1 user thanked author for this post.
    • #1970341

      Using the physical-sciences principle of “confirm what you think you know” (but really, I believe am just kicking a dead horse), with the new inclusion (in Sep 2019) by MS of telemetry in Win7 & 8.1 “security only” patches, it appears that there is absolutely no reason to stay in Group B, as you have to use one of the methods of this thread in either Group B or Group A, and in Group B you are passing up Win fixes and improvements.  True?

      Any reasons for the contrary?

      • #1970348

        You hit the nail on the head.
        If you pass up security-only patches, well, you pass up security.
        You can stop the telemetry, but if you don’t have the security…………

        1 user thanked author for this post.
    • #1974849

      Thanks! I wouldn’t know how to do the script, but the manual steps were very clear and easy. Much appreciated!

    • #1977797

      Could the script be added to include the following?

      The July Security Only update that adds telemetry creates a folder, Migration\WTR, with a file, CompatTelemetry, that lists the changes that include some not already in the script.  They are..

      [System.File]
      “%windir%\system32\CompatTel\* [*]”
      “%windir%\system32\ [aepdu.dll]”
      “%windir%\system32\ [devinv.dll]”
      “%windir%\system32\appraiser\* [*]”
      “%windir%\system32\ [acmigration.dll]”
      “%windir%\system32\ [appraiser.dll]”
      “%windir%\system32\ [invagent.dll]”
      “%windir%\system32\ [generaltel.dll]”
      “%windir%\system32\Tasks\Microsoft\Windows\Application Experience\ [Microsoft Compatibility Appraiser]”
      “%windir%\system32\Tasks\Microsoft\Windows\Application Experience\ [ProgramDataUpdater]”
      “%windir%\appcompat\programs\ [FullCompatReport.xml]”
      “%windir%\appcompat\UA\* [*]”
      “%windir%\appcompat\Appraiser\* [*]”

      [System.Registry]
      “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\ClientTelemetry\* [*]”
      “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser\* [*]”
      “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\UpgradeExperienceIndicators\* [*]”
      “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\OneSettings\* [*]”
      “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\* [*]”
      “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Shared\ [UpgExIndChecksum]”

      • #1978033

        CompatTelemetry.inf is used to exclude the listed files and registry if you decided to upgrade Windows 7 to Windows 10 (or 8.1)

        removing that file or any other related system files will break SFC integrity

        and it’s not needed at all
        like i said, disabling the schedule tasks and WMI logger should be enough

        2 users thanked author for this post.
    • #2017648

      Updated W10Tel.cmd script with entries to suppress Win 7 EOS notification (installed with KB4530734 and SO KB4530692)
      https://pastebin.com/zeJFe08G

      • This reply was modified 2 years, 5 months ago by abbodi86.
      4 users thanked author for this post.
    • #2086491

      Aside from a current disk image, is there a way to undo w10tel.cmd?

      Not sure why but ya never know what MS might do next…..

      Great tool BTW!

      DriftyDonN

    • #2125285

      Updated W10Tel.cmd script with entries to suppress Win 7 EOS notification (installed with KB4530734 and SO KB4530692)
      https://pastebin.com/zeJFe08G

      • This reply was modified 2 years, 5 months ago by abbodi86.

      Will this script work with the last JAN 2020 SO update KB4534314 which also contains EOS notification?

      I’m still going to wait for JAN 2020 SO update so MS can fix their black background bug.

       

      • #2125295

        I am using the script as a startup task in Task Scheduler, and I haven’t seen the EOS nag on any of my 8 Win7 computers (up to date through Jan).

        2 users thanked author for this post.
    • #2260681

      And for those who find this level of task too fiddly and or too complicated there is a nice auto-pilot one click app  ‘SpyBot Anti-Beacon’ which makes life easier available from
      Safer-Networking.org .
      Latest download v3.5 comes as a free version and covers approx 50% of the Microsoft telemetry spy zones and the paid for ‘Plus’ version (€7.99 p/a) is available which enables 100% coverage of all Microsofts embeded telemetry.

      G.

       

    • #2260699

      free version and covers approx 50% of the Microsoft telemetry spy zones and the paid for ‘Plus’ version (€7.99 p/a)

      The free, portable Debotnet does much more and doesn’t cost a dime.

      1 user thanked author for this post.
    • #2260900

      free version and covers approx 50% of the Microsoft telemetry spy zones and the paid for ‘Plus’ version (€7.99 p/a)

      The free, portable Debotnet does much more and doesn’t cost a dime.

      I had never heard of this extremely useful utility until I read your post.

      It has now been added to my arsenal of Microsoft anti-snooping software.

      Thanks for sharing.

      • This reply was modified 2 years ago by 7ProSP1.
      1 user thanked author for this post.
    • #2264279

      The free, portable Debotnet does much more and doesn’t cost a dime.

      It’s already been deprecated in favour of sharpapp, ghacks report.

      Sharpapp is inferior to Debotnet, which still can be used.

    • #2271894

      This being almost 2 years old, I get quite a few”file does not exist lines” but then the cmd box disappears quick! Isn’t it likely win10 has changed enough that some of this needs updating? Just curiosity. I run this religiously every month!

      Thank You!

       

    Viewing 40 reply threads
    Reply To: 2000012: Neutralize Telemetry & Sustain Win 7, 8.1 Monthly Rollup Model

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.