|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513
Posted on Comment on the AskWoody LoungeThis topic contains 6 replies, has 4 voices, and was last updated by
anonymous 1 year, 4 months ago.
-
AKB 2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513
By @pkcano
Published 21 March 2017 rev 1.0
Telemetry has been a part of Windows from the beginning. An example of this is the Customer Experience Improvement Program (CEIP). If the User opted into CEIP, data about the computer usage was sent to Microsoft.
What is considered by many to be excessive data collection has been built into Win10 from the beginning. But beginning with the “Get Windows 10” (GWX) campaign, the amount of data collected from individual Win7/Win8.1 computers has greatly increased. Not only has that raised privacy concerns, but the act of collecting itself can use significant computer resources. If the data collection is done over limited (metered) connections, cost may also become a factor.
What data is being gathered? We don’t have any idea, and don’t have any way to know, unless Microsoft suddenly decides it’s in their best interest to tell us. Don’t hold your breath. Some people think the whole thing’s overblown. Others are cautious. They don’t trust Microsoft.
The most obviously telemetry/compatibility related patches…
For Win7 SP1:
KB2952664/KB3150513
KB3021917
KB3068708
KB3080149
KB3022345 (this patch has been superseded by KB3068708, so it won’t show up in a clean install. But it may still show up as installed on the computer)For Win7 RTM
KB2977759/KB3150513For Win8.1
KB2976978/KB3150513
KB3044374
KB3068708
KB3080149The collection of data about PC hardware/software, and how it is used, is probably more significant to Win10 which receives major version upgrades every eight months and frequent feature changes in between. But for Win7/8.1 users, particularly those with older hardware, who have no intention of upgrading to Win10, we’ve found no correlation between increased data collection and better patches.
Major offenders are:
Customer Experience Improvement Program (CEIP). CEIP has been around for years. Microsoft says it collects the information about how products are used to “improve the products and features” and to “help solve problems.” Microsoft’s statement is here
KB2952664 (Win7 SP1) Compatibility Updater
KB2976978 (Win8.1) Compatibility Updater
KB2977759 (Win7 RTM) Compatibility UpdaterAccording to Microsoft:
This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.
The Compatibility Updater is prerequisite for KB3150513, which provides updated configuration and definitions for the Compatibility Updater.
According to Microsoft:
This update provides the latest set of definitions for compatibility diagnostics that are performed on the system. The updated definitions will help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system. Installing this update also makes sure that the latest Windows operating system version is correctly offered through Windows Update, based on compatibility results.
@mrbrian, one of the contributors to AskWoody, did extensive research on the effect of CEIP, with and without the Compatibility Updater installed, on Win7 SP1. His results can be found here.
A synopsis of his findings:
1. CEIP is voluntary and can be turned off.
2. The Diagnostics Tracking Service sends data to Microsoft
3. Computers without the Compatibility Updater installed and with CEIP turned off, did not experience episodes of data being sent by Diagnostics Tracking Service to Microsoft.
4. Computers without the Compatibility Updater installed collect data to send data to Microsoft using the ProgramDataUpdater task in Task Scheduler located in Microsoft\windows\Application Experience.
5. The installation of the Compatibility Updater adds the Microsoft Compatibility Appraiser task to the Task Scheduler and changes the action for task ProgramDataUpdater, both located in Microsoft\Windows\Application Experience.@mrbrian‘s findings were:
Here is the full list of what I found for Windows 7 x64 that violates the operating system’s Customer Experience Improvement Program setting:
- Pre-KB2952664 task ProgramDataUpdater (but not post-KB2952664 task ProgramDataUpdater) can use significant CPU and disk resources.
- Task Microsoft Compatibility Appraiser (from KB2952664) can use significant CPU and disk resources.
- Diagnostics Tracking Service sends some data to Microsoft after task Microsoft Compatibility Appraiser runs, although a lot less than compared to when the operating system’s Customer Experience Improvement Program setting = Yes.
@abbodi86‘s conclusion
Appraiser KB2952664 and Telemetry DiagTrack are built-in Windows 10 since RTM
Both KB2952664/KB3150513 are only needed for upgrade they have nothing useful for current Windows 7 (well, except providing MSFT with Appraiser statistics)
@mrbrian‘s RECOMMENDATIONS FOR REDUCING TELEMETRY (DATA COLLECTION BY MICROSOFT
Here are my recommendations based on my test results so far (for Windows 7 x64 computers):
If you set operating system’s Customer Experience Improvement Program setting = No, some data is still sent to Microsoft telemetry within 35 minutes after task Microsoft Compatibility Appraiser (added by KB2952664) finishes running, as shown in screenshot https://i.imgsafe.org/42b131eb08.png.
If this is unacceptable, then do at least one of the three following actions (in addition to setting operating system’s Customer Experience Improvement Program setting = No):
Action 1) In Task Scheduler, disable task Microsoft Compatibility Appraiser (located in MicrosoftWindowsApplication Experience). This also stops Microsoft Compatibility Appraiser from sometimes consuming a lot of CPU and disk resources.
And/or Action 2) In firewall or router, block traffic to DNS endpoints settings-win.data.microsoft.com and vortex-win.data.microsoft.com, or equivalent (for now anyway) IP addresses 64.4.54.253 and 64.4.54.254. To do this in Windows Firewall, see http://www.easysecurityonline.com/how-to-protect-windows-7-and-8-from-getting-windows-10-privacy-intrusions-too/. I verified that this blocks Diagnostics Tracking Service telemetry using Process Monitor.
And/or Action 3) Disable service Diagnostics Tracking Service. I verified that this stops Diagnostics Tracking Service telemetry using Process Monitor. Microsoft recommends to not disable this service at https://blogs.technet.microsoft.com/netro/2015/09/09/windows-7-windows-8-and-windows-10-telemetry-updates-diagnostic-tracking/. Third-party programs can also use this service to send telemetry.
There are advantages and disadvantages of each of the above 3 actions. I will probably do Action 2 very soon in Windows Firewall, and also Action 1 if task Microsoft Compatibility Appraiser exists on my computer in the future.
Notes:
1. It’s possible that existing or future Windows updates, or perhaps even other situations, could re-enable Microsoft Compatibility Appraiser or Diagnostics Tracking Service if they are disabled. This makes Action 2 attractive.
2. I don’t know if any of the above actions causes problems. I didn’t notice any problems during my tests though.
3. There is no guarantee that following this advice will be effective on your computer. It was effective in my tests though.
4. I don’t know if following this advice is effective on Windows 8.1. I might test Windows 8.1 if there is enough demand, or if Woody asks me to do it.Reference More on data collection
Further reference on data collection and telemetry:
Removing telemetry
https://www.askwoody.com/2017/martin-brinkmanns-deep-dive-into-removing-telemetry-in-win7-and-8-1/Prerequisites for KB3150513 Compatibility Updater
10 users thanked author for this post.
-
anonymousThank you for writing this article :).
May I suggest a few corrections?
1. A clarification of what is meant by “Compatibility Updater.”
2. The link for “Microsoft’s statement is here” might be not what you intended.
3. Before doing the actions that I suggested, the first thing that I recommend is to turn CEIP off. I didn’t make that clear in my post.
4. Regarding the text “What data is being gathered? We don’t have any idea, and don’t have any way to know, unless Microsoft suddenly decides it’s in their best interest to tell us.”: I believe it’s quite likely that I did discover a method that shows what data is being sent. See https://www.askwoody.com/forums/topic/care-to-join-a-win7-snooping-test/#post-21414 for more details.
5. “Diagnostic Tracking Service” should be spelled “Diagnostics Tracking Service”.
I’ll review the article more in-depth later, and provide any further recommendations (if you want them.)
MrBrian
-
Thanks for your input
1. I highlighted the Compatibility Updater and the information from MS was below.
2. The link was right at some point – it’s right again
3. That point was made in your comment – I highlighted it to emphasize it.
4. I added the link to that post at the bottom of your recommendations.
5. Corrected spelling of Diagnostics Tracking Service
You really should register. You have contributed so much information. You would really be an asset to the site.
-
anonymous
-
-
-
You really should register. You have contributed so much information. You would really be an asset to the site.
I can only subscribe to this statement.
PS This is in relation to MrBrian’s contributions. 🙂
1 user thanked author for this post.
-
Good info.
I’ve been doing all the actions MrBrian suggests for quite a long time, and some additional steps (e.g., DNS proxy resolution blacklisting of telemetry server names).
It is effective.
-Noel
1 user thanked author for this post.
-
anonymousPKCano said:
@mrbrian‘s RECOMMENDATIONS FOR REDUCING TELEMETRY (DATA COLLECTION BY MICROSOFTMrBrian wrote:
2) In firewall or router, block traffic to DNS endpoints settings-win.data.microsoft.com and vortex-win.data.microsoft.com, or equivalent (for now anyway) IP addresses 64.4.54.253 and 64.4.54.254.For some reason, using Microsoft’s nslookup at command prompt for 64.4.54.253 & 64.4.54.254 indicates that these as non-existent domains, whereas IP-Tracker.org indicates that these are “Microsoft Bingbot” domains.
On the other hand, nslookup for the 2 stated telemetry domains fetches the following info. The DNS server used is Google DNS.
> nslookup settings-win.data.microsoft.com
Name: hk2-eap.settings.data.microsoft.com.akadns.net
Address: 23.99.125.126, 40.77.226.249, 111.221.29.253
Aliases: settings-win.data.microsoft.com- asimov-win.settings.data.microsoft.com.akadns.net
- geo.settings.data.microsoft.com.akadns.net
- hk2.settings.data.microsoft.com.akadns.net
settings-win.data.microsoft.com resolves to a different IP address (3 nos. observed so far, as shown above) when I repeat the command at different times. Meanwhile, the domain aliases remain consistent.
> nslookup vortex-win.data.microsoft.com
Name: hk2.vortex.data.microsoft.com.akadns.net
Address: 111.221.29.254
Aliases: vortex-win.data.microsoft.com- asimov-win.vortex.data.microsoft.com.akadns.net
- geo.vortex.data.microsoft.com.akadns.net
The domain aliases for vortex-win.data.microsoft.com stay the same, but I manage to obtain only 1 IP address (as above) so far.
1 user thanked author for this post.
Recent Replies
- jknauth on Bitdefender vs. Windows 10 Version 1903 18 minutes ago
- jayinalaska on What I’ve Seen with Windows Update, So Far 19 minutes ago
- Mr. Natural on Patch Lady – a new default I’m not fond of 21 minutes ago
- Carl D on Patch Lady – a new default I’m not fond of 48 minutes ago
- Bob99 on PowerShell – Useful one-liners (maybe two…) 58 minutes ago
- Morty on Dell patches SupportAssist, but other PC-Doctor software still vulnerable 1 hour, 5 minutes ago
- Bob99 on PowerShell – Useful one-liners (maybe two…) 1 hour, 19 minutes ago
anonymous on Flash Drive Can’t Open Documents!!!
1 hour, 27 minutes ago- glnz on Patch Lady – if you are running 1803 or earlier 1 hour, 34 minutes ago
- Rick Corbett on What am i doing wrong? (Networking problems) 1 hour, 57 minutes ago
- 1 hour, 59 minutes ago
- Rick Corbett on PowerShell – Useful one-liners (maybe two…) 2 hours, 17 minutes ago
- b on Patch Lady – a new default I’m not fond of 2 hours, 55 minutes ago
- warrenrumak on Patch Lady – a new default I’m not fond of 3 hours, 10 minutes ago
- 3 hours, 11 minutes ago
- warrenrumak on Patch Lady – a new default I’m not fond of 3 hours, 47 minutes ago
- Ken Sims on Freeware Spotlight — System Information Viewer 3 hours, 56 minutes ago
- 4 hours, 8 minutes ago
- 4 hours, 11 minutes ago
- Susan Bradley on Patch Lady – a new default I’m not fond of 5 hours, 40 minutes ago
