AKB 2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513

By @PKCano

Published 21 March 2017 rev 1.0

Telemetry has been a part of Windows from the beginning. An example of this is the Customer Experience Improvement Program (CEIP). If the User opted into CEIP, data about the computer usage was sent to Microsoft.

What is considered by many to be excessive data collection has been built into Win10 from the beginning. But beginning with the “Get Windows 10” (GWX) campaign, the amount of data collected from individual Win7/Win8.1 computers has greatly increased. Not only has that raised privacy concerns, but the act of collecting itself can use significant computer resources. If the data collection is done over limited (metered) connections, cost may also become a factor.

What data is being gathered? We don’t have any idea, and don’t have any way to know, unless Microsoft suddenly decides it’s in their best interest to tell us. Don’t hold your breath. Some people think the whole thing’s overblown. Others are cautious. They don’t trust Microsoft.

The most obviously telemetry/compatibility related patches…

For Win7 SP1:

KB2952664/KB3150513
KB3021917
KB3068708
KB3080149
KB3022345 (this patch has been superseded by KB3068708, so it won’t show up in a clean install. But it may still show up as installed on the computer)

For Win7 RTM
KB2977759/KB3150513

For Win8.1
KB2976978/KB3150513
KB3044374
KB3068708
KB3080149

The collection of data about PC hardware/software, and how it is used, is probably more significant to Win10 which receives major version upgrades every eight months and frequent feature changes in between. But for Win7/8.1 users, particularly those with older hardware, who have no intention of upgrading to Win10, we’ve found no correlation between increased data collection and better patches.

Major offenders are:

Customer Experience Improvement Program (CEIP). CEIP has been around for years. Microsoft says it collects the information about how products are used to “improve the products and features” and to “help solve problems.” Microsoft’s statement is here

KB2952664 (Win7 SP1) Compatibility Updater
KB2976978 (Win8.1) Compatibility Updater
KB2977759 (Win7 RTM) Compatibility Updater

According to Microsoft:

This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.

The Compatibility Updater is prerequisite for KB3150513, which provides updated configuration and definitions for the Compatibility Updater.

According to Microsoft:

This update provides the latest set of definitions for compatibility diagnostics that are performed on the system. The updated definitions will help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system. Installing this update also makes sure that the latest Windows operating system version is correctly offered through Windows Update, based on compatibility results.

@MrBrian, one of the contributors to AskWoody, did extensive research on the effect of CEIP, with and without the Compatibility Updater installed, on Win7 SP1. His results can be found here.

A synopsis of his findings:

1. CEIP is voluntary and can be turned off.
2. The Diagnostics Tracking Service sends data to Microsoft
3. Computers without the Compatibility Updater installed and with CEIP turned off, did not experience episodes of data being sent by Diagnostics Tracking Service to Microsoft.
4. Computers without the Compatibility Updater installed collect data to send data to Microsoft using the ProgramDataUpdater task in Task Scheduler located in Microsoft\windows\Application Experience.
5. The installation of the Compatibility Updater adds the Microsoft Compatibility Appraiser task to the Task Scheduler and changes the action for task ProgramDataUpdater, both located in Microsoft\Windows\Application Experience.

@MrBrian‘s findings were:

anonymous wrote:

Here is the full list of what I found for Windows 7 x64 that violates the operating system’s Customer Experience Improvement Program setting:

1. Pre-KB2952664 task ProgramDataUpdater (but not post-KB2952664 task ProgramDataUpdater) can use significant CPU and disk resources.
2. Task Microsoft Compatibility Appraiser (from KB2952664) can use significant CPU and disk resources.
3. Diagnostics Tracking Service sends some data to Microsoft after task Microsoft Compatibility Appraiser runs, although a lot less than compared to when the operating system’s Customer Experience Improvement Program setting = Yes.

Reference

@abbodi86‘s conclusion

abbodi86 wrote:

Appraiser KB2952664 and Telemetry DiagTrack are built-in Windows 10 since RTM

Both KB2952664/KB3150513 are only needed for upgrade they have nothing useful for current Windows 7 (well, except providing MSFT with Appraiser statistics)

Reference

@MrBrian‘s RECOMMENDATIONS FOR REDUCING TELEMETRY (DATA COLLECTION BY MICROSOFT

MrBrian wrote:

Here are my recommendations based on my test results so far (for Windows 7 x64 computers):

If you set operating system’s Customer Experience Improvement Program setting = No, some data is still sent to Microsoft telemetry within 35 minutes after task Microsoft Compatibility Appraiser (added by KB2952664) finishes running, as shown in screenshot https://i.imgsafe.org/42b131eb08.png.

If this is unacceptable, then do at least one of the three following actions (in addition to setting operating system’s Customer Experience Improvement Program setting = No):

Action 1) In Task Scheduler, disable task Microsoft Compatibility Appraiser (located in MicrosoftWindowsApplication Experience). This also stops Microsoft Compatibility Appraiser from sometimes consuming a lot of CPU and disk resources.

And/or Action 2) In firewall or router, block traffic to DNS endpoints settings-win.data.microsoft.com and vortex-win.data.microsoft.com, or equivalent (for now anyway) IP addresses 64.4.54.253 and 64.4.54.254. To do this in Windows Firewall, see http://www.easysecurityonline.com/how-to-protect-windows-7-and-8-from-getting-windows-10-privacy-intrusions-too/. I verified that this blocks Diagnostics Tracking Service telemetry using Process Monitor.

And/or Action 3) Disable service Diagnostics Tracking Service. I verified that this stops Diagnostics Tracking Service telemetry using Process Monitor. Microsoft recommends to not disable this service at https://blogs.technet.microsoft.com/netro/2015/09/09/windows-7-windows-8-and-windows-10-telemetry-updates-diagnostic-tracking/. Third-party programs can also use this service to send telemetry.

There are advantages and disadvantages of each of the above 3 actions. I will probably do Action 2 very soon in Windows Firewall, and also Action 1 if task Microsoft Compatibility Appraiser exists on my computer in the future.

Notes:
1. It’s possible that existing or future Windows updates, or perhaps even other situations, could re-enable Microsoft Compatibility Appraiser or Diagnostics Tracking Service if they are disabled. This makes Action 2 attractive.
2. I don’t know if any of the above actions causes problems. I didn’t notice any problems during my tests though.
3. There is no guarantee that following this advice will be effective on your computer. It was effective in my tests though.
4. I don’t know if following this advice is effective on Windows 8.1. I might test Windows 8.1 if there is enough demand, or if Woody asks me to do it.

Reference More on data collection

Further reference on data collection and telemetry:

Removing telemetry
https://www.askwoody.com/2017/martin-brinkmanns-deep-dive-into-removing-telemetry-in-win7-and-8-1/

Prerequisites for KB3150513 Compatibility Updater