![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513
Home › Forums › Knowledge Base › 2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513
Tagged: DiagTrack, KB 2952664, KB 2976978, KB 3150513, snooping, telemetry, Win7, win8.1
- This topic has 6 replies, 4 voices, and was last updated 2 years, 11 months ago by
anonymous.
Viewing 4 reply threads-
AuthorPosts
-
-
March 20, 2017 at 8:50 pm #102964
PKCano
ManagerAKB 2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513
By @PKCano
Published 21 March 2017 rev 1.0
Telemetry has been a part of Windows from the beginning. An example of this is the Customer Experience Improvement Program (CEIP). If the User opted into CEIP, data about the computer usage was sent to Microsoft.
What is considered by many to be excessive data collection has been built into Win10 from the beginning. But beginning with the “Get Windows 10” (GWX) campaign, the amount of data collected from individual Win7/Win8.1 computers has greatly increased. Not only has that raised privacy concerns, but the act of collecting itself can use significant computer resources. If the data collection is done over limited (metered) connections, cost may also become a factor.
What data is being gathered? We don’t have any idea, and don’t have any way to know, unless Microsoft suddenly decides it’s in their best interest to tell us. Don’t hold your breath. Some people think the whole thing’s overblown. Others are cautious. They don’t trust Microsoft.
The most obviously telemetry/compatibility related patches…
For Win7 SP1:
KB2952664/KB3150513
KB3021917
KB3068708
KB3080149
KB3022345 (this patch has been superseded by KB3068708, so it won’t show up in a clean install. But it may still show up as installed on the computer)For Win7 RTM
KB2977759/KB3150513For Win8.1
KB2976978/KB3150513
KB3044374
KB3068708
KB3080149The collection of data about PC hardware/software, and how it is used, is probably more significant to Win10 which receives major version upgrades every eight months and frequent feature changes in between. But for Win7/8.1 users, particularly those with older hardware, who have no intention of upgrading to Win10, we’ve found no correlation between increased data collection and better patches.
Major offenders are:
Customer Experience Improvement Program (CEIP). CEIP has been around for years. Microsoft says it collects the information about how products are used to “improve the products and features” and to “help solve problems.” Microsoft’s statement is here
KB2952664 (Win7 SP1) Compatibility Updater
KB2976978 (Win8.1) Compatibility Updater
KB2977759 (Win7 RTM) Compatibility UpdaterAccording to Microsoft:
This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.
The Compatibility Updater is prerequisite for KB3150513, which provides updated configuration and definitions for the Compatibility Updater.
According to Microsoft:
This update provides the latest set of definitions for compatibility diagnostics that are performed on the system. The updated definitions will help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system. Installing this update also makes sure that the latest Windows operating system version is correctly offered through Windows Update, based on compatibility results.
@MrBrian, one of the contributors to AskWoody, did extensive research on the effect of CEIP, with and without the Compatibility Updater installed, on Win7 SP1. His results can be found here.
A synopsis of his findings:
1. CEIP is voluntary and can be turned off.
2. The Diagnostics Tracking Service sends data to Microsoft
3. Computers without the Compatibility Updater installed and with CEIP turned off, did not experience episodes of data being sent by Diagnostics Tracking Service to Microsoft.
4. Computers without the Compatibility Updater installed collect data to send data to Microsoft using the ProgramDataUpdater task in Task Scheduler located in Microsoft\windows\Application Experience.
5. The installation of the Compatibility Updater adds the Microsoft Compatibility Appraiser task to the Task Scheduler and changes the action for task ProgramDataUpdater, both located in Microsoft\Windows\Application Experience.@MrBrian‘s findings were:
Here is the full list of what I found for Windows 7 x64 that violates the operating system’s Customer Experience Improvement Program setting:
- Pre-KB2952664 task ProgramDataUpdater (but not post-KB2952664 task ProgramDataUpdater) can use significant CPU and disk resources.
- Task Microsoft Compatibility Appraiser (from KB2952664) can use significant CPU and disk resources.
- Diagnostics Tracking Service sends some data to Microsoft after task Microsoft Compatibility Appraiser runs, although a lot less than compared to when the operating system’s Customer Experience Improvement Program setting = Yes.
@abbodi86‘s conclusion
Appraiser KB2952664 and Telemetry DiagTrack are built-in Windows 10 since RTM
Both KB2952664/KB3150513 are only needed for upgrade they have nothing useful for current Windows 7 (well, except providing MSFT with Appraiser statistics)
@MrBrian‘s RECOMMENDATIONS FOR REDUCING TELEMETRY (DATA COLLECTION BY MICROSOFT
Here are my recommendations based on my test results so far (for Windows 7 x64 computers):
If you set operating system’s Customer Experience Improvement Program setting = No, some data is still sent to Microsoft telemetry within 35 minutes after task Microsoft Compatibility Appraiser (added by KB2952664) finishes running, as shown in screenshot https://i.imgsafe.org/42b131eb08.png.
If this is unacceptable, then do at least one of the three following actions (in addition to setting operating system’s Customer Experience Improvement Program setting = No):
Action 1) In Task Scheduler, disable task Microsoft Compatibility Appraiser (located in MicrosoftWindowsApplication Experience). This also stops Microsoft Compatibility Appraiser from sometimes consuming a lot of CPU and disk resources.
And/or Action 2) In firewall or router, block traffic to DNS endpoints settings-win.data.microsoft.com and vortex-win.data.microsoft.com, or equivalent (for now anyway) IP addresses 64.4.54.253 and 64.4.54.254. To do this in Windows Firewall, see http://www.easysecurityonline.com/how-to-protect-windows-7-and-8-from-getting-windows-10-privacy-intrusions-too/. I verified that this blocks Diagnostics Tracking Service telemetry using Process Monitor.
And/or Action 3) Disable service Diagnostics Tracking Service. I verified that this stops Diagnostics Tracking Service telemetry using Process Monitor. Microsoft recommends to not disable this service at https://blogs.technet.microsoft.com/netro/2015/09/09/windows-7-windows-8-and-windows-10-telemetry-updates-diagnostic-tracking/. Third-party programs can also use this service to send telemetry.
There are advantages and disadvantages of each of the above 3 actions. I will probably do Action 2 very soon in Windows Firewall, and also Action 1 if task Microsoft Compatibility Appraiser exists on my computer in the future.
Notes:
1. It’s possible that existing or future Windows updates, or perhaps even other situations, could re-enable Microsoft Compatibility Appraiser or Diagnostics Tracking Service if they are disabled. This makes Action 2 attractive.
2. I don’t know if any of the above actions causes problems. I didn’t notice any problems during my tests though.
3. There is no guarantee that following this advice will be effective on your computer. It was effective in my tests though.
4. I don’t know if following this advice is effective on Windows 8.1. I might test Windows 8.1 if there is enough demand, or if Woody asks me to do it.Reference More on data collection
Further reference on data collection and telemetry:
Removing telemetry
https://www.askwoody.com/2017/martin-brinkmanns-deep-dive-into-removing-telemetry-in-win7-and-8-1/Prerequisites for KB3150513 Compatibility Updater
10 users thanked author for this post.
-
March 21, 2017 at 1:53 pm #103074
anonymous
GuestThank you for writing this article :).
May I suggest a few corrections?
1. A clarification of what is meant by “Compatibility Updater.”
2. The link for “Microsoft’s statement is here” might be not what you intended.
3. Before doing the actions that I suggested, the first thing that I recommend is to turn CEIP off. I didn’t make that clear in my post.
4. Regarding the text “What data is being gathered? We don’t have any idea, and don’t have any way to know, unless Microsoft suddenly decides it’s in their best interest to tell us.”: I believe it’s quite likely that I did discover a method that shows what data is being sent. See https://www.askwoody.com/forums/topic/care-to-join-a-win7-snooping-test/#post-21414 for more details.
5. “Diagnostic Tracking Service” should be spelled “Diagnostics Tracking Service”.
I’ll review the article more in-depth later, and provide any further recommendations (if you want them.)
MrBrian
-
March 21, 2017 at 1:59 pm #103106
PKCano
ManagerThanks for your input
1. I highlighted the Compatibility Updater and the information from MS was below.
2. The link was right at some point – it’s right again
3. That point was made in your comment – I highlighted it to emphasize it.
4. I added the link to that post at the bottom of your recommendations.
5. Corrected spelling of Diagnostics Tracking Service
You really should register. You have contributed so much information. You would really be an asset to the site.
-
March 21, 2017 at 2:26 pm #103125
-
-
-
March 21, 2017 at 3:37 pm #103148
ch100
AskWoody_MVPYou really should register. You have contributed so much information. You would really be an asset to the site.
I can only subscribe to this statement.
PS This is in relation to MrBrian’s contributions. 🙂
1 user thanked author for this post.
-
March 21, 2017 at 6:54 pm #103185
Noel Carboni
AskWoody_MVP -
February 5, 2018 at 7:54 pm #165123
anonymous
GuestPKCano said:
@mrbrian‘s RECOMMENDATIONS FOR REDUCING TELEMETRY (DATA COLLECTION BY MICROSOFTMrBrian wrote:
2) In firewall or router, block traffic to DNS endpoints settings-win.data.microsoft.com and vortex-win.data.microsoft.com, or equivalent (for now anyway) IP addresses 64.4.54.253 and 64.4.54.254.For some reason, using Microsoft’s nslookup at command prompt for 64.4.54.253 & 64.4.54.254 indicates that these as non-existent domains, whereas IP-Tracker.org indicates that these are “Microsoft Bingbot” domains.
On the other hand, nslookup for the 2 stated telemetry domains fetches the following info. The DNS server used is Google DNS.
> nslookup settings-win.data.microsoft.com
Name: hk2-eap.settings.data.microsoft.com.akadns.net
Address: 23.99.125.126, 40.77.226.249, 111.221.29.253
Aliases: settings-win.data.microsoft.com- asimov-win.settings.data.microsoft.com.akadns.net
- geo.settings.data.microsoft.com.akadns.net
- hk2.settings.data.microsoft.com.akadns.net
settings-win.data.microsoft.com resolves to a different IP address (3 nos. observed so far, as shown above) when I repeat the command at different times. Meanwhile, the domain aliases remain consistent.
> nslookup vortex-win.data.microsoft.com
Name: hk2.vortex.data.microsoft.com.akadns.net
Address: 111.221.29.254
Aliases: vortex-win.data.microsoft.com- asimov-win.vortex.data.microsoft.com.akadns.net
- geo.vortex.data.microsoft.com.akadns.net
The domain aliases for vortex-win.data.microsoft.com stay the same, but I manage to obtain only 1 IP address (as above) so far.
1 user thanked author for this post.
-
-
AuthorPosts
Viewing 4 reply threads - This topic has 6 replies, 4 voices, and was last updated 2 years, 11 months ago by
-
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
mn-- on Which version of MS Office should we buy and where can we get it?
6 minutes agoTony H on Which version of MS Office should we buy and where can we get it?
10 minutes agoRoger on Which version of MS Office should we buy and where can we get it?
19 minutes agoDrcard:)) on How to put a picture ("Avatar") on your replies
21 minutes agoOscarCP on Apple to block sideloading iOS apps on M1
56 minutes agoMele20 on Giving you the choice
1 hour, 11 minutes agoWSila on Laptop with home and work networks
1 hour, 18 minutes agoWSila on Laptop with home and work networks
1 hour, 20 minutes agoMele20 on Winaero Tweaker with W10 Improvements
1 hour, 41 minutes agoOscarCP on What Linux is and why it has persisted
2 hours, 56 minutes agoAlex5723 on Iphone updating to new version when auto updates turned off?
3 hours, 10 minutes agodoriel on What Linux is and why it has persisted
3 hours, 16 minutes agoPaul T on So I opened up an HP and where’s the hard drive?
3 hours, 24 minutes agoAlex5723 on Apple to block sideloading iOS apps on M1
3 hours, 25 minutes agoAlex5723 on So I opened up an HP and where’s the hard drive?
3 hours, 33 minutes agoAlex5723 on Hard Drive at 100% usage
3 hours, 35 minutes agomn-- on What Linux is and why it has persisted
3 hours, 36 minutes agodoriel on What Linux is and why it has persisted
4 hours, 9 minutes agoPaul T on So I opened up an HP and where’s the hard drive?
4 hours, 10 minutes agob on Hard Drive at 100% usage
4 hours, 24 minutes agoMicrofix on Winaero Tweaker with W10 Improvements
4 hours, 42 minutes agoMoonshine on Using Windows 10 Backup Option
4 hours, 48 minutes agoOscarCP on What Linux is and why it has persisted
5 hours, 12 minutes agoPaul T on Extra USB Sound driver?
5 hours, 13 minutes agoAlex5723 on Hard Drive at 100% usage
5 hours, 25 minutes agoPaul T on Accessing Old Laptop HD
5 hours, 27 minutes agoOscarCP on Fiber optic not available; options please
5 hours, 30 minutes agoAlex5723 on Best W10-Pro updater program ?
5 hours, 39 minutes agoPaul T on Best W10-Pro updater program ?
5 hours, 41 minutes agomn-- on What Linux is and why it has persisted
5 hours, 42 minutes ago
Recent Topics
-
System Restore Stopped Working
3 hours, 2 minutes ago
-
Malwarebytes was targeted by SolarWinds hackers too
5 hours, 58 minutes ago
-
So I opened up an HP and where’s the hard drive?
3 hours, 25 minutes ago
-
Which version of MS Office should we buy and where can we get it?
7 minutes ago
-
Fiber optic not available; options please
5 hours, 31 minutes ago
-
Best W10-Pro updater program ?
5 hours, 40 minutes ago
-
Accessing Old Laptop HD
5 hours, 28 minutes ago
-
DNSpooq lets attackers poison DNS cache – A Patch
18 hours, 11 minutes ago
-
Nitro data breach – what does it mean to me?
6 hours, 48 minutes ago
-
Check Point : “FreakOut” malware exploits new Linux vulnerabilities
18 hours, 53 minutes ago
-
How to STOP Outlook Hotmail config forcing signin to Office 2019
19 hours, 11 minutes ago
-
Permission on public desktop gets reset
20 hours, 12 minutes ago
-
Surface Pro 4 & Win v2004 update fail
19 hours, 7 minutes ago
-
Extra USB Sound driver?
5 hours, 14 minutes ago
-
PNY Flash Drive Problem
21 hours, 39 minutes ago
-
Windows 10 bug crashes your PC when you access this location
1 day, 18 hours ago
-
Doesn’t like external FAT32 HDD
1 day, 5 hours ago
-
Why won’t Task Scheduler launch Office product
12 hours, 25 minutes ago
-
Susan recommending version 2004
1 day, 12 hours ago
-
Replace Images for Text in Word
1 day, 20 hours ago
-
Windows 10 internet connection freezes
1 day, 3 hours ago
-
Windows Defender In Win 10 Concern
5 hours, 51 minutes ago
-
Laptop with home and work networks
1 hour, 18 minutes ago
-
Top 40+ iOS 14 Tips and Tricks
2 days, 2 hours ago
-
What Linux is and why it has persisted
2 hours, 56 minutes ago
-
Find the cable modem that’s just right for your ISP
10 hours, 23 minutes ago
-
Four GB of RAM vanishes … but then reappears
5 hours, 58 minutes ago
-
Wow! Even more Office updates!
1 day, 16 hours ago
-
Hard Drive at 100% usage
3 hours, 36 minutes ago
-
Checking e-mail attachments with VirusTotal
2 days, 16 hours ago
Search for Topics
Recent blog posts
- So I opened up an HP and where’s the hard drive?
- What Linux is and why it has persisted
- Find the cable modem that’s just right for your ISP
- Four GB of RAM vanishes … but then reappears
- Wow! Even more Office updates!
- Giving you the choice
- Tasks for the weekend – January 16, 2021
- Zero day Windows 10 bug
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.