• 2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513

    Home » Forums » Knowledge Base » 2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513

    Author
    Topic
    #102964

    AKB 2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513

    By @PKCano

    Published 21 March 2017 rev 1.0

    Telemetry has been a part of Windows from the beginning. An example of this is the Customer Experience Improvement Program (CEIP). If the User opted into CEIP, data about the computer usage was sent to Microsoft.

    What is considered by many to be excessive data collection has been built into Win10 from the beginning. But beginning with the “Get Windows 10” (GWX) campaign, the amount of data collected from individual Win7/Win8.1 computers has greatly increased. Not only has that raised privacy concerns, but the act of collecting itself can use significant computer resources. If the data collection is done over limited (metered) connections, cost may also become a factor.

    What data is being gathered? We don’t have any idea, and don’t have any way to know, unless Microsoft suddenly decides it’s in their best interest to tell us. Don’t hold your breath. Some people think the whole thing’s overblown. Others are cautious. They don’t trust Microsoft.

    The most obviously telemetry/compatibility related patches…

    For Win7 SP1:

    KB2952664/KB3150513
    KB3021917
    KB3068708
    KB3080149
    KB3022345 (this patch has been superseded by KB3068708, so it won’t show up in a clean install. But it may still show up as installed on the computer)

    For Win7 RTM
    KB2977759/KB3150513

    For Win8.1
    KB2976978/KB3150513
    KB3044374
    KB3068708
    KB3080149

    The collection of data about PC hardware/software, and how it is used, is probably more significant to Win10 which receives major version upgrades every eight months and frequent feature changes in between. But for Win7/8.1 users, particularly those with older hardware, who have no intention of upgrading to Win10, we’ve found no correlation between increased data collection and better patches.

    Major offenders are:

    Customer Experience Improvement Program (CEIP). CEIP has been around for years. Microsoft says it collects the information about how products are used to “improve the products and features” and to “help solve problems.” Microsoft’s statement is here

    KB2952664 (Win7 SP1) Compatibility Updater
    KB2976978 (Win8.1) Compatibility Updater

    KB2977759 (Win7 RTM) Compatibility Updater

    According to Microsoft:

    This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.

    The Compatibility Updater is prerequisite for KB3150513, which provides updated configuration and definitions for the Compatibility Updater.

    According to Microsoft:

    This update provides the latest set of definitions for compatibility diagnostics that are performed on the system. The updated definitions will help enable Microsoft and its partners to ensure compatibility for all customers who want to install the latest Windows operating system. Installing this update also makes sure that the latest Windows operating system version is correctly offered through Windows Update, based on compatibility results.

    @MrBrian, one of the contributors to AskWoody, did extensive research on the effect of CEIP, with and without the Compatibility Updater installed, on Win7 SP1. His results can be found here.

    A synopsis of his findings:

    1. CEIP is voluntary and can be turned off.
    2. The Diagnostics Tracking Service sends data to Microsoft
    3. Computers without the Compatibility Updater installed and with CEIP turned off, did not experience episodes of data being sent by Diagnostics Tracking Service to Microsoft.
    4. Computers without the Compatibility Updater installed collect data to send data to Microsoft using the ProgramDataUpdater task in Task Scheduler located in Microsoft\windows\Application Experience.
    5. The installation of the Compatibility Updater adds the Microsoft Compatibility Appraiser task to the Task Scheduler and changes the action for task ProgramDataUpdater, both located in Microsoft\Windows\Application Experience.

    @MrBrian’s findings were:

    Here is the full list of what I found for Windows 7 x64 that violates the operating system’s Customer Experience Improvement Program setting:

    1. Pre-KB2952664 task ProgramDataUpdater (but not post-KB2952664 task ProgramDataUpdater) can use significant CPU and disk resources.
    2. Task Microsoft Compatibility Appraiser (from KB2952664) can use significant CPU and disk resources.
    3. Diagnostics Tracking Service sends some data to Microsoft after task Microsoft Compatibility Appraiser runs, although a lot less than compared to when the operating system’s Customer Experience Improvement Program setting = Yes.

    Reference

    @abbodi86’s conclusion

    Appraiser KB2952664 and Telemetry DiagTrack are built-in Windows 10 since RTM

    Both KB2952664/KB3150513 are only needed for upgrade they have nothing useful for current Windows 7 (well, except providing MSFT with Appraiser statistics)

    Reference

    @MrBrian’s RECOMMENDATIONS FOR REDUCING TELEMETRY (DATA COLLECTION BY MICROSOFT

    Here are my recommendations based on my test results so far (for Windows 7 x64 computers):

    If you set operating system’s Customer Experience Improvement Program setting = No, some data is still sent to Microsoft telemetry within 35 minutes after task Microsoft Compatibility Appraiser (added by KB2952664) finishes running, as shown in screenshot https://i.imgsafe.org/42b131eb08.png.

    If this is unacceptable, then do at least one of the three following actions (in addition to setting operating system’s Customer Experience Improvement Program setting = No):

    Action 1) In Task Scheduler, disable task Microsoft Compatibility Appraiser (located in MicrosoftWindowsApplication Experience). This also stops Microsoft Compatibility Appraiser from sometimes consuming a lot of CPU and disk resources.

    And/or Action 2) In firewall or router, block traffic to DNS endpoints settings-win.data.microsoft.com and vortex-win.data.microsoft.com, or equivalent (for now anyway) IP addresses 64.4.54.253 and 64.4.54.254. To do this in Windows Firewall, see http://www.easysecurityonline.com/how-to-protect-windows-7-and-8-from-getting-windows-10-privacy-intrusions-too/. I verified that this blocks Diagnostics Tracking Service telemetry using Process Monitor.

    And/or Action 3) Disable service Diagnostics Tracking Service. I verified that this stops Diagnostics Tracking Service telemetry using Process Monitor. Microsoft recommends to not disable this service at https://blogs.technet.microsoft.com/netro/2015/09/09/windows-7-windows-8-and-windows-10-telemetry-updates-diagnostic-tracking/. Third-party programs can also use this service to send telemetry.

    There are advantages and disadvantages of each of the above 3 actions. I will probably do Action 2 very soon in Windows Firewall, and also Action 1 if task Microsoft Compatibility Appraiser exists on my computer in the future.

    Notes:
    1. It’s possible that existing or future Windows updates, or perhaps even other situations, could re-enable Microsoft Compatibility Appraiser or Diagnostics Tracking Service if they are disabled. This makes Action 2 attractive.
    2. I don’t know if any of the above actions causes problems. I didn’t notice any problems during my tests though.
    3. There is no guarantee that following this advice will be effective on your computer. It was effective in my tests though.
    4. I don’t know if following this advice is effective on Windows 8.1. I might test Windows 8.1 if there is enough demand, or if Woody asks me to do it.

    Reference More on data collection

    Further reference on data collection and telemetry:

    Removing telemetry
    https://www.askwoody.com/2017/martin-brinkmanns-deep-dive-into-removing-telemetry-in-win7-and-8-1/

    Prerequisites for KB3150513 Compatibility Updater

    10 users thanked author for this post.
    Viewing 3 reply threads
    Author
    Replies
    • #103074

      @PKCano:

      Thank you for writing this article :).

      May I suggest a few corrections?

      1. A clarification of what is meant by “Compatibility Updater.”

      2. The link for “Microsoft’s statement is here” might be not what you intended.

      3. Before doing the actions that I suggested, the first thing that I recommend is to turn CEIP off. I didn’t make that clear in my post.

      4. Regarding the text “What data is being gathered? We don’t have any idea, and don’t have any way to know, unless Microsoft suddenly decides it’s in their best interest to tell us.”: I believe it’s quite likely that I did discover a method that shows what data is being sent. See https://www.askwoody.com/forums/topic/care-to-join-a-win7-snooping-test/#post-21414 for more details.

      5. “Diagnostic Tracking Service” should be spelled “Diagnostics Tracking Service”.

      I’ll review the article more in-depth later, and provide any further recommendations (if you want them.)

      MrBrian

      3 users thanked author for this post.
      • #103106

        Thanks for your input

        1. I highlighted the Compatibility Updater and the information from MS was below.

        2. The link was right at some point – it’s right again

        3. That point was made in your comment – I highlighted it to emphasize it.

        4. I added the link to that post at the bottom of your recommendations.

        5. Corrected spelling of Diagnostics Tracking Service

        You really should register. You have contributed so much information. You would really be an asset to the site.

         

        4 users thanked author for this post.
        • #103125

          Thanks for the changes :).

          (I will register after I get my email accounts consolidated.)

    • #103148

      You really should register. You have contributed so much information. You would really be an asset to the site.

      I can only subscribe to this statement.

      PS This is in relation to MrBrian’s contributions. 🙂

      1 user thanked author for this post.
    • #103185

      Good info.

      I’ve been doing all the actions MrBrian suggests for quite a long time, and some additional steps (e.g., DNS proxy resolution blacklisting of telemetry server names).

      It is effective.

      -Noel

      1 user thanked author for this post.
    • #165123

      PKCano said:

      @mrbrian
      ‘s RECOMMENDATIONS FOR REDUCING TELEMETRY (DATA COLLECTION BY MICROSOFT

      MrBrian wrote:
      2) In firewall or router, block traffic to DNS endpoints settings-win.data.microsoft.com and vortex-win.data.microsoft.com, or equivalent (for now anyway) IP addresses 64.4.54.253 and 64.4.54.254.

      For some reason, using Microsoft’s nslookup at command prompt for 64.4.54.253 & 64.4.54.254 indicates that these as non-existent domains, whereas IP-Tracker.org indicates that these are “Microsoft Bingbot” domains.

      On the other hand, nslookup for the 2 stated telemetry domains fetches the following info. The DNS server used is Google DNS.

      > nslookup settings-win.data.microsoft.com

      Name:    hk2-eap.settings.data.microsoft.com.akadns.net
      Address:  23.99.125.126,  40.77.226.249,  111.221.29.253
      Aliases:  settings-win.data.microsoft.com

      • asimov-win.settings.data.microsoft.com.akadns.net
      • geo.settings.data.microsoft.com.akadns.net
      • hk2.settings.data.microsoft.com.akadns.net

      settings-win.data.microsoft.com resolves to a different IP address (3 nos. observed so far, as shown above) when I repeat the command at different times. Meanwhile, the domain aliases remain consistent.

      > nslookup vortex-win.data.microsoft.com

      Name:    hk2.vortex.data.microsoft.com.akadns.net
      Address:  111.221.29.254
      Aliases:  vortex-win.data.microsoft.com

      • asimov-win.vortex.data.microsoft.com.akadns.net
      • geo.vortex.data.microsoft.com.akadns.net

      The domain aliases for vortex-win.data.microsoft.com stay the same, but I manage to obtain only 1 IP address (as above) so far.

      1 user thanked author for this post.
    Viewing 3 reply threads
    Reply To: 2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: