News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • How much telemetry is going out with this month’s “Security-only” Win7 patch?

    Home Forums AskWoody blog How much telemetry is going out with this month’s “Security-only” Win7 patch?

    This topic contains 80 replies, has 27 voices, and was last updated by  rc primak 3 days, 21 hours ago.

    • Author
      Posts
    • #1898552 Reply

      woody
      Da Boss

      Interesting question from Susan Bradley: https://twitter.com/SBSDiva/status/1156433770750205952 Faucet drip level – or firehose? Anybody want to take
      [See the full post at: How much telemetry is going out with this month’s “Security-only” Win7 patch?]

      2 users thanked author for this post.
    • #1898734 Reply

      bobcat5536
      AskWoody Plus

      Is the telemetry going to be in the group A monthly roll up or group B, or both ?

      • #1898757 Reply

        PKCano
        Da Boss

        The telemetry (KB2952664 functionality = Compatibility Appraiser) was rolled into the Rollup Preview in Sept. 2018 and into the Monthly Rollup in Oct 2018 – has been there for a while.

        The July 2019 Security-only Update (Group B) is the first time (that we know of) that the Compatibility Appraiser has been included int the (no longer) Security-only patch.

        6 users thanked author for this post.
    • #1898749 Reply

      BobT
      AskWoody Lounger

      Thanks for the investigation, but any amount is “too much” in a SECURITY ONLY patch.

      Stopped installing patches from June, and no this kinda stuff actually puts me off moving to Windows 10 even more..

      Don’t care what they think and what their EULA says, my PC is my PERSONAL COMPUTER, I say what goes on it, and dodgy tricks make me even less likely to give enough trust to installing anything else.

      FOr many of us, support has ended 6 months early.

      • This reply was modified 3 weeks, 1 day ago by  BobT.
      10 users thanked author for this post.
      • #1898760 Reply

        woody
        Da Boss

        I agree with your sentiment, but want to establish that we’re seeing more than just the ability to send telemetry and the scheduled tasks to make it happen (both of which are known to be included in the July “Security-only” patch).

        How big a beast are we talking about?

        5 users thanked author for this post.
      • #1899057 Reply

        Susan Bradley
        AskWoody MVP

        If telemetry is there to tell Microsoft that your machine didn’t blue screen Is that too much?  Seriously if a level of telemetry is there to give MS feedback on the quality of updates so that you don’t have to suffer through bad updates and even worse support experience why is that a bad thing?

        As an aside I thought this wasn’t the first time telemetry updates were included in security updates but I’m trying to find that post.

        You leak data on the web now.  Chrome leaks it.  Firefox leaks it.  It helps developers know when crashes are occurring and to fix their software.  Why is this evil?

         

        Susan Bradley Patch Lady

        4 users thanked author for this post.
        • #1899230 Reply

          PKCano
          Da Boss

          See #1898757. Monthly Rollups are Security updates, but not Security-only updates.

          1 user thanked author for this post.
        • #1899306 Reply

          Alex5723
          AskWoody Plus

          Seriously if a level of telemetry is there to give MS feedback on the quality of updates so that you don’t have to suffer through bad updates and even worse support experience why is that a bad thing?

          @susan, you are dreaming when you think that 1. Microsoft cares about its users. 2. That these are Microsoft’s real intentions for Telemetry. For example : why Microsoft does scan every media file on Windows OS and sends the list vis Telemetry? what does this has to do with “better” support ?
          Microsoft knows exactly how many users use Office vs LibreOffice vs Google Docs vs… How many users use none. How many users use VLC vs MPC-HC vs… How many use OneDrive vs Google Drive vs iCloud…In short, Microsoft has each user’s list of software and this is worth $Billions to Microsoft and 3rd party software vendors with whom Microsoft shares its data.

          7 users thanked author for this post.
        • #1899330 Reply

          abbodi86
          AskWoody_MVP

          I guess if they were little more transparent and announced that, it would be understandable somehow

          btw, most added appraiser files are from Windows 10 build 18362 (1903)
          why would Windows 7 need those to check current status?

          you probably mean KB3121461, which was a security update for the Compatibility Appraiser (aka KB2952664, KB2976978)

          3 users thanked author for this post.
          • #1899419 Reply

            Susan Bradley
            AskWoody MVP

            It would be nice if we had official reasons rather than guessing.  My guess – some enterprise who uses security only patches needs the data in their rollout/rollup to Windows 10 for analyzing if something is compatible.

            Yes I do think that Microsoft cares about “users”.  Granted these days those “users” may be Enterprise users, but I know enough good people at Microsoft to understand and know that they aren’t inherently evil.  They have good intentions and good reasons.  Generally speaking and especially in the Security department they want to keep Microsoft customers safe.  They may (are) be heavy handed about it.

            Susan Bradley Patch Lady

            4 users thanked author for this post.
            • #1900182 Reply

              woody
              Da Boss

              I think an official announcement along the lines of “We’re starting to collect telemetry with Security-only patches because blah blah blah” would be a foregone conclusion.

              Part of the problem with the debate over whether MS is benevolent or malicious is that MS isn’t a monolith. There are many, many, many good people at MS. Always have been. But some of the people who make the decisions don’t make the right decisions, some of the time.

              It’s up to us cackling geese to raise the alarm.

              7 users thanked author for this post.
        • #1899363 Reply

          GreatAndPowerfulTech
          AskWoody Lounger

          As far as I know, Microsoft has never stated that they only collect telemetry on crashes and their causes. They’re too cagey to trust. As Reagan said, trust but verify. How do we do either with todays Windows?

          GreatAndPowerfulTech

          3 users thanked author for this post.
        • #1899389 Reply

          anonymous

          Big tech companies have a recurring habit of collecting more data than they need for their advertised reasons, and often more data than anyone would comfortably let them have (see recent topic on Apple and Siri). When caught out, they reply with an unconvincing “oops”.

          4 users thanked author for this post.
        • #1899916 Reply

          UncleRemus83
          AskWoody Lounger

          If telemetry is there to tell Microsoft that your machine didn’t blue screen Is that too much?  Seriously if a level of telemetry is there to give MS feedback on the quality of updates so that you don’t have to suffer through bad updates and even worse support experience why is that a bad thing?

          As an aside I thought this wasn’t the first time telemetry updates were included in security updates but I’m trying to find that post.

          You leak data on the web now.  Chrome leaks it.  Firefox leaks it.  It helps developers know when crashes are occurring and to fix their software.  Why is this evil?

           

          You are completely missing the point.  If you are naive enough to trust a soulless giant corporation with your private data (and lets be clear, you have no idea what all they’re collecting on you, only vague descriptions of some of what it may be), fine.  Just give ME an option to turn it off.  Why is that so difficult?

          10 users thanked author for this post.
        • #1899949 Reply

          anonymous

          The question is, can you tell us for certain that only “the machine did not blue screen” data was sent or an update install is completed successfully data was sent?

          Why must Microsoft add telemetry to our “personal computers” when that telemetry can be added to the installation program itself to report if the install was performed successfully or not? Why isn’t there an opt-out to this computer related telemetry? Why is Microsoft so tight lipped about what is being sent and not more transparent?

          These are questions we at Woody’s have. This is *why* we are at Woodys instead of some other forum that caters to these issues, finding justification with an “it’s only smoke, there isn’t any fire, keep working” response. Even Woody said “How big a beast are we talking about?” Thank you Woody, for thinking about that and wanting to know.

          The whole concept of AskWoody is the attitude of, “I am not sure about that, let’s investigate”. When it is hard to get an answer or that answer is not clear, we start to wonder what is happening here. Reagan said, “trust but verify”. Our attitude is more like, “uuuhh I don’t know about that. Let me look into this.”

          It is thanks to many AskWoody MVPs (PKC, Abbodi86, Microfix, Kirsty, etc.) and people like Günter Born, Martin Brinkman and others, that look deeper into what is taking place. This is why I wait for woody to give his advice and not anyone else.

          I would prefer Microsoft act like Mozilla in that if there is a crash, it asks you if you want to send a crash report. That too can be turned off in a checkbox or a config file.

          And yes Google Chrome does have a lot of telemetry and makes it harder to delete browsing history, so that is why I don’t use it.

          5 users thanked author for this post.
        • #1900267 Reply

          anonymous

          Susan: It’s a bad thing if don’t choose to send it. It’s also a bad thing if any system resources are used to collect it if I don’t want to allow it. And it’s definitely a very bad thing if it happens for any other purpose than a crash and includes anything other than data strictly relevant to the crash. And the compatibility appraiser seems to have nothing whatsoever to do with collecting crash data.

          — Cavalary

          5 users thanked author for this post.
        • #1900473 Reply

          FakeNinja
          AskWoody Lounger

          I really don’t buy this argument. Microsoft doesn’t just collect information about whether or not you get a blue screen or not, they collect information about what processes that caused it, meaning they will know what programs I have open, do you want them to have this information? Because I don’t. They also collect memory dumps meaning they can even see at least fractions of what we are doing on our computers. Are you okay with this? Is it okay because “oh everyone else does it as well”? You are aware that Microsoft has shipped operating systems before Windows 10 without using telemetry that turned out very stable, right? The difference now is that they earn money from their users data, back in the XP/7 days, Microsoft relied on people buying their products, now they are literally giving it away for free, and if you use a pirated copy, nothing even happens, because they earn money from you anyway.

          2 users thanked author for this post.
      • #1899058 Reply

        Susan Bradley
        AskWoody MVP

        And it hasn’t been investigated.  I don’t have a security only Windows 7 to test this on ergo my question.  Everyone is up in arms that there’s telemetry patching in the July updates…but are they really sending data back?

        In this era of fake news, let’s get facts.

        Susan Bradley Patch Lady

        5 users thanked author for this post.
        • #1900190 Reply

          woody
          Da Boss

          I’m in the same boat – I don’t have a machine (or even a VM) set up with Security-only patches…

        • #1900274 Reply

          anonymous

          Doesn’t matter. If those files and tasks appear after the update and they weren’t there before, it’s not a security-only update, because their presence is not required to plug a known security vulnerability, it’s data collection tools sneakily shoved down the throats of those specifically wanting to avoid them.

          3 users thanked author for this post.
        • #1902592 Reply

          anonymous

          We don’t know. But, since we don’t know, it only makes sense from a security perspective to assume the worst. And thus those who are security minded are going to go out of their way to block the telemetry.

          If Microsoft would be transparent, providing both a statement on what they are collecting and why, and a way to verify at least the first part, it would work out a lot better.

          There’s also the fundamental issue of not providing what was promised. These were supposed to be security-only updates. as such, no telemetry should be included in that. Security-only means nothing but security.

          If they felt they needed telemetry for some sort of security purpose, it still would be proper for it to be a separate update, since what was promised in the security-only updates was the ability to maintain the previous “install what you need” paradigm.

          When you’re breaking promises and bundling unwanted “features,” that goes a long way towards eroding trust.

          And if you don’t trust Microsoft, then you don’t want them collecting telemetry. You want to cut out the very possibility they can do so.

    • #1898766 Reply

      anonymous

      If that telemetry is in a Security Only update then I’m skipping that update and on to the next month where if there is more telemetry in any Security Only update that  update will get skipped as well.

      Security Only updates need to be Security Only and any patches of any telemetry related code needs to be made in a different KB/patch. Folks doing the Security Only Patching for Windows 7, and 8/8.1, are doing so for the very reason that there are Security Only patching options.

      And there should be no plausible deniability from MS that appears to be cheating the Security Only update system by stating that the telemetry code itself needs a security patch and then shoving a full blown telemetry update down the end users’ throats in the name of “Security”! Folks doing the security only patching should never need to patch what by the very definition of Security Only should never have been installed on their systems with MS “needing” to patch any telemetry code that should never be present if the user has been following that Security Only updating system closely since fall 2016.

      2 users thanked author for this post.
    • #1898799 Reply

      woody
      Da Boss

      Worth noting that many of these observations are addressed in

      https://www.computerworld.com/article/3216425/microsoft-patch-alert-welcome-to-the-upside-down.html

      4 users thanked author for this post.
    • #1899237 Reply

      GoneToPlaid
      AskWoody Plus

      My Win7 computers are Group B. I will do my weekly backups Friday night. Then I will install and test the July security only update.

      6 users thanked author for this post.
      • #1900191 Reply

        woody
        Da Boss

        Looking forward to the report!

        If the telemetry’s just a trickle, I’m OK with the result – but not with the sneaky way it was distributed.

        If it’s a full-on fire hose — full Win7 telemetry — it’s a different story.

        1 user thanked author for this post.
    • #1899262 Reply

      anonymous

      ? says:

      thank you PatchLady,

      who knows? microsoft collects “telemetry” from my IE “SmartScreenFilter” and MSE which i accept in return for their “protection” but baking whatever they really collect into a SECURTIY ONLY monthly patch is crossing a line (for me at least). maybe all the “data” collection is perfectly ok for millenial minded folks (don’t mean to offend) you know the ones who really don’t understand what is going on behind the curtain and\or don’t care as long as everything “works”. MrBrian (haven’t seen him for a while here) ran tests on “telemetry” a few years ago and reported it here at ask woody:

      Care to join a Win7 snooping test?

      so does it really matter how much?

      2 users thanked author for this post.
    • #1899427 Reply

      Sueska
      AskWoody Plus

      I do not run wireshark, but did a pre (and post) check on scheduled tasks when installing the security only July update for Windows 7. I reviewed the following scheduled tasks, those under PerfTrack, Customer Experience, and Application Experience. I had all tasks under those categories disabled. Post install I rechecked to see if any of the tasks were re-enabled. Nothing was re-enabled under PerfTrack and Customer Experience. Two items under Application Experience were re-enabled 1) Compatibility Appraiser and 2) Program Data Updater (The AitAgent under App Experience remained disabled) I re-disabled the Compatibility Appraiser and Program Data Updater tasks and they remain disabled for now. Hope is somewhat helpful.

      13 users thanked author for this post.
      • #1903224 Reply

        L95
        AskWoody Plus

        I have Windows 7 and I’m not sure I’ll be able to disable the “new scheduled tasks” as recommended by Woody in his ComputerWorld DEFCON-4 posting of August 2, 2019.  This is because my Task Scheduler doesn’t seem to be working properly,  but I don’t know for sure,  because I’ve never used Task Scheduler before.   I contacted Woody by e-mail, and he responded that PKCano is his expert on this, and that I should post my problem on the website.  When I opened up Task Scheduler for the first time (and all subsequent times), it says “The selected task “0” no longer exists. To see the current tasks, click refresh”. But when I click “refresh”, I get that same message all over again. Also, I’m not able to follow the instructions of AJNorth of August 3, 2019  at 10:31 PM shown in the postings in the DEFCON-4 topic at  https://www.askwoody.com/forums/topic/ms-defcon-4-time-to-get-the-july-2019-patches-installed   because the word “Microsoft” does not appear in the white rectangular box on the left as AJNorth says it should. The only thing that appears in that box is the Task Scheduler Library. When I expand the Library, it contains four scheduled tasks, all of which appear to be associated with updating my antivirus program, Adobe Reader, and Google Chrome browser. But I don’t see any of the things discussed by AJNorth on August 3rd. However, I haven’t installed KB4507456 yet, and so maybe they will appear once I install KB4507456. But I’m hesitant to install KB4507456 until I’m sure the Task Scheduler is working properly. So can someone please give me some advice on what I should do? I’m hoping that PKCano can respond, because Woody says he’s an expert on this.

        • This reply was modified 2 weeks, 4 days ago by  L95.
        • #1903235 Reply

          PKCano
          Da Boss

          Please create a topic under the “Questions Windows 7” Forum.
          Title it something like “How do I use Task Scheduler in Windows 7?”
          Include information how you have been patching (Group A or Group B)
          And explain what you need to use Task Scheduler for.

          Giving you the instructions would be off topic in this thread.
          We can answer your questions there.

          2 users thanked author for this post.
          • #1903620 Reply

            L95
            AskWoody Plus

            Thanks,  PKCano.   I did as you suggested,  and posted it in the Windows 7 Questions Forum.   I will appreciate if you could respond there.

            1 user thanked author for this post.
    • #1899528 Reply

      anonymous

      Is this type of alternative a solution to the telemetry vs vulnerability conundrum?

      https://0patch.com/

      • #1901168 Reply

        woody
        Da Boss

        0patch is a great company, and everything I’ve seen from them works well, but…

        (You knew there would be a “but,” right?)

        Installing one-off patches from non-Microsoft sources is inherently risky. You need to decide for yourself if that risk is greater than the risk of  installing the Microsoft patch (when it eventually appears) or not patching altogether.

        2 users thanked author for this post.
        • #1901353 Reply

          anonymous

          Yeah, always a but.

          Patch free here since spectre patches rolled out.

          A 3rd party going to the trouble of putting out patches to avoid the microsoft ones speaks volumes, IF their intentions are honorable.

    • #1899985 Reply

      ek
      AskWoody Lounger

      If telemetry is there to tell Microsoft that your machine didn’t blue screen Is that too much?  Seriously if a level of telemetry is there to give MS feedback on the quality of updates so that you don’t have to suffer through bad updates and even worse support experience why is that a bad thing?

      As an aside I thought this wasn’t the first time telemetry updates were included in security updates but I’m trying to find that post.

      You leak data on the web now.  Chrome leaks it.  Firefox leaks it.  It helps developers know when crashes are occurring and to fix their software.  Why is this evil?

       

      I get what you are saying, and maybe 20 years ago it would be passable.  But not in today’s world.

      Just because so many entities on the web currently leak & slurp up user data doesn’t mean consumers should just relent and let it happen to them.  In fact the notion of “user data rights” is enjoying growing public support, evidenced by what Facebook/Google/Apple/etc are dealing with right now.  MS should be on that list too, as they seem to be flying under consumer privacy/data radar since Win 10 launched.  I remain hopeful.

      Regardless of operating system, I require the option to turn updates on/off whenever I wish and opt out of telemetry for as long as I want.  Nothing less.

       

      4 users thanked author for this post.
    • #1900000 Reply

      mn–
      AskWoody Lounger

      To be honest, Microsoft was possibly going to have to include some of those parts at some point. As in if they ever found any security issues in the telemetry components.

      Because, the security-only patch also needs to apply to installations that already have installed one of the intermediate rollups with telemetry but not the latest rollup.

      The right thing would’ve been to only update those parts IF the telemetry base component was already installed, and not change enable/disable state, but…

      1 user thanked author for this post.
    • #1900383 Reply

      BobT
      AskWoody Lounger

      If telemetry is there to tell Microsoft that your machine didn’t blue screen Is that too much?  Seriously if a level of telemetry is there to give MS feedback on the quality of updates so that you don’t have to suffer through bad updates and even worse support experience why is that a bad thing?

      As an aside I thought this wasn’t the first time telemetry updates were included in security updates but I’m trying to find that post.

      You leak data on the web now.  Chrome leaks it.  Firefox leaks it.  It helps developers know when crashes are occurring and to fix their software.  Why is this evil?

       

      It’s evil because of the sneaky way of doing it, and MY COMPUTER, MY CHOICE. I do absolutely agree with finding out just how much though (even though any amount is “too much”), as knowledge is power.

      Hypothetically, I’m sure the benevolent company Amazon would just love to “assess” my house to ensure a “smooth delivery experience” too, of course how nice and non-evil of them it would be to help me out with that, all off their own backs, if they gave me the option (and made it VERY clear what it entailed) then, no problem. (I’d say no, but still).

      However, it would be another story altogether if the next time I had a delivery from them, their deliveryman forged a key to my house (unbeknown to myself), and then let themselves in while I was out or upstairs, having a good snoop round, categorising everything, taking pictures, sending it all back to Amazon HQ for them to sort through and optimise my deliveries and make sure no delivery man would ever hurt himself coming to my door etc (though how the contents of my house would affect that, no idea, but besides the point, it’s all to help me of course!).

      Everyone else is doing it too! Rando’s peeping in my windows, and burglers would just break in if they wanted as well, so what’s wrong with Amazon doing the same, eh? The couple down the street don’t mind at all, too, they even installed Amazon cameras inside their house as well! So why should ‘I’ feel any different? It’s just what everyone’s doing now, so that makes it ok!

      Now I’d probably just be paranoid if I thought they’d really sent all that data off to a foreign country (with potentially untrustworthy staff) to be manually examined and sorted through. The type of door and lock I have, whether I have steps or not, and everything inside my house of course. I’d likely especially be paranoid if they were found to then be selling all that information on to advertisers and who knows what dodgy company. But nahh, they couldn’t possibly only be focused on MAKING MONEY from this sort of thing could they?

      …Could they?

      The Sun discovered earlier this week that an English-speaking Amazon team in Bucharest, Romania, monitors thousands of Alexa recordings — and has heard private moments including family rows, money and health discussions — and couples “making love”.
      https://www.mirror.co.uk/tech/amazon-staff-listen-users-having-18798294

      Amazon reportedly employs thousands of people to listen to your Alexa conversations.
      https://edition.cnn.com/2019/04/11/tech/amazon-alexa-listening/index.html

      Ring used its Ukrainian “data operators” as a crutch for its lackluster artificial intelligence efforts, manually tagging and labeling objects in a given video as part of a “training” process to teach software with the hope that it might be able to detect such things on its own in the near future.
      https://theintercept.com/2019/01/10/amazon-ring-security-camera/

      Erm.. Well I’m sure it’s not for evil purposes!

      At the time the Ukrainian access was provided, the video files were left unencrypted, the source said, because of Ring leadership’s “sense that encryption would make the company less valuable.

      …Oh.

      Either way even if Amazon were being absolutely benevolent and ONLY using all this data to “help my experience”, it’s besides the point isn’t it, because it’s MY HOUSE! It’s not up to some random company to decide what is “ok” or “not evil” when it comes to invading my privacy, and tampering with my own personal possessions or data without my knowledge, or worse, explicitly telling me they’re NOT doing so (“Security ONLY”), but then doing it anyway.

      So in conclusion the actual result matters not (though thanks for investigating anyway), it’s the principle that matters. Why do people trust corporations so much with their own personal stuff? I grew up being told to never share your personal info or real name etc online, and now everything “encourages” you to do so, as well as loads of other personal stuff, all for “benevolent” reasons, of course.

      Either way, my house, my personal computer, my data. Give me a very clear and transparent OPTION, or get out.

      • This reply was modified 3 weeks ago by  BobT.
      6 users thanked author for this post.
      • #1911927 Reply

        rc primak
        AskWoody_MVP

        Who cares if it’s a foreign country. We have plenty to worry about if the recipients of snooped data are our fellow Americans!

        -- rc primak

    • #1900426 Reply

      plodr
      AskWoody Plus

      To address this posted by Susan Bradley:

      As an aside I thought this wasn’t the first time telemetry updates were included in Security updates

      I have four computers running Windows 7 and have done security only updates since bundling started in October 2016. I have yet to install July 2019 and probably will not. Looking in services, there is no telemetry listed. So telemetry was never put into security only updates.

      services_t

      Got coffee?

      Attachments:
      5 users thanked author for this post.
      • #1900487 Reply

        woody
        Da Boss

        Yep. That matches everything I’ve heard.

        We also know that the July Security-only patch installs the plumbing – and we weren’t warned. (I think that’s unconscionable.)

        The big question is whether the plumbing is hooked up to Microsoft, whether data’s being sent. Still don’t know yet, but I’m hoping GoneToPlaid’s test will tell us.

        3 users thanked author for this post.
      • #1900507 Reply

        anonymous

        Looking in services, there is no telemetry listed.

        Microsoft is not simple. Given the kinds of information which could be collected, Microsoft would not normally put all methods into a service module named Telemetry. Microsoft favors use of diverse fancy obscure terminology for the telemetry service names and programs.

        In the future if a service name Telemetry does show up the result will be worth a long discussion beginning with a question, ‘Is it really legitimate software from Microsoft?’

        1 user thanked author for this post.
    • #1900524 Reply

      Bill C.
      AskWoody Plus

      I have had CEIP and other tasks disabled since the GWX and other telemetry info surfaced. I found it has not transmitted data, HOWEVER, it has run scans as indicated in the task manager. The way to disable the scans it to disable the triggers in the task properties. As such, my AIT and CEIP now show the last scans were in 2017 and 2016 respectively.

      Way back after I removed GWX and its partners in crime, I also searched for the related files and storage locations (for Appraiser data, etc.) and deleted those locations and files.

      Once I read GoneToPlaid’s report, I may try the July 2019 SO patch and see what it changes, and/or what it actually adds, since I do not have the GWX beginnings (removed) and never installed any of the following telemetry or appraiser updates and patches.

      I do see Susan Bradley’s points, but whenever I have looked at a crashdump file using a text editor, I always found readable text from whatever I had open on my machine. It also included file names, dates and file locations. Due to that, and the fact that I never got any feedback from the reliabilty monitor, I turned off the crash reporting even before GWX and telemetry.

      7 users thanked author for this post.
    • #1900536 Reply

      ebrke
      AskWoody Lounger

      I appreciate the information on this subject available here. I maintain a win7 laptop for an elderly parent, but don’t use windows OS myself and need a good source of info. Reason I stopped using windows 15 years ago relates to the beginnings of the issues being debated here. I moved to another OS after win2K.

    • #1900572 Reply

      I’m not in group “B”, yet this IS troubling.

      IS MSFT evil? Depends on your time frame.

      Back in the day (Gates1.0, pre-Melinda)  when they were paying retail outlets NOT to install Netscape, and was engaging in other anti-competitive practices, I’d have a hard time saying no.

      These days, they seem less malignant, but more disregardful of the home or small biz user.

      IS neglect and carelessness a form of bad behavior? Grist for the mill.

      In the meantime, I’m waiting to see what tattletale stuff is in the July Rollups…(puts on helmet, dives into trench)

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      2 users thanked author for this post.
    • #1900676 Reply

      alpha128
      AskWoody Lounger

      It looks like Microsoft is also introducing new telemetry in the July Windows 7 Rollup (KB4507449).  I installed the update on 7/31/2019, and the day after I noticed CompatTelRunner.exe running on my PC for the first time ever.

      I see that I now have a version of CompatTelRunner.exe dated 06/12/2019.  There were two new scheduled tasks in the Microsoft Windows Application Experience folder called Microsoft Compatibility Appraiser and ProgramDataUpdater.  I disabled both tasks.

      2 users thanked author for this post.
      • #1900873 Reply

        PKCano
        Da Boss

        The telemetry has been in the Monthly Rollups since Oct. 2018. That is when MS added the KB2952664 functionality to the Rollups. If you have been patching Group A, maybe you just haven’t noticed it before.

        4 users thanked author for this post.
        • #1901363 Reply

          alpha128
          AskWoody Lounger

          The telemetry has been in the Monthly Rollups since Oct. 2018. That is when MS added the KB2952664 functionality to the Rollups. If you have been patching Group A, maybe you just haven’t noticed it before.

          I took steps to disable telemetry on 10/07/2018 when I installed the rollup you’re referring to. My most recent .etl file is from that date.

          I also remember either disabling or deleting the scheduled tasks at that time. Apparently the 2019-07 rollup (KB4507449) reinstated them.

          Believe me, if CompatTelRunner.exe had been running since October 2018, I would have noticed it long before now.

          • This reply was modified 2 weeks, 6 days ago by  alpha128.
          • #1901374 Reply

            PKCano
            Da Boss

            The Rollups are cumulative. What was Oct 2018, was in Nov 2018, and Dec 2018…… and June 2019.
            They didn’t put it in one month, then take out the next.
            The Compatibility Appraiser has been there.
            See @abbodi86 ‘s post #1873305.

            The monthly rollup had been carrying already
            the “Unified Telemetry Client” since since October 2016 preview rollup, and the “Compatibility Appraiser” since September 2018 preview rollup

            security-only update KB4507456 only have the second payload (Appraiser)

    • #1900853 Reply

      abbodi86
      AskWoody_MVP

      Scenario tested

      – Windows 7 Professional x86, VMware Workstation

      – Installed updates: KB4507456 (July security only), KB4474419 (SHA-2 signing support)

      – Monitoring program: Telerik Fiddler (Wireshark is too noisy and cannot decrypt SSL/TLS traffic anyway)

      – Result
      https://m.put.re/VyY91zNs.zip

      registry files represent the changed/added values after running the schedule tasks (Amcache.reg contain most info about installed devices, programs, drivers…)

      AppCompat folder is deducted copy of C:\Windows\AppCompat to show the gathered binary files

      SessionsFiddler.saz is the traffic capture file
      you can load it in Fiddler program for easy reading and analysis
      or just rename it as .zip file and extract it, open _index.htm, then press on the C, M, S links on the left (C for client request, S for server response)

      the first 5 sessions “settings-win.data.microsoft.com” are the requested telemetry settings

      the other sessions “vortex-win.data.microsoft.com” contain the data sent to Microsoft (the most interested part of the test)

      a quick read of the sent data reveal that at least 95% are ment to measure the OS compatibility to upgrade to Windows 10
      but i didn’t see any too “personal” data included

      so, to answer the topic question, the amount of sent data with KB4507456 telemetry components is not different from the rollup or the standalone superseded KB2952664

      • #1900919 Reply

        anonymous

        ? says:

        great work, thank you abbodi86! i see the AppCompat folder is 4.1 MB, do you know how big the whole program is? system resources used by the program, also if not “upgrading,” to windowsX how this program enhances a windows 7 installation and if this program has any “security” value?
        again, thank you for doing the work

        1 user thanked author for this post.
        • #1900960 Reply

          abbodi86
          AskWoody_MVP

          You can add about 4 MB for Amcache.hve and AlternativeAppraiser data cab file

          the size will be a little different per system, depending on installed drivers and programs

          CompatTelRunner.exe consume notable amount of resources the first time it runs, but the follow up runs almost not notable

          i don’t know what would be the security value, but the collected data cover the CPU vulnerabilities (for spectre and meltdown)
          and maybe other things, it’s hard to decode or understand all the data meanings

          2 users thanked author for this post.
      • #1900955 Reply

        abbodi86
        AskWoody_MVP

        I forgot to mention that the test was made with default CEIP enabled

        i now redid the test from clean status with CEIP disabled
        the data is still collected, but i can confirm that nothing is reported or sent to vortex-win.data.microsoft.com

        that’s a good thing, at least

        • This reply was modified 2 weeks, 6 days ago by  abbodi86.
        11 users thanked author for this post.
      • #1900973 Reply

        woody
        Da Boss

        Thank you!

        So you’re saying that by installing the July Security-only patch, your machine basically starts sending the same amount of telemetry that it would send if you installed the Monthly Rollup?

    • #1900936 Reply

      des911
      AskWoody Lounger

      From @abbodi86 post above

      “so, to answer the topic question, the amount of sent data with KB4507456 telemetry components is not different from the rollup or the standalone superseded KB2952664”

      And, those in Group B avoided KB2952664 at the time (and since).

      Maybe, Susan Bradley’s original question could be turned on its head. Is there anything in KB4507456 other than the telemetry that is of security value for GroupB?

      4 users thanked author for this post.
      • #1900967 Reply

        abbodi86
        AskWoody_MVP

        KB4507456 contain the security fixes for July 2019, of course it’s valuable and should be installed

        it’s enough to turn off CEIP and disable the schedule tasks to avoid the telemetry thing included

        • This reply was modified 2 weeks, 6 days ago by  abbodi86.
        • #1901006 Reply

          anonymous

          ? says:

          again, thank you for your invaluable work. i do not want any of these added components in my win7 installations at the risk of missing the real security patches so i have cloned copies ready to install in the event of any catastrophic events between now and 1/2020. i will leave the data collection and protection to IE SmartScreenFilter and MSE…

        • #1901518 Reply

          “It’s enough to turn off CEIP and disable the schedule tasks to avoid the telemetry thing included.”

          Abbod, Thank You 1000 times, may you live forever!!

          It’s nice to know the whole thing can be killed by two simple actions, (one of which I  had thrown long ago), instead of port blocking, registry hacking, script running, a four-day fasting quest, Geomantic Incantations and running around the PC clockwise three times while holding a branch from a sacred oak tree while chanting, “Redmond, Washington, ooga-codswallop, rama-lama-ding dong”!

          I think we should all get SOME kind of medal after all this, don’t you? (TWO medals with Galactic Clusters for Abbod.)

          Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
          --
          "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

          1 user thanked author for this post.
        • #1902029 Reply

          TonyC
          AskWoody Lounger

          it’s enough to turn off CEIP and disable the schedule tasks to avoid the telemetry thing included

          Could you please clarify what you mean by “… disable the scheduled tasks …”? Do you mean run W10Tel.cmd (or alternatively perform the manual tasks described in AKB 2000003)?

          Woody’s ComputerWorld article also states “… disable the new scheduled tasks.” and links to a post in this thread by Sueska (#1899427). Is Woody suggesting doing what Sueska did? Or does running W10Tel.cmd achieve the same thing (and possibly a lot more)?

          • #1902098 Reply

            TonyC
            AskWoody Lounger

            Sorry, I meant AKB 2000012, not AKB 2000003.

          • #1902916 Reply

            abbodi86
            AskWoody_MVP

            W10Tel.cmd already do that and it’s enough

            but for who want the manual limited way, these are the schedule tasks added/changed by Telemetry Appraiser:
            “Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser”
            “Microsoft\Windows\Application Experience\ProgramDataUpdater”

            2 users thanked author for this post.
        • #1904201 Reply

          walker
          AskWoody Lounger

          @abbodi86:  Without either the “CEIP and disable the schedule tasks” I don’t know yet what to do, if anything.  I’ve always kept anything extraneous away from the computer, so hoping I can bungle my way through this “mess”.  Thank you for all of the information you provide for all of us!

    • #1901211 Reply

      Alex5723
      AskWoody Plus

      Years ago there was an article listing every service sending data to Microsoft from a Vista PC, long before Windows 7, 10 Telemetry. I am sure this type of data in being sent now as well, if not more.

      https://news.softpedia.com/news/Forget-about-the-WGA-20-Windows-Vista-Features-and-Services-Harvest-User-Data-for-Microsoft-58752.shtml

    • #1901560 Reply

      anonymous

      With nVidea video cards telemetry can be uninstalled using the RUNDLL32 and command. Can’t something similar be done with this Security Only patch or even with the Monthly patch?

      A poster said, “…you can simply install nVidia drivers as normal. Once installed open an elevated command prompt and run the following:
      rundll32 “%PROGRAMFILES%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL”,UninstallPackage NvTelemetryContainer
      This will remove all telemetry, logs, services and tasks. I use it all the time now and it’s a very clean way of removing nVidia telemetry.” https://forums.geforce.com/default/topic/1056140/geforce-drivers/defeating-nvidias-telemetry/1/

      So I ask if the same could be done for this patch?

      If not, does anyone know the name of the EXE or DLL which causes the telemetry and could that file be deleted or renamed to prevent it from running?

      • #1901665 Reply

        abbodi86
        AskWoody_MVP

        You cannot remove OS components (whether inbox or added with updates) without breaking SFC integrity

        however, you can simply turn OFF the Appraiser:

        reg add HKLM\SOFTWARE\Microsoft\SQMClient\Windows /v CEIPEnable /t REG_DWORD /d 0 /f

        schtasks /Change /DISABLE /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"

        schtasks /Change /DISABLE /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater"

        .

        • This reply was modified 2 weeks, 6 days ago by  abbodi86.
        • This reply was modified 2 weeks, 6 days ago by  abbodi86.
        • #1901989 Reply

          anonymous

          ? says:

          abbodi86,

          since the dust has settled a bit, does it help to disable (edit) the triggers in the task scheduler for these? i have been disabling and (unticking) the triggers using the edit window for Application Experience, Autochk, CEIP and others since 2007 Vista era. i know the snooping patches simply reenable them anyway (learned the Surprise hard way) before i had help from askwoody and expert members like you!

          • #1902917 Reply

            abbodi86
            AskWoody_MVP

            It’s easier to disable the task at whole

            • #1903003 Reply

              anonymous

              ? says:

              thank you, abbodi86

              i guess (they) can’t stop me from using the power off switch and taking a walk…

        • #1902095 Reply

          anonymous

          Thank you abbodi86 for the good information.

          I do not have all the switches memorized and have always used either a .reg file or opening regedit and manually typing in. For the registry change, so one could use:

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows]
          “CEIPEnable”=dword:00000000

          Also please look at this site. The poster has many items he is wanting to disable in Windows 10 and wanted a one click method. Some are interesting.
          https://www.tenforums.com/general-support/74639-all-registry-commands-privacy-settings.html

    • #1902309 Reply

      anonymous

      I have two, clean, Group B Win 7 Ult machines available for testing. Both have CEIP disabled and all telemetry related stuff disabled or removed. All unnecessary OS/application services and tasks are disabled (e.g. Remote registry, Adobe LM).

      In addition to disabling OS telemetry, I always disable telemetry for the following:

      1) Firefox (portable)
      2) Adobe (Reader, Flash)
      3) nVidia (drivers)
      4) Samsung Magician (really ticks me off)
      5) MS Office (2010)
      6) Intel (services, utils, etc.)
      7) Norton Security (watching this closely)

      I use an application firewall to block egress from specific applications/services (i.e. Windows gadgets, Media Player).

      Since abbodi86 has already conducted some excellent research, I’m not going to duplicate his findings. I have completed a thorough machine state assessment and will do the same after installing KB4507456 and disabling any nasties I discover.

      There are two, free, stand-alone tools that even the less experienced here can try for themselves:

      1) Nirsoft TaskSchedulerView
      http://www.nirsoft.net/utils/task_scheduler_view.html

      This tool lists all scheduled tasks (including hidden) and allows one to save lists in both text and html table format. Run the tool as Admin or switch to Admin inside the app (click Help on menu bar). Generate pre-patch and post-patch lists. Use a diff tool to compare before and after for additions/changes.

      2) Nirsoft RegistryChangesView
      http://www.nirsoft.net/utils/registry_changes_view.html

      With this tool, you can take snapshots of the registry pre and post patch and compare for changes.

      Note:
      Nir Sofer (Nirsoft) has been around for many years. He’s accessible and I can vouch for the integrity of his tools. Since his tools are low level, it’s possible that your anti-virus heuristics may trigger false positives (especially password tools and ProduKey) even though the apps are digitally signed. Quite a few tools require running as Admin.

      Best of luck fellow Group B diehards.

      – Carl –

      4 users thanked author for this post.
      • #1902576 Reply

        anonymous

        ? says:

        looking forward to your experiments. the Nir tools are cool, as usual and drill down in a hurry. Rick Corbett posted USBDview the other day. Another good tool with the right click show all. i especially enjoyed the go to .ini function. the only thing i didn’t enjoy was the new reg line after saving a snap and then comapiring it to current on the registychangesview unit. i’m freakishly anal about having a squeeky clean machine and the unannounced snooping package kept me busy chasing all the changes when microsoft slipped it in a few years ago in one of the random KB’s. i found the changes during one of my random trips around the os, and was unpleasantly surprised to find all the extra telemetry running (that i had previously disabled and\or deleted.) i used to take the time to look through all the individual file lists in the update packages for stuff i knew i did not want prior to applying an update. then i got lazy. woody and company has made staying out of patch trouble so much easier especially after the super bundle in the jungle started in November ’16.

        • #1903143 Reply

          anonymous

          I couldn’t agree with you more.

          Some claims made in other forums about the patch are highly suspect (e.g. registry reversal changes). I am concerned that MS may have injected undocumented hidden services, tasks, or event triggers. I’ll also be ticked if CEIP settings are no longer being properly respected. I know, tin-hat and all. But the fact that MS dropped telemetry into a security-only patch and its’ lack of transparency deserves our scrutiny.

          I’ve become weary as of late regarding the practices of vendors.

          Samsung Magician now installs telemetry that executes on every boot. During initial drive detection, it won’t work unless outbound connections are allowed. Although easy to disable, I only use it for OP and trim (Win 7), so why is this necessary?

          The past few versions of Norton were dropping (tracking?) cookies upon almost every domain change. The latest version doesn’t do this, but there’s still small data drips being sent to Symantec servers on a continual basis while browsing. Is this a heartbeat or something more nefarious? Wireshark won’t help, well “because encryption”.

          nVidia dropped the option to disable telemetry in Control Panel. Why? I refuse to use MS programming tools/IDE because I can’t agree to the draconian, privacy depriving TOS. And Firefox, while at least transparent, should provide a simple kill switch that disables all data/telemetry collecting settings and APIs. Don’t even mention the CCleaner debacle.

          I’m tired of the endless diagnose, clean, rinse, repeat cycles one has to undertake to maintain privacy and security upon every patch, driver update, etc. I fear a nervous breakdown when I’m finally forced to use Win 10 on my daily driver due to simulation and photo editing applications that aren’t available natively on Linux.

          – Carl –

          • #1903240 Reply

            anonymous

            ? says:

            thanks Carl! i’m burned out from wasting years working to keep a clean and properly running windows system. i’m also grateful for woody and all who help to achieve this goal since it is usually one stop shopping in order to know what new badness is coming down the pipe. prior to coming here i used to spend many hours trolling google trying to find solutions for the many and varied problems i’ve encountered running windows. i installed the July IE SO patch, the July MSRT (sans Heartbeat) and the July .Net rollup and called it good. i’m betting the added telemetry will be included for the remainder of win7’s monthly patches. i have noticed that my shutdown time is taking longer since installing the July patches and the Sunday MSE quick scans seemed to dewll in system32 longer than usual and was looking in Task Scheduler also. thanks again for the Nir tools they are great and i’ve been having fun running them.

          • #1903344 Reply

            anonymous

            Hello anonymous -Carl-, anonymous #1901560 here. Thank you for your comments and the NirSoft suggestions. I agree with you and hope you will reveal other ways to circumvent telemetry. I too use a 3rd party firewall and it does a fine job of stopping unwanted outbound data transmissions. I am curious to what others do to successfully eliminate telemetry for the July 2019 Security Only Windows 7 Patch.

            You mentioned Firefox. I have an older version but this is supposed to be the “master switch” for telemetry and data archiving:
            toolkit.telemetry.unified to false, stops telemetry and file/folders.
            also
            toolkit.telemetry.enabled to false
            toolkit.telemetry.archive.enabled to false, stops file archive on hard disk.

            Also see:

            Telemetry on Firefox

            Preventing Firefox telemetry data collection

            3000003: Firefox – additional security, telemetry and privacy tweaks

            Thanks to all here.

        • #1904867 Reply

          anonymous

          ? says:

          about the “longer shutdown after july updates,” post# 1903240, after spotting shutdown errors (long times) in EventViewer>Diagnosis-Preformance I took a trip to HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management and the ClearPageFileatShutdown was set to 1 which equals on.

          When I set the value to 0 and then ran CMD>GPUpate /Force and then refreshed the registry the value 0 held. Shutdown is now back to 1-2 seconds from desktop to black. So, it was probably operator error while performing post patch clean up routine, not one of the patches…

    • #1903102 Reply

      ClearThunder
      AskWoody Lounger

      I’ve put the Win7 telemetry issue into the wastebasket. For now. I recently installed Norton360, which has a great firewall. I set the firewall to alert me when anything tries to access the internet and my computer.  After installing all the July updates, I got pop-ups from Norton throughout the process. There must have been six or seven windows files that wanted access. One was ‘NETBios and file sharing.’ ZAP! Blocked that one. Another was a program that clearly said ‘Telemetry’ within the name. ZAP! Blocked that one too. And a half dozen others that I didn’t feel were necessary to have internet access. The only thing I did allow was the MSRT, which I may still end up blocking since Norton can probably take care of that.

      Seems to me that MS telemetry (read; data collection) practices can be (partially?) circumvented by simply using your firewall properly and configuring it to alert you. But if I’m overlooking anything, well …. that’s why we’re all here.

      Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.

      1 user thanked author for this post.
    • #1903142 Reply

      anonymous

      Windows 7 July  KB2952664 was a new install. It was an update to already installed feature.

      Compatibility Appraiser
      To see whether the July patch truly pushed a naughty bit onto Windows 7 users, I checked the status of one of my Windows 7 machines, which had last been updated on May 22, i.e. it has not been subjected to the July round of patches. Lo and behold, it had the exact same entries under the Task Scheduler as referenced in the latest series of articles.

      So no, this wasn’t added in July – merely updated. For what reason? I do not know. However, these tasks do not do anything unless you’re opted-in the Customer Experience Improvement Program (CEIP). And you can check whether you’re opted-in the CEIP. By default, Windows 7 is NOT opted-in CEIP.

      See the full article at:

      https://www.dedoimedo.com/computers/windows-7-security-only-updates-telemetry.html

      • #1903291 Reply

        abbodi86
        AskWoody_MVP

        It’s not an update, Appraiser is completely different component that hijack the inbox Program Compatibilty Experience
        this is the first time it’s added to security-only update

        KB2952664 was changed to important update back in February 2018 with the Spectre/Meltdown mess

        the schedule tasks do “collect” the data and appraise the installed programs, drivers
        but the data is not sent unless CEIP is opted-in

        1 user thanked author for this post.
    • #1904281 Reply

      GoneToPlaid
      AskWoody Plus

      Hi everyone,

      In Task Manager, I now see two instances of Taskeng.exe. I don’t see them on my other Win7 computer. See the attached 01 image.

      I see the same as @sueska in Task Scheduler, yet I do see one additional item which I do not recall seeing before. See the attached 02 image.

      I am going to leave these new things enabled to see what happens. So far, no telemetry is going out. Its not like KB2952664 which was sending stuff as I typed or every time I opened a program. It will be interesting to see what gets sent tonight after 3 AM.

      Best regards,

      –GTP

       

      Attachments:
      3 users thanked author for this post.
    • #1904686 Reply

      GoneToPlaid
      AskWoody Plus

      On two Win7 Group B computers, no data was sent to MS after installing the July security only update since the disabled CEIP settings were honored. I am simply going to disable these two tasks.

      6 users thanked author for this post.
    • #1907295 Reply

      Chriski
      AskWoody Plus

      Maybe this has some useful info for others, so for what it’s worth…

      I have 3 nearly identical HP G62 64 bit Win 7 laptops.

      I came late to the party only because I didn’t know about the awesome resources available here, but I probably became aware of the site because of patching problems.

      I liked the group “b” paradigm, and have tried to keep all the machines on that path to varying degrees of purity depending on when I started applying S O patches.

      The machine I use most infrequently I think has the most useful information.

      Looking back, I patched infrequently also. Most recently (for the PC of note) in July 2015, Feb 2016, July 2016, then did a cumulative security rollup in May 2017, then S O from the group B list after that until the present.

      In preparation for July 2019 I found some interesting dates and settings. CEIP was off, and the “patches to avoid” in the group B instructions were installed prior to October 2016 when the group B list was available.

      I found 2952664 was installed 3 times: July 2015, Feb 2016, and July 2016 ( Also matching version dates I found for Compattelrunner.exe).
      3068708 was installed July 2015.

      So I had telemetry installed on this PC from July 2015 (unknowingly and inadvertently) already ahead of October 2016. (No “patches to avoid” after July 2016, or after security rollup in May 2017, or after the monthly S O after that.)

      The two tasks in scheduler, “appraiser” and “program data updater” were enabled and had been running. (I don’t know if data had been sent.) I disabled the two tasks, and with CEIP still off, installed the July 2019 S O patch.

      On restart, CEIP was still off, the two tasks were ENABLED, and Compattelrunner.exe was updated to 10.0.18362.1013 (6/12/19). Diagtrackrunner.exe was unchanged from an 11/16/2015 version. I disabled the two tasks again, and they have remained so through many reboots.

      So for this PC the one component (Compattelrunner) was updated and the tasks re enabled. I must have installed the components in July 2015, and the July 2019 S O patch updated Compattelrunner for the first time since July 2016, and re enabled the tasks.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: How much telemetry is going out with this month’s “Security-only” Win7 patch?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.