News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Michael Horowitz re-discovers the refreshgwxconfig-B “Get Windows 10” scheduled task

    Home Forums AskWoody blog Michael Horowitz re-discovers the refreshgwxconfig-B “Get Windows 10” scheduled task

    This topic contains 52 replies, has 24 voices, and was last updated by

     Michael432 3 months, 2 weeks ago.

    • Author
      Posts
    • #347742 Reply

      woody
      Da Boss

      I though this was all behind us, but: https://twitter.com/defensivecomput/status/1112807956687536133 Martin Brinkmann talked about the appearance of t
      [See the full post at: Michael Horowitz re-discovers the refreshgwxconfig-B “Get Windows 10” scheduled task]

      9 users thanked author for this post.
    • #347747 Reply

      OscarCP
      AskWoody Plus

      Some practical questions to try clarifying this alarming news a little further:

      If it has not already forced an upgrade from Win 7 to Win 10, is that because it needs also to have the nagware patch installed for that to happen?

      And does “admins cannot disable it” mean that the directory in which it resides cannot be deleted? Or has this reappearing software made changes already to the Registry, so it does not matter any longer whether it is deleted or not?

      • #347750 Reply

        woody
        Da Boss

        Highly, highly unlikely it’ll force an upgrade to Win10. Microsoft isn’t giving away free Win10 upgrades anymore. Which is why everybody’s wondering what in the Sam Hill this thing does.

        The directory is part of the registry. I don’t know why admins can’t delete the scheduled task, but it sure isn’t a good way to instill confidence in Microsoft’s benevolence, eh?

        • #347850 Reply

          Rock
          AskWoody Lounger

          You mean we can’t use old Win7 keys to activate Win 10 anymore?

          • #347882 Reply

            mn–
            AskWoody Lounger

            Would appear that having your product key accepted for activation is, by strict definitions, neither necessary nor sufficient for determining that you do have a license. Just, sort of a guideline.

            Sort of like it’s been on the server side, what with needing multiple copies for the same machine even without virtualization if you have enough processor cores…

            1 user thanked author for this post.
        • #347817 Reply

          anonymous

          There has to be a way to delete it from Windows 7, Does Windows 7 rescue media have the tools takeown & an icacls?

        • #348025 Reply

          Mark
          AskWoody Plus

          Woody, I’m not seeing any such task on my desktop PC.  I’m currently running W7 Enterprise SP1 and I just checked the Task Scheduler and no such task exists.  I’m pretty sure our Network is blocking such nonsense from MS.

          I’ll check my old laptop when I get home as it is still running W7 Home.  I don’t get any updates from MS on either PC that I don’t want.  I’ve locked everything down on both and don’t hear any carping from MS about updates/upgrades and such.

          Windows 10 Pro x64 v1709, Windows 7 Home Premium x64, Windows Vista Home Premium x64
        • #348375 Reply

          anonymous

          There is another reason, why Microsoft won’t upgrade Win 7/8.1 machines automatically to Windows 10. Microsoft Germany (and other international MS subsidaries) have received a injunction (and signed that) Becomes expensive, if against it is offended.

      • #347862 Reply

        Michael432
        AskWoody_MVP

        “admins can not disable” refers to the scheduled task. Most can be disabled by an Admin class user. Not this one.

        Get up to speed on router security at RouterSecurity.org

        3 users thanked author for this post.
    • #347753 Reply

      des911
      AskWoody Lounger

      Win7 Pro; Group W.

      Just checked the Task Scheduler and refreshgwxconfig-B is not there.

      However, I did discover EOSNotify (End of Support Notification) under Setup and at status Ready. It’s now disabled 🙂

      KB4493132 has not been installed.

      2 users thanked author for this post.
      • #347884 Reply

        abbodi86
        AskWoody_MVP

        Are you sure it’s not EOONotify (End of Offer Notification)?

    • #347757 Reply

      PKCano
      Da Boss

      I have checked two of my Win7 machines and I don’t find any indication of anything gwx (task or folder).

      I have to say this, though: the GWX patches were never installed on any of my machines from the git-go. Also, I have not installed the telemetry patches until KB2952664 was incorporated into the Rollups. And I have been running @abbodi86 ‘s script to disable it (Scheduled Task on bootup) ever since. Nor have I installed KB4493132 (EOL notification).

      I will report on the rest to the Win7 PCs when I have time to look.

      3 users thanked author for this post.
      • #347914 Reply

        des911
        AskWoody Lounger

        Yes, positive it is End of Support Notification (EOSNotify). It has 3 triggers and is set to run EOSNotify.exe in /System32 folder. It was at status Ready.

    • #347758 Reply

      anonymous

      Whereabouts in Task Scheduler would this task be located? Assuming it’s not an April Fool’s gag…

      • #347760 Reply

        PKCano
        Da Boss

        The path is in the main blog post above.

      • #347864 Reply

        Michael432
        AskWoody_MVP

        Not a joke, though I certainly understand why you would think so.

        Get up to speed on router security at RouterSecurity.org

        1 user thanked author for this post.
    • #347761 Reply

      DrBonzo
      AskWoody Lounger

      Just checked my daily driver Win 7 Pro SP1, x 64 Group B up to date through February (nothing issued in March has been installed). I’ve got nothing in Task Manager \Microsoft\Windows\Setup

      I’ll check a few other Win 7 machines when I can get access to them.

      I wonder if this is something Pro doesn’t get, but Ultimate does (unless, like PKCano, you kept GWX off your machines in the first place – if I recall correctly, PKCano has Ultimate), sort of like the nagware patch KB4493132 appeared to be.

    • #347774 Reply

      anonymous

      Windows 7 Ultimate – Group B

      No sign of this malware on my machines. I did notice a failed attempt by Windows Update in “Problem Reports” to auto update something on March 11 (Problem Event: WindowsUpdateFailure3
      ). I assumed this was a failed SSU update which I then installed manually on March 12 (KB4490628).

      – Carl –

    • #347776 Reply

      Sessh
      AskWoody Lounger

      I haven’t patched in two years and don’t even have a Microsoft\Windows\Setup in the Task Scheduler. I don’t see anything obvious anywhere that shouldn’t be there.

      Microsoft sneaking stuff like this into updates was a significant concern of mine and was one factor in my decision to stop patching. I hope this isn’t GWX part two. It doesn’t concern me that Windows 10 isn’t free anymore as I think they would make an exception in the event of forced upgrades. After all, they want people on Windows 10 and maybe they want it bad enough that the benefit from another forced upgrade campaign may outweigh the initial financial aspect.

      Good luck, you guys. I hope it’s not what it looks like.

      1 user thanked author for this post.
    • #347778 Reply

      Also, I have not installed the telemetry patches until KB2952664 was incorporated into the Rollups.

      Urg! I removed this devil ‘way back when; now it’s incorporated into every Security Quality Monthly Rollup??

      BTW, no sign of GWX on scheduler here. Not even being offered KB4493132 as an option.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      • #347780 Reply

        PKCano
        Da Boss

        KB2952664 functionality was incorporated beginning with the 2018-09 Preview Rollup and the 2018-10 SMQR.

        Edit to correct date/year to 2018.

        3 users thanked author for this post.
        • #347870 Reply

          @pkcano:

          Thanks for the head’s up! Good old Steve; he writes in assembly, then complains about the file size being too big!

          Anyway, set a restore point and executed his “Never 10”, to be thunderstruck when it reported that this machine was vulnerable to an upgrade! Flicked that switch fast! Questions remain:

          1. Did you mean 2018-10 (Oct 2018)?

          2. A bit off-topic, but checking my restore points I can’t understand this:

          2019-04-01-20_52_57-Topic_-Michael-Horowitz-re-discovers-the-refreshgwxconfig-B-“Get-Windows-10”-sch

          It seems like the previous 4 restore points were done by WU surreptitiously and listed as “critical”. Scanning “affected programs” revealed nothing. What’s up with that? I have WU shut down! What am I missing?

          None-affected

          As Howard Cosell used to say,

          “Who goofed? I’ve just got to know!”

          Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
          --
          "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

          Attachments:
          • #347910 Reply

            PKCano
            Da Boss

            Perhaps the restore points are Defender updates, which are done in the background even if you don’t initiate.

            • #348248 Reply

              Yup, knew that (in my case) MSE did that. but when checking WU, it always lists malware/virus definition updates as “Optional” if they’re ready.

              (BTW, I always do a manual def download first thing in the AM with MSE.)

              But why is it as listed “Optional”  in one routine (WU) and “Critical”, in another (System Restores Available Dialog) and “Recommended” in WU History?  Some of the dates/Restore Points match up with definition updates, and some definitions don’t.

              Makes no sense. Oh, silly me, we’re talking about the MSFT rabbit-hole here, not logic.

              (‘Take some more tea,’ the March Hare said to Alice, very earnestly. ‘I’ve had nothing yet,’ Alice replied in an offended tone, ‘so I can’t take more.’ ‘You mean you can’t take less,’ said the Hatter: ‘it’s very easy to take more than nothing.’)

              Maybe I got spoiled with Eset years ago, when they rolled them out sometimes multiple times a day, and it was always “Important”.  If something got fouled up and it hadn’t updated itself in 24 hours, it’s holler a “yellow alert” on you.

              Maybe some Definition Updates  are Critical, some are Important, some are Optional.

              To my mind, ANY definition update is critical! Once I got nailed with a piece of malware that had just bloomed like mad  in the wild a few hours earlier…

              Have some more tea.

              Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
              --
              "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

        • #347852 Reply

          anonymous

          Sorry, but don’t you mean 2018?

    • #347791 Reply

      Bill D
      AskWoody Plus

      Windows 7 Ultimate 64, Group B since it was first available.  No sign of a scheduled “refreshgwxconfig-B” and “setup\gwx” is empty.

    • #347796 Reply

      PerthMike
      AskWoody Lounger

      Yup, it’s in our corporate Win7 fleet of PCs (and they only got updates from our WSUS server that only hands out Security Only Updates). These are PCs that were only built just over a year ago and should therefore never have had a historical GWX trace on them. 2952664 never touched these.

      Task history shows it was created on February 11, which was when we released the January patches onto our fleet. The history also shows that the patch that incorporates it also first deleted any existing refreshgwxconfig tasks (to make sure the new one would definitely get the settings the patch wants to enforce) and then created the new one.

      Looks like it’s time to bring out the GWX blocking tools again.

      I knew Microsoft would not give up so easily. They’ll rather give Windows 10 away for free again to boost their ongoing revenue (through all the c**p incorporated in W10) and kill off that pesky zombie OS that we love.

      No matter where you go, there you are.

      • #347867 Reply

        Michael432
        AskWoody_MVP

        Task history?

        Get up to speed on router security at RouterSecurity.org

      • #347893 Reply

        doriel
        AskWoody Lounger

        What was the purpose to build machines with Win7 like year ago? You should have known this will unaviodably happen anyway.

        I have not failed. I've just found 10,000 ways that won't work.
        --- Thomas A. Edison

        • #347902 Reply

          radosuaf
          AskWoody Lounger

          Compatibility? I visited a HUGE retail chain lately and all of the PCs were on W7 still.

          MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1809 64-bit
          • #347904 Reply

            doriel
            AskWoody Lounger

            OK, I understand your angle of view. Now this HUGE retail chain will face the problem of migrating all W7 to W10, or they will pay for additional support. So will PerthMike. I think, that in big companies, you just created more work for yourself, if you installed W7. You have got to think ahead.

            I have to say, everything that worked for me in W7 works in W10 too. Plus in W10 for example Android Debug Bridge works way better than before (I am configuring Zebra WT6000 and MC33 from command prompt now).

             

            I have not failed. I've just found 10,000 ways that won't work.
            --- Thomas A. Edison

            • #348016 Reply

              Mark
              AskWoody Plus

              I think, that in big companies, you just created more work for yourself, if you installed W7. You have got to think ahead. I have to say, everything that worked for me in W7 works in W10 too.

              doriel, it’s not just the retail chain stores that have this issue.  The company I work for has invested a great deal of money in equipment that makes the garden variety PC look like change you find on the ground. We’re talking Precision Network Analyzers and such…and they are running on…you guessed it…W7.

              Now this is something that goes up the food chain to a large company (Keysight) who manufactures these devices with an embedded OS (W7).  They didn’t start trickling out the W10 motherboard equipped devices until late 2017.  They didn’t even offer a motherboard replacement to upgrade to W10 until 2018, and the cost for that upgrade is staggering.  Not all versions of those older motherboards and/or equipment are compatible with the upgrade motherboards.  If that is the case, then you’re looking at something in the price range of $250K for a new device.

              I’m sure Keysight knew this was coming down the pike, and I can’t say when they started working on the new embedded OS motherboards but it sure took them a while to get the design out to market…3 years before the OS is scheduled for retirement.  Not everyone or every company has the luxury of upgrading to W10 like you or I do…and the cost can be mind boggling for those companies.

              Windows 10 Pro x64 v1709, Windows 7 Home Premium x64, Windows Vista Home Premium x64
              3 users thanked author for this post.
            • #348327 Reply

              Yup…even we small operations fall into this category…we have a ton of 2D, 3D and animation CG graphics software running on a XPSP3 custom built workstation (not connected to the Net), the cost of which software runs well into four figures…and we don’t have a money bin. Half of it won’t even behave on Win 7! …and in terms of speed, what CG software IS compatible…well, the old machine runs rings around WIN 7 Pro on this laptop! (OK, I really over-spec’d the XP box. “Design by rule of thumb, then beef it up by 50%.”)

              Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
              --
              "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

            • #348353 Reply

              doriel
              AskWoody Lounger

              I understand, I dont want to argue or be arogant, I try to understand your needs. For unique technologies, you may need extra PC. Even with XP SP3 or something. But for office computers, there is no doubt, that you should buy W10. Build W7 machines for office using these days is (by my opinion) nonsense (MS Office, SAP, AutoCAD, Webex Meet, Skype, Synology Surveillence, … everything works on W10). I think, that the worst thing about new licensing is that you do not buy product, but Windows as a service. The sky is not falling, you can still go well on W7 for several years in the future, but there wont be any patch to repair its vulnerabilities. May not be big deal if yor corporate firewall is well setupped solid tool.

              I have not failed. I've just found 10,000 ways that won't work.
              --- Thomas A. Edison

        • #347916 Reply

          mn–
          AskWoody Lounger

          There’s still a bunch of business-critical software that doesn’t work right in anything newer. These often have a common feature in that they need to talk with specific kinds of non-computer hardware (anything from factory floor equipment to specific models of cash registers and medical instrumentation).

          And yes, we’ve been testing things…

          Very likely for a number of these the low-cost solution will be to keep some of those W7 boxes running in isolation. (Some with no specific custom hardware features may be virtualizable.)

          Then, just get a second newer system for general office work.

          1 user thanked author for this post.
    • #347810 Reply

      T
      AskWoody Plus

      I’m not seeing it either – i’m on windows 7 home premium and have all security only updates up to and including february but no nagware patch installed. I told you not to trust them, they’ll sneak this in if it kills them.

      ETA: I should add that i have installed the latest SSU (KB4490628).

      1 user thanked author for this post.
    • #347816 Reply

      Geo
      AskWoody Plus

      Home Premium, hid 132,  I installed “never 10” when it first came out.  Nothing showing.  It’s been awhile , maybe some of the posters  didn’t  know about or  never installed  “Never 10”.

      1 user thanked author for this post.
    • #347844 Reply

      willygirl
      AskWoody Plus

      Not in my Task Scheduler, nothing GWX. Running Win7 Home, updated through Feb 2019.

      Win7 SP1 Home 64-bit; Office 2010; GrpA, when all is said, done and fixed, Mac OSX to help me sleep at night.

    • #347847 Reply

      Rock
      AskWoody Lounger

      I have Windows 7 64B Ultimate, I did a fresh install after the GWX fiasco and have been strictly Group B since then. I keep GWX Control Panel monitor on all the time and I have the latest WPD as well. I have do not have this task in my scheduler. I have the March updates installed and Windows Update won’t offer me the KB 4493132, nor is it installed.

      Hope this helps.

       

      Rock

    • #347865 Reply

      Michael432
      AskWoody_MVP

      FYI. PC in question in Win7 Profession and was  last updated with patches March 18, 2019. Glad to hear its not a universal thing.

      Get up to speed on router security at RouterSecurity.org

    • #347883 Reply

      abbodi86
      AskWoody_MVP

      I guess that’s what happens when you don’t install the GWX killer update KB3184143

      the bundled GWXWU.exe (executed by running msu) should eliminate all (or most) traces of these updates:
      KB3090045
      KB3035583
      KB3173040
      KB3072318
      KB3123862
      KB3064683

      2 users thanked author for this post.
    • #347912 Reply

      anonymous

      I don’t see a Setup folder either, and I’m updated up through February 2019 on the main path. I do note that I have not installed any optional updates at all since re-installing Windows 7, per the guide that says not to install anything that isn’t already checked. (Except maybe Internet Explorer 11, if that was technically optional. But I was told it was important to keep IE up to date even if I didn’t use that browser.)

    • #348028 Reply

      brian1248
      AskWoody Lounger

      I haven’t updated for March yet other than Flash, but as of the last update, I see no such task on my Windows 7 Professional SP1 machine,

    • #348154 Reply

      Microfix
      Da Boss

      In my interest in the run up to Win7 EOL, I’ve fresh installed Win7 Pro x86 from scratch on a device and now completely up-to-date. (Win7 Pro x64 will soon be following)
      No patching issues at all other than a couple failed but, on restart they installed properly (thanks for you supersedence MS)
      Not experienced any GWX cruft other than these suspicious patches (now hidden):

      KB3021917: Diagnostics for Win 10 performance compatibility
      KB3068708: Adds capabilities to easily upgrade to Win 10
      KB3080149: Adds telemetry points to (UAC)
      KB3150513: Appraiser.sdb and Appraiser_telemetryrunlist.xml

      Most GWX stuff has been removed from WU now.

      Task Scheduler is clean!
      And no, I wasn’t offered KB4493132 Notification of EOL (Yet) 😛

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      1 user thanked author for this post.
      • #348156 Reply

        OscarCP
        AskWoody Plus

        Microfix, Does a “fresh start” and now being “completely up-to-date”mean also installing all OK Win 7 patches, at least since SP1?

        Is there a method you have used to make such a job easier and quicker than getting every patch from the MS Catalog and applying it, one at the time (with many successive restarts between patches)? Perhaps downloading them with a script and installing them likewise?

        If there is a method to simplify what must be a pretty massive patching job, perhaps explaining it might help a number of others here to do the same thing. (I am already past the EOL problem, as I have Windows 7 and Linux Mint in double boot in the old PC, so I can use Linux for the online work, including downloading data and Windows for data processing, using what I have installed there already. I also have my 2015 MacBook Pro.)

        • #348167 Reply

          PKCano
          Da Boss

          I just posted this this morning. See if it answers your questions.
          Clean install for Group A and Group B

          1 user thanked author for this post.
        • #348172 Reply

          Microfix
          Da Boss

          Does a “fresh start” and now being “completely up-to-date”mean also installing all OK Win 7 patches, at least since SP1?

          Everything important with NO optionals from SP1 to March 2019 patches

          Is there a method you have used to make such a job easier and quicker than getting every patch from the MS Catalog and applying it, one at the time (with many successive restarts between patches)? Perhaps downloading them with a script and installing them likewise?

          Trust! blocked known ugly patches and I let it rip and let WU do it’s job

          If there is a method to simplify what must be a pretty massive patching job, perhaps explaining it might help a number of others here to do the same thing. (I am already past the EOL problem, as I have Windows 7 and Linux Mint in double boot in the old PC, so I can use Linux for the online work, including downloading data and Windows for data processing, using what I have installed there already. I also have my 2015 MacBook Pro.)

          see my previous answer, yes I had other things to do offline so, I left it to do it’s updating circa 2-3 hours later I had a few more after restarts

          Win7 is now reduced to an 8.8Gb footprint (normal W7 installation is circa 15Gb) I’m on the bleeding edge with System Restore disabled and files removed using DISM++ most programs and apps are portable. Also created a system image offline for storage.

          ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

    • #348176 Reply

      OscarCP
      AskWoody Plus

      Thanks, Microfix: One more question in three parts:

      Trust! blocked known ugly patches and I let it rip and let WU do it’s job”

      You also write that you left Windows Update do its thing while you went off for a couple of hours to do something else. So, (1) how did you manage to block some patches while WU was applying many of them without supervising it? (2) Was there, at first, a very long list presented by WU and you went hiding the problematic updates by hand until you were done with all those showing up in the list? (3) You had to make a restart and then more patches showed up, so then you repeated the same action?

    • #348194 Reply

      geekdom
      AskWoody Plus

      No nagware patch offered.

      No nagware patch installed.

      No scheduled task as described.

      Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
    • #348206 Reply

      samak
      AskWoody Plus

      Nothing here, except extreme paranoia now !

      No nagware patch installed. KB2952664 not installed.

      No scheduled task.

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

    • #348750 Reply

      Michael432
      AskWoody_MVP

      EXPLAINED:

      I did some more digging and I am reasonably sure why this one computer has GWX.

      To see the GWX scheduled tasks you need to run the task display as an admin user. I found 8 GWX scheduled tasks, not just one.  I also found two scheduler folders for GWX both in the C:\Windows\System32\Tasks\Microsoft\Windows\Setup folder.

      Then, I looked at the program(s) these tasks run – they are C:\Windows\System32\GWX. Looking at the folder, it does not exist. Way back when, one my anti-GWX strategies was to rename this folder to   C:\Windows\System32\GWX-xxxxxxx. Thus these GWX tasks have been failing for years.

      Chances are they are trying to remove GWX.

      I don’t know if the scheduled tasks are new or old. Anyone know how to tell when a scheduled task was created?

      Does this explain what others are seeing?

      Get up to speed on router security at RouterSecurity.org

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Michael Horowitz re-discovers the refreshgwxconfig-B “Get Windows 10” scheduled task

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.