• MS-DEFCON 3: Time to get your update ducks lined up

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 3: Time to get your update ducks lined up

    • This topic has 392 replies, 15 voices, and was last updated 7 years ago.

    Time to get your September Windows and Office updates installed. Office I don’t know of any outstanding major problems with September’s Office patches
    [See the full post at: MS-DEFCON 3: Time to get your update ducks lined up]

    Viewing 391 reply threads
    • #32853


    • #32854

      What about Windows 10 version 1511? I think you made a typo in the article…should be Fall update version 1511 and Anniversary Update version 1607?

    • #32855

      Should folks in either Group A or Group B consider installing the Reliability Rollup for .NET Framework (KB3179930 on my machine) or remove-GWX (KB3184143) packages, whether or not they are checked?

    • #32856

      I wonder for how many people this will be the last updates they ever install. Depending on how next week goes this may be my last but we’ll see. If there is a rise in successful attacks leading to increased botnets as a consequence then that’s on microsoft for taking this dunderhead decision. Then again, we’ve seen unprecedented attacks lately from armies of badly secured IOT devices. Brave new world… :/

    • #32857

      Woody: Thanks for the guidance. I have referred a number of non-tech folks to this site and they are able understand what you and the readers are talking about. A+++

      I strongly echo your Office comments. I have noticed a gradually increasing ability of MS Outlook to NOT display images and other features of HTML emails from news sources, tech sites, and companies from whom I get informational updates.

      You used to get the line at the top that said images were not displayed due to privacy and it had the ability to download the images. Lately that option is often not available and the only option is to view in a browser, a solution I do not like. I suspect that this results from security patches, probably in both Office and Windows. I have not been able to find what settings are the issue.

      As a result I now use Thunderbird for a lot of email although I greatly prefer Outlook for its single (or multiple) *.pst file format. I still use Outlook for the archiving process of important emails, since my emergency backup machine still has Outlook, as well as my backup drives, but With most of our laptops on Linux, Thunderbird is starting to look better, especially since I learned how to successfully manage account transfer between Windows and Linux devices.

      It looks like dark days ahead, but maybe, just maybe, MS will see the light like HP did with their firmware “update” to kill non-HP ink cartridges. A new firmware “update” reversing the damage is being released. HP of course, did not apologize for the fiasco, instead saying they had not communicated well. How do you say diplomatically, ‘I am going to screw you so I can make more money?’ Unfortunately for HP, many small businesses read between the lines and are abandoning HP for other cheaper, more reliable alternatives vowing to NEVER buy HP again.

      Additionally the HP issue is portrayed as anti-consumer in the press, while Win10 and MS Updates is largely crickets in the mainstream media and confined to tech sites and media.

      The BIG difference is HP is one of many printer makers, whereas MS is the 900 pound gorilla (now with rabies).

      Truly as the Chinese saying goes, “May you live in interesting times.”

    • #32858

      “For Group A, patching is much easier. For Group B, the snooping should be less – but there’s no guarantee. You can move from Group B to Group A, but as far as I can tell there’s no way to move from Group A to Group B without completely re-installing Win7 or 8.1.”

      I am posting the procedure below for those interested in uninstalling patches and potentially moving from Group A to Group B.

      As most of you would know, I am a follower of Group A and after reassessing the recent blog post about “snooping” patches, the only patches which I would accept as not being strictly required are KB2952664 and KB3150513. Everything else can be installed from my point of view and even those 2 mentioned don’t cause any harm, except for somehow increasing the potential for snooping.

      I accept Group B style of patching as technically correct based on the condition that all Important patches are installed in addition to Security patches. Not installing Critical (Important non-security) patches is the worst of all worlds as they are the most important patches for fixing the Windows bugs. There are not many of those, only about 10 or around that number. Even Group W users should install the Important non-security patches if nothing else after Service Pack 1. They would have a perfectly working Windows 7 with the security risks involved, which need to be controlled in customised ways by each user assuming those extra risks.

      The procedure presented to uninstall patches in bulk is a bit technically involved and not recommended for those who don’t have a very basic level of batch scripting or interested in at least understanding the commands presented. There is always the alternative of manually uninstalling patches from Control Panel for those with enough time on their hands. I did manual uninstall of hundreds of patches few times and I confirm that it works and is clean if there are no errors generated in the process.

      Here is the site:


      Obtain the list of updates:
      1. wmic qfe get hotfixid >> c:list.txt
      (This will get you the list of all updates that are currently installed.)
      2. Open C:list.txt in Notepad. (Remove the first line, it’s just the title)
      3. Generate this uninstall script:
      for /f %i in (‘type c:list.txt’) do echo
      wusa /uninstall /kb:%i /quiet /norestart >> c:uninstall.cmd
      4. Go to Edit > Replace and set the following field values: (CTRL+H, Replace “/kb:KB” with “/KB:”)
      5. Run the resulting script.
      6. Reboot the node.

      NOTE: This is what the syntax should look like after you edit with CTRL+H.

      wusa /uninstall /KB:981391 /quiet /norestart


      The procedure is correct, but because of the large number of patches involved and differences between the level of maintenance of various computers, there is always a chance of error. Reinstalling the OS in Upgrade (Repair) Mode is not more complicated that a Windows 10 update from one edition to another of Windows 10.

    • #32859

      You messed up the version numbers, you talk about 1507 and 1611. Should be 1511 and 1607

    • #32860

      I ran the Sept MS Updates for Windows 10 Pro, 64-bits.

      Now I can’t get any browser to reach any Microsoft domain site or page. They are all specifically blocked, along with a few fairly random other sites. Chrome can’t get there, IE can’t get there and Edge can’t get there.

      Unpatched PCs can get to Microsoft sites.

      There is a bad patch in here somewhere!

    • #32861

      Dear Woody,

      I am confused. I have windows 10 fall 2015 update 1511 updated through August.

      I thought the Windows Anniversary update was 1607 and the last November updates you were having us stick with until the AU got fixed was the 1511.

      Your post only mentionos windows versions I am not familiar with. Did you put in the wrong numbers? You write
      “so those of you with the Win10 Fall Update (version 1507 – type winver in the Cortana search box) are better off sticking with it. I continue to recommend that you stick with Win10 Fall Update by blocking the upgrade to version 1611.

      What is fall update version 1507 and what is the upgrade to block 1611?

      If I am reading this all wrong, what do those of us with the version you have told us to stick with Win 10 1511 do?

    • #32862

      Isn’t 14393.222 on 1607 rather than 1611?

    • #32863

      Whoo boy, now I am confused! Winver tells me I am on version 1607 (OS build 14393.222), but you are telling me that should be version 1611. Please help this old dummy! (I must be getting too old for this crap)

    • #32864

      MS-DEFCON 3 is OK with one exception I would say. This is the MSE 4.10.205 release which is unclear still and I think we will see some clarification soon, probably next Tuesday. Those who installed it should leave it alone, but those who didn’t. should wait a little bit longer. Some MSE engine upgrades proved unreliable after one month or a bit longer and any old engine is fully working and taking the same definitions.

    • #32865

      just an added note to my confusion. . . I did look up the versions, and could not find a 1611, or a 1507 unless that was pre-version Windows 10 ver. 1511

      Did you transpose numbers?

      Anyway. . . If on Windows 10 version 1511 should we go ahead and install:

      Will the KB3185614 need the hotfix KB3186988 installed?

      Thank you so much for your invaluable guidance!

    • #32866

      Thank you Woody. In more ways than I can count. You are a beacon of light in a dark and confusing forest.

      FYI, my 150 clients have all completed the September updates just as you described, which by the way is the way we have been doing it for a year now.

      This time we did something extra. We disabled the Windows Update service just to add an additional road block to MS trying to convert our machines.

      I have told them that it is quite possible if not likely we will be in what you describe as group W for the forseeable future. I fervently hope we can find a practical way to do security only updating and then be in group B.

      On the snooping issue, one really important difference you must keep in mind is that Google and all the rest are applications we can choose to use or not. Windows is an OS and in reality, we have no choice but to use Windows. Our only choice is whether to succumb to Windows as a Service.

      I note today the end of the Microsoft wrist device. I would be very curious to see an assembly of the records of MS products over the decades. I’d bet big the failures far outnumber the successes.

      I truly believe Win10 will fail just like Win8 did. It is just a matter of time before a whole bunch of C guys get dumped. Hopefully it will be in the next few years.

      I have been a big corp IT guy. I am quite confident that if I had brought a proposal to my bosses to adopt Win10, I would have had a short career.

      In my sphere of acquaintances I know of only 2 people who have gone over to Win10 and neither of them are happy about it and feel like they were victimized getting there.

      So from my small chunk of the world, Win10 is an utter flop. Most have adopted Apple devices and use their Win7, Vista or XP devices much less than before (which by the way extends the lives of those devices). The winner through the debacles of Win8 and 10 is Apple, not Microsoft.

    • #32867

      Woody –
      What should I do with my Win7 system and updates and the Malicious Software tool?

    • #32868

      I’d like to append this comment to my report of a serious problem reaching Microsoft’s sites after the Sept Win 10 Pro updates.

      Changing to OpenDNS and restarting (warm restart) seems to allow access to the blocked sites. This is definitely a buggy patch somewhere, but it only seems to affect the default AT&T U-Verse DNS service. Maybe others, but that’s what I have.

      So I’m back in business, and with a better DNS service than before. but that’s no thanks to Microsoft!

    • #32869

      Further addendum — I use AVG Free security in Win 10 Pro. I turned off active protections, but that did not help the DNS issue.

    • #32870

      Win10 Fall update is 1511, AU is 1607

    • #32871

      I have kept my system up to date except for a few updates that I have hidden: 3 snoopers and 2 that produce the black screen of death. MS has no solution for either of the BkSODs.

      I assumed the rollups that came down starting in July 2016 included all the updates that I currently have so I need not install them. Though this is somewhat unclear.

      I will be a definite Group B because of those 2 toxic updates. MS will eventually package them both into one of the monthly cumulative rollups and I will get stuck at that month with no path forward. If I go with the security bundles only (non-cumulative) I have that path forward.

    • #32872

      Humble apologies, but I rashly went ahead and installed the Security Updates on two Win7 computers earlier today. The search for available updates took about seven minutes each time. In the recommended group I was presented with only one non-security update (both machines), KB3182203, which I rejected because I don’t know what it is.

      I also installed a few Optional updates that have been repeatedly offered as applicable to specific hardware on my computers, and unchecked all the regular bad boys like KB2952664.

      Goodbye, Windows Update. Can’t say it’s been fun, but your replacement will probably be even less convenient and transparent.

    • #32873

      Hi Woody,
      I have a question about the hotfix for IE11 KB3192665 referenced in your post of 9/26/16. I am running Win 7×64 Home Premium. Apparently this fix is only available on Microsoft Update Catalog. Do we need to download this? It’s not mentioned in your updated DEFCON3 instructions. Thank you for your help.

    • #32874

      No. If it doesn’t show up in Windows Update, you don’t need it.

    • #32875

      I hope I got it right. Did I miss something?

    • #32876

      MSRT is always a good patch. You don’t need to approve it, in order for it to be installed. Just ignore it and it will do its job.

    • #32877


    • #32878

      OMG! Yes, I transposed the numbers. Fix coming. Thanks to you and PKCano!

    • #32879

      Does it appear as “recommended”?

    • #32880

      Nope, I’m the one who’s getting too old. Sorry I confused you!

    • #32881

      I’ve seen other mentions of that phenomenon. Not sure what’s causing it….

    • #32882

      GREAT stuff!

    • #32883

      Mea culpa! I was putting it together too quickly, as headed out the door. Thanks, everybody for catching my misteaks!

    • #32884

      My comments are attributed to “anonymous”, and I did not mean for that to be the case.

    • #32885

      @Woody, et al,

      Any further info on the 9/13/16 patch KB3175024? It’s a sizable patch checking in at a plump 21MB.

      The MS site has a “known issues” description, which, of course, I have no idea what they are talking about. Any help with this?


    • #32886

      I’m guessing that Bill Belichick doesn’t follow Woody. Bummer! http://www.theverge.com/2016/10/2/13139174/bill-belichick-patriots-microsoft-surface

    • #32887

      You are welcome, of course!

      So besides the 1st in the list below for win 10 version 1511, Do we install the other two also?

      KB3185614* (you said to install this)

      Will the KB3185614 need the hotfix KB3186988 installed?

      Thank you again!

    • #32888


      How about Group O, as in: Other Operating System?

      Linux is looking better everyday.

    • #32889

      O positive, eh? 🙂

    • #32890

      I coulda warned him… but nooooooooo….

    • #32891

      Unless you need Windows Journal, yes, I would install KB3161102. All Win10 users should install 3181403.

      Microsoft hasn’t explicitly confirmed it, but my understanding is that 3185614 fixes the double-printing bug, so you won’t need to install 3186988.

    • #32892

      The main problem is with running EMET after you’ve installed 3175024. Most people don’t run EMET – or don’t have EAF enabled for programs they commonly use – thus they shouldn’t see the problem.

      However, if you rely on EMET, it’s easiest to avoid the patch until Microsoft fixes it.

      Thanks for bringing this up, by the way. I overlooked it in the original post. Yet another security patch with a bad side effect.

    • #32893

      This raises the point that the only change coming this month relates to the actual Windows OS updates as opposed to all the other updates covering e.g. IE, .Net Framework, Office and the WU client etc. which are unaffected and will be offered separately as usual, at least for now. I don’t believe this point is being clearly made in relation to the selection of Group A, B or W, or indeed in relation to the overall discussion of the updating change generally. A lot of sites are talking as if there’s only going to be one update each month which is certainly not my understanding at all.

      So far as the Reliability Rollup for .Net Framework is concerned, it doesn’t add anything new so that if you have always installed the individual .Net Framework updates when offered there would appear to be no need for the current Rollup one to be installed. As it is a non-security and unchecked optional update it would not previously, I assume, have fitted Woody’s normal criteria for installation although he will doubtless correct me if that’s not the case.

      With regard to KB3184143 which is stated to remove the W10 upgrade offer, I’m taking the view that as I studiously avoided installing all upgrade nagware (and still have GWX Control Panel running as I don’t trust MS any more and it doesn’t seem to do any harm or use resources), I have no need for this update. Again, Woody will doubtless advise if he feels differently.

      I therefore have both updates hidden unless and until the advice is to install them.

    • #32894

      You’re absolutely right. We have no idea what this month’s Patch Tuesday will look like, but it almost certainly will contain a hodge podge of patches for .NET, for IE, and heaven only knows what else. I’m hoping the Catalog gets pull out of the 19th century before we have to start using it.

      I think you’ve diagnosed both the .NET Framework rollup and 3184143 correctly, but for those who expect to continue in Group A, they wouldn’t hurt.

    • #32895

      It is checked within the Important category, the prompt for more information taking you to a page promoting Windows 10.

    • #32896

      I must have my thick skull on!

      I don’t get what you mean by:
      “Unless you need Windows Journal, yes, I would install KB3161102”

      Does that statement mean KB3161102 messes up Windows Journal?

      My has computer has Windows Journal , but I never used it, nor knew what it was. So, do I install KB3161102 or not, yes or no?

      Thank you for your patience!

    • #32897

      Woody I just installed KB3179930 the .NET framework reliability roll up. First it failed to download and on retry it said it successfully downloaded/installed. Called for reboot and now my screen is stuck at preparing to configure Windows Do Not turn off computer for last 10 min or so..I need help.

    • #32898

      Woody: Today after running Windows Update in the manner you suggested and installing a number of updates under the “Important” button there are four updates remaining there: one for Skype, one for Bing Bar, and one for Silverlight, none of which I use, and a fourth update KB3182203, the Novosibirsk time zone change for Windows. Under the “Optional” button there are thirty-one updates, mostly recommended and optional updates for Windows.

      For those in Group A is there an advantage to installing, with the exceptions you noted, most of the updates under the “Optional” button versus simply waiting for the giant blob patch coming net week that will presumably include all of these individual patches?

      And more specifically, will these individual patches disappear when the giant blob patch arrives or will both be available through Windows Update?

      My computer is running Windows 7 SP1.


    • #32899

      Uh, could you point me to a discussion of the “bugs in Internet Explorer”? I support a user who can’t give it up. Thank you for that and for ALL you do for us.

    • #32900

      Hi Woody, with GWX “swept away”, do you think there’s any need to keep GWX Control Panel operating? I was thinking that even if MS seeks again to force a shift to Win10, it would not use the same vectors and therefore GWX CP may be redundant.
      I’ll point out here that with Win7 Enterprise on my machine I was never eligible for the free upgrade – yet that did not stop me from being hounded by the MS nagging!

    • #32901

      I thought I posted this comment before but I guess I didn’t.
      I have a number of pending updates to my Win7 x64 system and a pending .net framework update.
      I don’t know whether I should download any of these.
      Any suggestions?

    • #32902

      Hi Woody, well I thought I had downloaded and installed the .NET framework rollup for Win7 but it was the IE11 Cumulative Patch that failed first and then installed but took an 1 hour for windows to finish 3 stages of configuration. Never had that problem before with IE11 cumulative patch. So KB I installed was 318319 Not KB3179930. Sorry for confusion…I was trying to go off memory but I guess it’s not very bright at the moment. A view of installed updates in Control Panel shows it installed but don’t know if it installed properly. Not sure how I check for that. Is there a “sfc/verify only”scan and if so is this proper command?

    • #32903

      KB3185319..is IE11 cumulative patch. Boy I’m a mess today. Sheesh!

    • #32904

      Squarely in that camp. I’ve been in IT (operating systems, primarily) for over 2 decades, and I haven’t seen a mess like Windows 10 (and after Windows ME and Vista, that’s saying something).
      These days I run IT in a small local govt agency, with staff that are primarily more, shall we say, tech ignorant (elder generation and primarily people who barely use word processors). If we had gone storming headlong into Windows 10, it would have been a disaster.

    • #32905

      The .NET Reliability patch is the first promised rollup for .NET 4.x. At least another one is is expected to follow for .NET 3.5.1.

    • #32906

      “You used to get the line at the top that said images were not displayed due to privacy and it had the ability to download the images. Lately that option is often not available and the only option is to view in a browser, a solution I do not like.”

      Add an exclusion for the user or the full domain as the case may be under Junk. Right-click the message and under Junk set Never block…

    • #32907

      Last question, I promise. I’m in Group A, have Recommended Updates checked so they appear with Security Updates. Then I have 4 Optional updates for September, one of which is the .NET framework reliability rollup for Win7 its big(60.9MB) KB3179930. They are not italicized and are all unchecked. Do I check those Optionals and install them as part of Group A or put on hold for now? I thought I saw a thread on this website that indicated some issues with .NET framework but not certain if okay to install since it came as Optional this month vs. Important update as in previous months.

      Can you clean up my earlier posts that had typos? Sorry for my mess.

    • #32908

      Group W, and happy about it.

      Here’s the thing…

      I worked ALL DAY (12 hours so far and going strong) on my Win 8.1 workstation (uptime 31 days) and my Win 7-powered small business server (53 days uptime at the moment) doing ALL KINDS of work, running my small business, developing and testing software, supporting customers, collaborating with my engineers and testers, managing ecommerce, doing some accounting, developing an automated customer service system, playing Pandora… Hell, I even got a software release out the door.

      No worries about updates, no distractions from what I needed to do.

      *IT* just worked, so *I* just worked.

      When you have a day where it’s all about what YOU need/want to do, then you realize what just we’re losing with all this modern BS from Microsoft.


    • #32909

      That’s an interesting one, especially that Woody has seen it reported elsewhere. Do you have any additional security software installed, third-party firewall, antivirus, other security suites?
      Also try https instead of http on any Microsoft site which does not respond.

    • #32910

      I think it appeared as Important according to most reports here.
      I am testing on the enterprise versions, however if Microsoft does not clear this issue in few days on the minor Patch Tuesday October 4, I will do the test with MSE on a VM to see what is going on.

    • #32911

      “Important” and checked.—Win 7 64

    • #32912

      so for us Win7 peeps… is installing standalone KB3185911 still the path to get a reasonable update time for these Sep updates?

    • #32913

      As someone staying in group A, is it OK to leave WU set on “never check”? Also, will skipping the optional patches hurt anything with the way this new system is supposedly going to work?

    • #32914

      Yes. At this point, “Never check” and “Let me decide” are functionally equivalent.

      Skipping optional patches won’t hurt with the new system, although you may have ot install one odd patch later this month to speed up scans.

    • #32915


    • #32916

      Yikes. OK, I took comments from many of you and updated the MS-DEFCON 3 warning to tell people to untick KB 3193414 if they see it.

    • #32917


    • #32918

      If they aren’t checked, don’t check them. Chances are good they’ll come back at a later date with the check, but don’t try to second-guess Microsoft’s beta testing scheme. 🙂

    • #32919

      Thanks Woody.

    • #32920

      If Control Panel says it installed, then it installed. No need to second-guess it.

    • #32921

      Follow the general directions for MS-DEFCON 3. Much depends on if you consider yourself to be in Group A or Group B.

    • #32922

      Some people have kept it, but I don’t see any reason to. The registry entries that it manipulates aren’t being used any more, best I can tell.

    • #32923

      Every month – EVERY month – we see big patches for bugs in IE. Some of them are security holes, some are just garden-variety bugs.

    • #32924

      Microsoft says it’ll be working on rolling older patches into a cumulative update patch at some point in the future.

      I figure, if you’re going to go with Group A, might as well install the recommended ones now. For the optional ones… I wouldn’t worry about it.

    • #32925

      KB3161102 “removes” Windows Journal. If you never use Windows Journal, yes, install KB3161102.

    • #32926

      One of the Optionals KB3185278 is the September Rollup for Win 7 SP1 (60.2MB). So you are saying that MS will likely roll this into their October cumulative rollup next month and Group A people will absorb it at some point in time? At this time it isn’t listed as Important or Recommended and is listed as Optional and not checked along with the other Optionals (not checked) for .NET framework rollup and SFC Scan correction, etc. I agree with you I don’t want to be a beta tester for MS.

    • #32927

      I’ve gone ahead and done most of the security updates for September. However, while reviewing each of them I saw that kb31475024 lists 2 known issues. Really? Fix and f*&$#p ….
      Anyone have info on KB3175024? I’m not sure it’s even something I use.

      As updating goes, I was in group W with XP for a long time, and it worked out fine. I’m almost ready to eschew the whole update quagmire. Shove a bun…

    • #32928

      Leave it for longer. If you have another computer in the same network, I can tell you how to resolve it. Otherwise, just force shut down. It is the Trusted Installer, everything else is closed and you will not lose anything.

    • #32929

      Install only the Novosibirsk one which is the rollup for time zones. That one is a good one. Nothing else.

    • #32930

      It is more of a perception of not feeling right than IE being buggy. I support IE in Enterprise and I can tell you that IE is a good browser. But it require a lot of effort to make it behave, it is far more complex than it should be. I see it only too complex, not less secure than the other browsers.
      For the sake of simplicity and feeling well, just use Firefox. Or if you wish, use Chrome.

    • #32931

      sfc /scannow
      You may “install” this one for peace of mind.

    • #32932


    • #32933

      What? MSRT has always needed to be approved, whether via WSUS or directly on workstations (when set to manual installs).

    • #32934

      Right on!

    • #32935

      I’ve tried to find the relevant post but haven’t been able to. My question is I have 3 Update Rollups
      sitting in Optional………. July, August and now September……. is it important to install them and do I need to install all of them. Think I read somewhere that yes one needs to install each one if one is going to do so.
      Also think it was ch100 who made a comment that if an optional patch is not installed the first time round, and if it is changed by MS it’s offered as Recommended the next month. I am in Group B and know that you, Woody say don’t install anything which isn’t checked,
      and originally that’s what I have been doing, and of course the July Rollup had the dodgy Intel/bluetooth problem…. which I’m not sure is even fixed yet.
      My main reason for being in Group B is to stop the snooping and also to avoid dodgy patches.

      But in optional I have the 2 Windows Journal patches, the 3 rollups, SFC integrity one, Remove GWX, and Silverlight……… which I actually hid after I had uninstalled the Silverlight programme…….. and it re-appeared again.
      With regard to the GWX one…….. I’ve been using
      GWX Control Panel (Josh’s one) and believe this removed all the GWX junk from my machine….. so is installing the gwx patch anygood/worth it or is it going to put something else on my machine that would be suspicious ??
      What would be your take on these optional patches?
      Should they be avoided? Sorry to belabour the point…… but my head is beginning to spin!!
      Thanks again for all you do for us!!! LT

    • #32936

      I tend to avoid adding unnecessary updates. Do you recommend the monitor keyboard and mouse optional updates? Occasionally I have had to replug my usb mouse and keyboard when they have stopped working.
      I have cleaned out the problem/spying updates you advise against and have these left to consider. I am wondering about the cumulative updates especially.
      Reliability Rollup for Microsoft .NET Framework (KB3179930)

    • #32937

      Monitor, keyboard and mouse updates are all driver updates – and I emphatically do NOT recommend that you install the versions that Microsoft offers. If you have problems, work with the drivers from the folks who make the products.

      I avoid long lists of “bad” updates. Consider the amount of work it would take to vet any single list of updates – and who’s to say they’re bad? Badness is in the eye of the beholder. At this point, I strongly suggest you follow the instructions in the article and not worry about the rest.

    • #32938

      GWX is dead. You don’t need to keep running GWX Control Panel.

      As for the rest… I’ll stick to the instructions in the article. If you’re in Group B, only install security patches.

    • #32939

      I stand corrected. You’re right.

    • #32940

      If you don’t use NTLM or EMET (and you probably don’t), KB3175024 is fine.

    • #32941

      That’s precisely correct.

      Microsoft is (at this point) issuing their Win7/8.1 cumulative rollups as Optional/unchecked, waiting to see who’s gullible enough to manually check and install it, then seeing what breaks.

      That’s the new version of beta testing for Office.

    • #32942

      Woody, has anyone else reporting their updates not downloading or installing lately?

      On the 2nd of October I installed the definition updates to Windows Defender and the September 2016 Malicious Removal Tool.

      I only installed these 2 while I was trying to sort out which updates from security or optional I was gonna let install. After I have hidden the updates that had a chance to bork my OS, I was left with 6 updates to install. It won’t download them. It’s stuck at Downloading 0%.

      What the hell could they have messed up with the defender definitions or the malicious removal tool? Everything was fine before I installed these so I’m guessing they are the culprits.

    • #32943

      Did a couple of updates this am and all seems to be ok so far. Still have some outstanding ones. I would be in the Group B camp, not because of snooping but because of reliability. Also if have declined an update for a particular reason, and then it is in the roll up I didnt need to hide it in the first place??
      Also if MS sends an update that breaks something, then I dont know how to fix it. Woodys advice has been helpful to me in this matter. Wouldnt it be nice if MS changed their mind and kept updates for W7
      as it is. But sure the little people dont matter.

    • #32944

      Oops further to my last post. KB 3175024 was installed this am. Then lot of funny script on my Google homepage. Uninstalled and its gone. This is why I do individually so I know which one is at fault. Hope this help.

    • #32945


      I haven’t received ANY updates since Sept. 20th (Optionals), except for new definition updates. Should I try to do a scan to find out why? Usually everything just appears. Still do not have KB3177467. Nothing “new”.

      I thought that the MSRT was ALWAYS safe (????). I installed mine Sept. 16th.

      Where do I go from here?? This is going to be a “crazy time” the way it appears. Thanks for your help.

    • #32946

      Back again. Reinstalled KB 3175024 same funny things on google homepage. Decided to leave and see what happens. After two or three openings it seems as if all is ok. Sorry for the confusion. At the moment it is installed and home page seems ok. of course this might change again and if it does I will uninstall again.

    • #32947

      @LT It seems to be confirmed at this stage that many of the patches released initially as Optional are moved later into a different category. The declared purpose of telemetry is for Microsoft to do statistical monitoring of various counters in Windows and usage patterns and to determine where the product may be tuned.
      Please follow Woody’s instructions by not installing anything which is unchecked, unless you wish to become one of Microsoft’s unpaid beta testers for fun like some of us do.

    • #32948

      @Woody: Haven’t see any reference to the IE update from Sept. 13th (KB3185319)which had warnings that there were serious problems with it. Nothing subsequent to that warning. Is it still “unsafe” to install that one?

      Thought there would be new information on it by now??? (52.1 MB) It’s still sitting in the “Important Updates”. Need guidance on where this one stands, please?? Thank you.

    • #32949

      Did you switch to a Mac?

    • #32950

      I found KB3175024 problematic. As I do run EMET in my business, I followed the workaround recommendation in the documentation using group policy.

      Unfortunately KB3175024 just produces a black screen on our systems. The error code produced indicates that the user refused the update after the restart was requested. That actually means that the user had to reboot out of the black screen (as there is nothing else a user can do when this happens).

      The MS documentation is only partially correct.

      You have to uninstall EMET, then install KB3175024. I think the September rollup has the same issue with EMET. Re-install EMET after these updates are configured THEN apply the workaround.

    • #32951


      I just noticed a typo in your write-up regarding the bad MSE patch to avoid: it is KB3193414 and not KB3194314. I can imagine it is a nightmare to keep all these numbers straight – there seems to be no system at all.

      Anyway, thanks for keeping a watchful eye on this for us all. It is a great help indeed.


    • #32952

      Thanks! Yep, juggling these KB numbers gets interesting.

    • #32953


      Wotta mess….

    • #32954

      The acknowledged problems only occur if you use IE. As always, install the IE updates, but don’t actually use IE.

      Kinda weird, eh?

    • #32955


    • #32956

      MSRT is always safe.

      Sure, go ahead and manually scan for updates.

    • #32957

      @WOODY Just started Win 7 SP 1 Home Premium update to see what happens. Set the update to “check for updates but let me choose whether to download and install”. I hope that I ‘have all my ducks in a row’. You mentioned about foreign country updates and I would not like anything like that on my computer. Those update would boost my OS at all. Any suggestions? Probably going with Group B.

    • #32958

      Got a “no update available” Guess that MS doesn’t update us ‘mountain folk’ until last.

    • #32959

      “Then on the left, click Optional, and uncheck Silverlight and Skype, uncheck any drivers – see below – and uncheck any language packs.”

      Woody, I have two questions regarding that sentence:

      1st – I have one update for Silverlight (KB3182373) which is flagged as “important”, so according to you it should be installed, despite being an Silverlight update because it is in the Important tab, not on the Optional tab. Is this correct?

      2nd – On the Optional tab, every update is unchecked, so besides Silverlight and Skype, any other update under this tab should be checked and installed?

      Also, KB3161102, the Win Journal Zapper, should be installed as well?

    • #32960

      The “it just works” ideal can actually be accomplished with a tweaked, augmented Windows 8.1 or 7 system, and you can have a really smart and powerful desktop.

      Where the rubber meets the road the business world has not been stupid in hoisting [older versions of] Windows to the top. But unfortunately we now seem so far from that serious business focus with Windows 10 that people wonder out loud whether a productive day can only be had with a touchy feely Mac. It’s sad, really.



    • #32961

      “KB3161102 “removes” Windows Journal. If you never use Windows Journal, yes, install KB3161102.”

      Doesn’t it remove snipping tool as well?

    • #32962

      I will pose this question again:
      Do I need to install pending updates for my Win7 x64 system?

    • #32963

      @ch100: I do not have MSE, and when there are references to that, I cannot correlate it with my “just plain” Win 7 Home Premium, 64 bit. Thank you for all of the helpful information which you post here – – – Your hard work is most appreciated.

    • #32964

      Follow the instructions in the article. You must first decide if you want to be in Group A or Group B.

    • #32965

      You mean the Windows Snipping Tool? Nope, that isn’t part of Windows Journal.

    • #32966

      I assume you’re going with Group A.

      Unless you absolutely need to use Silverlight, you can uncheck Silverlight, even on the Important tab. Very few people need Silverlight – it’s mostly for companies that were bamboozled into developing their own Silverlight applications a decade ago.

      Under Optional, if it isn’t checked, don’t check it.

      And, if you don’t use Windows Journal, doesn’t hurt to kill it.

    • #32967

      Tough decision and, sad to say, it’s one you’ll have to come to based on how you feel about patching and Microsoft.

      The “foreign country updates” are mostly about time zone changes and occasionally adding a currency symbol. They’re almost always entirely optional, and not worth worrying about – unless we get hit with a big one like the Ruble debacle a year ago.


      I’ll warn you about baddies like that.

    • #32968

      Probably Group A yes… The patches available this month doesn’t seem that “malicious” so at least for this last month of “old style updating” I’ll be installing more than just security ones…

      Just to clarify, all of those updates under the Optional tab are unchecked, so I shouldn’t install any, right?

    • #32969

      I chose Group B and have installed everything you recommended but I still have a number of Updates to my Win7 x64 system.
      Should I install the Updates or just ignore them?

    • #32970

      Ignore them. If you’re in Group B, you only want clearly identified Security updates.

    • #32971

      That’s correct.

      If you followed the instructions and “Give me recommended updates the same way I receive important updates” is turned On, Windows Update will automatically check all of the updates that you need to install.

    • #32972

      Thanks, Woody, you always come through.

    • #32973

      As a tech specialist I would suggest that everyone take a full system image backup before next Tuesday’s updates are presented. That is whether you are a Woody-Update-Groupie or not.

      It is insurance against making the wrong decision and it will give you a fall back position if MS goes Super Nova between Oct 12,2016 and Jan 2020.

      Accept that MS really does not want you on W7/8. Home, Pro or Enterprise, MS is driving the bus.

      Three and one half years is an eternity to marketing folks so expect some unpleasant surprises. Not all Windows Update decisions are technical in nature.

    • #32974

      Noel, do your ProDigital Software eBooks “Configure The Windows 7/8 ‘To Work’ Options” tell those of us in Group W what we need to know to accomplish the “it just works” ideal?

    • #32975

      Just checked the Optional updates one by one and they all sound pretty vain really…

      There are four of them: KB3181988 (SFC fix), KB3184143 (Removal of W10 Nagware), KB3185278 (September Rollup) and KB3179930 (.NET Reliability Rollup).

      Not sure about the last one though… Even the .NET update is not useful?

    • #32976

      Depends on if you use .NET a lot. If it’s an unchecked optional patch, it ain’t that big a deal.

    • #32977

      Am I right in thinking that backup imaging is really dependent on having your hard drive partitioned so the OS can be backed up without having the whole drive cloned? Time-wise that would seem to be the case, but I wouldn’t be surprised if most “average” users – myself included – just had a single hard drive with no partitioning because that’s the way the “average” computer is supplied.

    • #32978

      That’s also what I recommend – even for advanced users – unless a separate partition is an absolute requirement for, e.g., dual booting.

    • #32979

      All plain sailing on one of my W7 x64 Home Edition home computers, but my other one gave me some issues that are now hopefully resolved satisfactorily. I always do them a couple of days apart so I always know one is working ok!

      I installed both the IE update and the speed-up one (3185911) ok, but although 3175024, 3177186, and 3184122 (eventually) downloaded and installed ok as a batch the computer stuck on configuring them before rebooting and after an hour rebooted to report they had all failed.

      I then managed to install each of them separately without delays or problems. I haven’t so far bothered with the time zone one (3182203) or the MSE engine update (3193414).

    • #32980

      Sorry Woody, but I’m not clear what it is you recommend. Not partitioning a hard drive? In that case can just the OS be backed up or does the whole drive have to be cloned?

    • #32981

      @Woody: Thank you so much for the “green light” on this. In the past I’ve always installed the IE update when you have given the MS-DEFCON3 clearance.

      Thank you so much for clarifying that. I agree “It is kinda weird”. Thank you once again!! 🙂

    • #32982

      I don’t like partitioned hard drives.

      A full disk backup is much cleaner.

    • #32983

      I found that using a smaller (<100 GB) partition for the C drive and the remainder of the disk as a data partition for D drive is more convenient if the disk is large enough.
      There is debate about the disk access speed which is reduced in such a setup as the controller has to access the same disk twice as much when accessing both partitions at the same time. It is all a matter of balance between performance and convenience.
      On the D drive I created another empty folder named Users with the same permissions like the one on the C drive.
      Under C:Users go to each system folder except for AppData and change the location under Properties for each, replacing C with D. Allow the system to create the new system folders (Documents, Music, Videos, Favorites, Contacts etc. – 11 in total or less according to preference) and move the files.
      It is supported if the whole profile is not moved and it uses built-in tools and there is no registry configuration required.
      Do not move the built-in Administrator, the one named Administrator. That one is better left alone where it is and that user only used strictly for Administrative tasks if it is enabled.
      The setup is suitable only for stand-alone machines and not suitable for domain joined machines where there are better solutions addressing the same issue, i.e Folder Redirection using Group Policy of the same folders on the network and maybe Offline Files. I have reservations about using Offline Files, but some people report success using it.
      It may be too complex for some, require a bit of practice to get it right, but it may be worth it, depending on individual requirements and preference.
      There is no right or wrong way, only be aware that added complexity require a bit of skill to keep it right and reliable.

    • #32984

      It is certainly cleaner, only that a 100 GB partition image is much easier to take if this procedure is used as regular routine before updates (I don’t do backups regularly, which is bad practice) and store that let’s say 1000 GB disk image.

    • #32985

      The .NET 4.5.x/4.6.x is a bundle of 2 rollups of the previous patches. No urgency in installing it, especially if it comes unchecked and Optional. It will become mainstream one day. There are still issues with the naming which are confusing and it may be reviewed again. It was already reviewed at least once since it was released.

    • #32986

      Mixing up OS apps and data is asking for trouble. The separation saved my derriere many a time. Yes, it is just a tad more tedious to backup, but not by much and separate recovery makes up for it.

    • #32987

      @ch100: Is this advice for Group A only, or applicable to both Groups A & B? Apologies for not fully understanding. Thank you.

    • #32988

      Still important and checked and no news from Microsoft yet. This is the odd one, as normally this sort of dubious release goes under Optional first.
      Better to avoid if KB3193414 is not installed yet.

    • #32989

      Alert! Guess what old uninvited guest appeared today? Our old nemesis KB2952664, the evil harbinger of GWX. On Win7-64 Pro it is shown as optional. Hidden again.

      If GWX is done, why do they need it? I suspect GWX_v2, but with less subterfuge or malware-like behaviors, will be offered to “rescue” worn-down Win7 and 8.1 owners from the MS-caused update and patching hell.

      If you think these ‘bad actor’ updates will be phased in forget it. Group A will get it on month 1.

    • #32990

      If your DNS server is not responding, this has nothing to do with Microsoft, but rather with your DNS provider.

    • #32991

      Thanks for the clarification Woody.

      To be honest, I’m sceptical about the wisdom of my backing things up, partly because I don’t have anything that needs backing up in terms of documentation or game saves etc, all that matters is either duplicated on another computer or saved in the cloud through e.g. Steam anyway. In that sense I suppose my twin computer/cloud approach (the computers are not linked but emails together with important documents go to both machines) is its own backup. What I can’t do is restore a machine (outside of System Restore) if one of the computers fails for any reason.

      The main reason for me to consider backups is this whole Windows Updates malarkey. However, with two computers to safeguard and about 2TB of data in all I wonder whether the time spent backing them up is worthwhile compared to the time spent in fixing the occasional hiccup, not least when a backup image is of no use whatsoever unless you check from time to time that restoring it actually works, and if there should be a test run when it doesn’t work then you’re screwed anyway!

      I’ve also looked at a couple of guides to running backup imaging software and found them mightily confusing to a simple retired soul such as myself :)!

      All that said, however, the forthcoming change to WU does give one food for thought so far as backing up is concerned.

    • #32992

      Thanks Woody and ch100.

      I just realized that I did not have the box checked next to “Give me recommended updates the same way I receive important updates.” Rerunning Windows Update with that box checked I noticed that KB2952664 appears under both the “Important” tab and the “Optional” tab of Windows Update. The brief description under the “Important” tab indicates the update was published on July 12, 2016 whereas under the “Optional” tab the stated publication is today. Clicking the “More information” button on either description takes the user to the same KB article dated July 12, 2016 revision 24.0.

      This seems odd.

    • #32993

      I just did this on Friday. I did a complete backup. I created an Easy transfer file. I re-loaded Windows 7 on my computer from an image I created at the beginning of the year (3 DVD +Rs). That image includes Windows and all its updates to that date plus MS office 2010 and all its updates and a few other stable programs (ones that rarely change).

      Then I did a full update of Windows and Office. Defrag, chkdsk, clean up.

      Then a system image that took up 3 +R DVDs. This is my image that will enable me to go back to Windows 7 pre the October update tragedy to come.

      Then of course, used the easy transfer to put everything back the way it was.

      Then I took out my backup computer and repeated the procedure but used the image from the main.

      I am all set with some nice insurance.

      Strongly recommended.

      Total time one long afternoon.

    • #32994

      Thanks a lot Woody!

      Just performed the updates, as you stated only the ones flagged as “inportant”… It all went fast and neat…

      Weird thing is thar after the updates were installed, I ran a manual check for updates and it found KB2952664, which you mentioned to be a snooping patch… Why did it come up only now?

    • #32995

      No idea, but don’t install it! 🙂

    • #32996

      Well… The sad part is that I already have it installed… Along with KB3150513…

      I just checked and they were both installed a long time ago, before I came across this lifesaving blog of yours… And I had no idea…

      Guess I’m being snooped… And the worst part is that Windows Update is so broken that I’m afraid of removing them both and screwing my system…

      And for the sake of knowledge I’ve searched KB2952664 and found it had a lot of new files since it’s original push, so it has been updated, can’t tell when or how many times, but it has been refurbished and could be probably been pushed once again as KB3172605 was this month… So people be aware!

    • #32997

      Haven’t gotten any updates EXCEPT: KB2952664 twice; 1st as Optional 4.7-4.8 MB (this morning) I hide it. Then at 4pm EDT I got this again (KB2952664) as recommended and I have now hidden it again. When to MS Windows site and this is an “update to upgrade windows 7”. Sounds like every body else is getting regular updating. Any ideas?

    • #32998

      I can confirm gwx lives.

    • #32999

      Very odd. Like you say, the KB article says it was last reviewed on July 12, and it stands at Revision 24. My article in March says it was at Revision 19.


      No idea why it’s being re-released. It isn’t on the Windows Update list. At least, not yet. But you can see several people have reported that it’s showing up again.

      My guess? Microsoft broke something with the july 12 release and decided to fix it. But I may just be overly suspicious.

    • #33000

      All valid concerns. If you don’t feel a need to back up, don’t! Mostly, a backup will help make it easier to restore things if the patches screw things up.

    • #33001

      It is a new release. Not revised in place, just newer release like the previous 20 something incarnations.

    • #33002

      KB2952664 (Win7) and KB2976978 (equivalent for Win8.1) are both back. Compatibility and telemetry. Will MS never give up!!!!

    • #33003

      Dear Woody,

      1. I have been searching for Win 10 version 1511 updates, and anything else that should have come down the MS Update line today for MS office or other, and nothing is showing up.

      It is past 6 PM EDST, or after 3PM Redmond time. Is something amiss?

      Should I be seeing some updates?

      2. Interestingly enough, for my win 10 version 1511 I had KB3150513 hidden, although it was showing up with Noel’s C tool, and the metered connection as being ready to download for several weeks. I find that it being hidden and ready to download a bit strange.

      When I turned off the metered connection last night, it downloaded even though it was still hidden–very weird.

      Thank you

    • #33004

      This is a great posting thread. A question for the experts who are on this thread. I have used older ‘cloning’ software, but it is obvious there is now better and easier to use software and routes. I admit in the past the scenario of the OS changing its behavior upon a reinstall was not considered. If this is not appropriate for this thread, I will understand.

      Do you use the Win7 tool “Create a System Image” or something like Acronis or Macrium Reflect, etc. to do a complete disk image?

      With 1TB disks so cheap, I was thinking of doing a clone of the Disk 0 my C: drive lives on. It is a 1TB WD HDD that is partitioned as C:, D:, and the System Reserved partition.

      C: is the standard Win OS and data; D: is a working directory for image and video manipulation, and to build archive sets for transfer to removable HDDs, but is not used for actual storage and is not critical to retain on the same physical disk as the OS/Boot.

      Will the “Create a System Image” copy the entire Disk 0 and all its partitions or just the C: partition? Is the System Reserved copied?

      Is it possible to just copy the C: and System Reserved to a smaller drive?

      An adjunct to this question is also to facilitate a migration to as 512GB SSD as the C: boot drive/system reserved.

      In the SSD scenario, I would have my data folders (libraries) on a separate HDD.


    • #33005

      I also got the kb2952664 4.7-4.8 mb (optional)also and hid it.

      Should we be concerned?

    • #33006

      I forgot to mention my computer is Windows 7 SP1 Home Premium, 64 bit Windows Server 2008 R2.
      I believe I will be Group B.
      I did download Canadian Tech’s update fix directions yesterday. kb3172605 and kb3020369.
      Hoping I won’t need the “magic” patch anymore.

    • #33007

      I don’t think so. Article in the morning. Observations most welcome!

    • #33008

      Any changes to the patch itself?

    • #33009

      Article in the morning. In short: I don’t have any idea what’s going on.

    • #33010

      It is also more far more convenient which is why Unix did it by defeat all the way back in System V. By having a separate system partition it means when it comes time to install a new OS it doesn’t have user data fragmented in with the OS thus the installer can just reformat / and install without disturbing user data.

      To me Windows putting moving user data to a second partition by default is just another way Windows is behind the times compared to Linux and BSD.

    • #33011

      I got KB2952664 also, and hit it again, and now I have two entries listed simulaneously. One is “Recommended 4.7 MB” and the other is “Optional 4.7 MB – 4.8 MB”

    • #33012

      Folks, could this be the solution to W10 mess?


      I very much doubt MS will let this be for long.

    • #33013

      As it’s an update to ease the upgrade of Windows then it seems to me that GWX Control Panel may very well still be needed!

    • #33014

      There is nothing other than KB2952664 as Optional. You should have 2 of those now. One Recommended and one Optional. Do not install any of them unless you plan to upgrade to Windows 10 🙂
      Try not to hide updates, to allow Windows Update to manage them when they are expired. It is bad practice to hide updates in the long term and useful only if you have Auto Updates, but nobody reading this site should have Auto Updates turned on.
      There are also Office Important Updates, unchecked too. Do not install until they get checked from the source.
      Note: I think the WU common behaviour for the last few months has been that the Office Updates coming first Patch Tuesday of the month are checked for Windows 10 and unchecked for all other OSes by default.

    • #33015

      They still hope that some people will upgrade in place to Windows 10 one day, some of those who reserved a copy during the first year and some who are new paying customers. For those users, KB2952664 is supposed to be useful in assessing the compatibility of the applications already installed. I think this patch acts more like a definition update for new compatibility issues discovered either by Microsoft testing directly or by snooping on people’s computers for potential problems.

    • #33016

      Yep, taking a whole disk image is the best insurance, before updating.

      Macrium Reflect Free has the most user friendly setup I have seen yet.

      It will make a recovery disk or USB stick based on the WinPE recovery environment that you can boot from to restore your entire hard disk to the state it was at the time the image was taken.

      Disk partitions are not an issue if you image the entire disk.

      External USB 1TB disks are cheap now, and can easily keep several copies of your entire hard drive for safekeeping and recovery from malware and rogue MS patches.

      This is so cheap and easy, it’s now a no-brainer way to avoid rebuilding your OS and apps, as well as your docs …

    • #33017

      I can’t update anymore. So i’m in group W. But anyway I have Vista so, in april 2017 patching will be dead

    • #33018

      I guess not. KB2952664 and KB2976978 have been revised on 10/3/2016. KB2952664 for Win7 SP1 is now at revision V20 and KB2976978 for Win8.1 is now at revision V18.

    • #33019

      So far, avoid & hide the “revised” KB2952664 update for Win7 SP1.

    • #33020

      KB3172605 was re-released on September 12, 2016 and contains the updated Windows Update Agent – version 7.6.7601.23453 that permanently resolves the long & slow WU scan problem AND does not depend on any “magical” & newest WIN32K.SYS updates.

    • #33021

      I think that’s right – and it makes me wonder why MS is more confident about installing Office patches on Win10 machines…

    • #33022

      Absolutely bizarre….

    • #33023

      The last Win7 version 1511 update came out on Sept 13. There’s a good chance you already have it installed.

      I don’t see any indication about a re-release of KB3150513. Maybe it somehow got unhidden?

    • #33024

      Because by definition those on Windows 10 are beta testers 😀

    • #33025

      There is a new version of KB2952664. I don’t follow Windows 8.* so I am not aware of the other patch.
      Article ID: 2952664 – Last Review: 10/04/2016 17:25:00 – Revision: 25.0
      There are recent files from September 9 and 12 in the patch.

    • #33026

      This is one of the “special” Enterprise versions getting only security updates. It is supposed to be released separately when a new major “feature upgrade” for CB and CBB is released. Edge is not working as far as I know and the first release LTSB 2015 was hardly functional compared to the other versions.
      You can obtain a more functional version by using one of the mainstream editions (Enterprise or Education preferred, but Pro is OK for most purposes) and removing all Universal Apps with PowerShell.

    • #33027

      Many thanks Woody and ch100….. your thoughts are v. much appreciated. Re Telemetry if that is all MS are harvesting …. it would be quite benign…… but I feel there’s more to it…….. and so Telemetry has become to me a ‘dirty’ word! I guess what you were quoting, ch100, was perhaps the ‘official’ line from MS. And as Woody has so often said…… if only MS would be more transparent about all this …. it might put these anxieties to rest.
      Although did read somewhere that the hesitation in communication is really about not letting on to the ‘hackers/scammers/etc.’ what exactly is behind MS’s motives.
      I’ve updated both our machines this afternoon with only the security patches and the timezone one. The optionals are still sitting there……… and I noticed that good old 2952664 has been added!
      So GWX Control Panel stays incase MS plans something in the future… LT

      To acquire knowledge, one must study,
      but to acquire wisdom, one must observe
      ~ marilyn vos Savant

    • #33028

      I meant to add also………. that yes I do NOT want to be one of MS’s Beta Testers!!! Lord forbid!
      Fun or no fun!! (tongue in cheek) LT

    • #33029

      Because Windows 10 do not have the ability of important/optional and checked/not checked
      any released updates including Office are already auto checked

    • #33030

      It appears to have new files.

    • #33031

      Uninstall in order:
      KB2952664 as many times as it is found. It may be more than once.

      KB3150513 was released at least twice, but I think the new one replaced the old one. Worth searching if any is still installed after uninstalling.

      You will be offered only KB2952664 after uninstalling them. Resist the temptation to hide as it is not useful and can only cause confusion to the user and to the Windows Update logic.

    • #33032

      Windows has a System Partition (the names are messed up as it is in fact a Boot Partition) while the one named Boot Partition – the C drive – is the true System Partition).
      We discuss here other partitions than those created for boot purpose, like UEFI partitions or manufacturer’s restore partition.

      For Windows purpose only and if not using the built-in encryption BitLocker, it is normal to install Windows in the old style without the separate boot partition. There is no advantage in having a separate partition with MBR except for being a condition to use BitLocker.

    • #33033

      Let’s not forget the real possibility of SSD’s getting damaged. This is my main concern in relation to loss of data and the danger is far bigger than with mechanical disks which are still recoverable to a certain extent even if they get mechanically damaged and the importance of data is worth the trouble.

    • #33034

      Each software is different and needs to be understood in detail when it comes to disk/partition imaging.
      There is no one fit all solution to your enquiries.
      In principle you should backup partitions and only rarely disks. Generally restoring disks involve identical size restore, while partitions restore allow more flexibility.

    • #33035

      I have only one entry, in “Optional” section, but in the dimension column I see:

      KB2952664 4,7 MB – 4,8 MB

      Which patch (wich dimension) will be installed?
      Oh, it’s bizarre, indeed!

    • #33036

      Thanks for asking, James.

      That is their intent, yes, though they’re not specific to group W. In fact, I need to do a some updating to the content (thanks for reminding me) as they don’t take into account Microsoft’s latest moves and still recommend applying updates. But pretty much all my Windows tweaks and suggestions for 3rd party software are in there. The reason I wrote them is that I needed to capture what it is we do here in my company to reliably and quickly get to an “it just works” state so as to be and stay productive.

      Hurricane Matthew is bearing down upon us, and I fear power failures are likely to break my long uptime trends, darn it. I have UPS power, but the batteries are necessarily limited and hours-long power outages will certainly mean shutting down the systems.


    • #33037

      No way of knowing.

    • #33038

      Yep. I see it now. The KB has been re-issued … 24 hours after the patch came out.

    • #33039

      Oh yes. Of course. Thanks.

    • #33040

      What has always bugged me is, why can’t the whole user folder be moved as a single entity, instead of Documents, Downloads, etc. separately? There are some (many, I think) programs that keep settings in that Users folder, but not in one of the movable locations, so they are stuck on C:. And what about AppData itself? Of all the things that I would want to move to another partition, that is at the top of the list. Is there a compelling reason for it to be where it is?

    • #33041

      Never thought about this. So does this mean that there is no option built in Windows 10 updater for patches to be throttled by Microsoft when they consider so?

    • #33042

      The final size depends on the components already on the system. It is likely that few components are shared with other patches which may or may not be already installed.
      This patch KB2952664 we have already reached almost consensus here that it serves no other purpose than to facilitate the upgrade to windows 10 and if you don’t have any intention to upgrade in the near future, it may be better to avoid it.

    • #33043

      On the instructions for download and install of the evaluation, it says after the 90-day period expires, if you haven’t activated, it “will shut down every hour.” I’m finding that hard to believe. Just a scarecrow? [Not a very good one if it is, since very few people bother to read the terms and conditions. A scarecrow in camouflage – that does sound like something MS would come up with.]

    • #33044

      It can be moved by manipulated the Registry. I used it for a while, but according to Microsoft there is big potential for trouble and it is not supported. One such instance is when you need to do an upgrade in repair mode.
      AppData is “special”. Everyone has an opinion about it. It contains application settings and not user data like the other system folders.
      If you want to read about user profiles in depth, read it here https://helgeklein.com/blog/
      Helge Klein is the author of the Citrix User Profile Manager software and is the absolute authority worldwide in this matter.
      Probably AppData can be moved locally though. It is all about a lot of traffic generated by software reading and writing in this folder and there are issues when this folder is redirected over the network.

    • #33045

      LTSB is a special version of Windows 10 for Enterprise users with security updates and NO feature upgrades.

      I have a copy of Windows 10 LTSB 2015 (Version 1507) installed on one of my computers just to see what it is. I occasionally boot into it to see if it still works and conduct tests. Otherwise I almost never use it on that computer as I usually boot Windows 7 Enterprise on that computer for use.

      But it is the version I will use if I am compelled to use Windows 10 in the future. (I hope not, haha.) No Cortana, no Windows Store, no Edge, no feature upgrades during support period (until 2025), suit me fine. This “hardly functional” version is the “best” version of Windows 10 IMHO.

      Hope for the best. Prepare for the worst.

    • #33046

      Did a manual Windows update this morning.
      New since yesterday…
      kb3177467 8.4 mb (released 9/20)Servicing stack update (optional)
      That was never offered to me on the 20th.

      I’m thinking maybe it was triggered by following Canadian Tech’s Update fix download of the kb3020369 (april 2015 stack update)on oct. 3.

      Should I be updating this kb?

    • #33047

      I’m not tech savy by any stretch of the imagination, and it took a little bit of time, but I did manage to find out what my Windows Update Agent version was and it is 7.6.7601.23453.
      Thanks for the info EP

    • #33048

      2 of my computers updated yesterday no problems but a 3rd one, windows7
      Is still downloading at 0% since yesterday afternoon. Funny thing the dates shown for patches are all Sept 13 but the last time the computer says it checked was 11Sept. This laptop is not turned on everyday. So what do it do to make it download the desired patches? And computer geek I am not so simplest is bestest. And for now I am in group B. Thank you.

    • #33049

      I assume it’s an unchecked, optional patch.

      If so, no, you should not check it.

    • #33050

      Only by Group Policy, using wushowhide – or turning your internet connection into a Metered Connection.


    • #33051

      Restart the machine – pull the plug if you have to – and try again.

    • #33052

      After using wushowhide during mid-Sept. on Win 10 Pro, I ran into this issue.

      Looked into Updates History and found the blocked updates were listed as Failed to Install in mid-Sept. when I did a run just for Flash Player ofr IE and Edge.

      I had to run the Microsoft tools and a batch file to reset Windows Update. Then restart with a full shutdown (temporarily disabled fast startup). The wushowhide and regular Windows Update checks then showed all the previously blocked updates. I unhid all relevant updates except the Anniversary Update, and turned off Metered Connection and let ‘er rip. It took forever due to a DNS Lookup issue, but eventually I got everything downloaded and installed.

      Safe for another month (phew!).

      Don’t know whether this helps in your case, but this happened to me on two PCs.

    • #33053

      “That may sound horrible, but realize that you’re being snooped upon all the time, with your search engine (except for duckduckgo and a handful of others), your email provider if you have a free account, your browser (opinions vary as to the extent of the snooping…”

      I know its difficult to prevent all snooping unless you live under a rock but you can limit it’s impact. I do use Firefox with duckduckgo and https everywhere from eff. I also got rid of my verizon email and found a great free email called protonmail. This email server was created by MIT students because of there concern over this:

      https://www.cnet.com/news/nsa-secretly-vacuumed-up-verizon-phone-records/ and http://www.zdnet.com/article/verizon-records-vacuumed-up-by-nsa-under-top-secret-patriot-act-order/

      For this email, you need to use a password to get to it and then a separate password that unencrypts the email. The encryption is not stored on their server so they could not unencrypt it if they wanted to. Plus Swiss laws no not allow governments to request the server information to be turned over like our laws do.

    • #33054

      What about GPT SSDs? These apparently have very different requirements and recommmendations for backup.

    • #33055

      Oh yeah here is the protonmail link https://protonmail.com/

    • #33056

      With 2TB of data, separating data from the OS may be a good idea. This makes the data capable of being backed up more frequently as new files are added and old ones are changed. Windows 8, 8.1 and 10 have File History which works well for many folks in this situation. You have continuous backup and except for a ransomware lockup, very little can happen which would result in non-recoverable data loss. And File History is reasonably easy to set up and use — it’s mostly set and forget, which is good for most folks.

      System Images are most useful for those of us who customize Windows and use a lot of tweaking utilities, or who generate very little new user data each month. Or like me, who dual-boot or use Virtual Machines. Not your average Windows 10 user (or even Windows 7 user).

      For everyone else, File History combined with knowing how to Reset or Reinstall Windows is a perfectly good alternative. It takes some time to let a Reset or a Reinstall go through, but with all your data safely segregated from an OS disaster and backed up automatically, you need not fear the Reset option.

      At least if you haven’t customized your Windows too much. Which most non-technical users won’t bother to do. Maybe you haven’t used all-defaults, but if you keep minimal notes of necessary or desired changes, you can get back up and running pretty quickly. And you will be sure your system is up to date and clean.

    • #33057

      Not to brag, and this isn’t the right solution for everyone, but I just did all my backups and all my updates and then did a new backup image for three PCs, using Macrium Reflect Free and a trio of external hard drives, in about the same time frame. As long as there are multiple copies in several locations, I figure the chances of everything becoming unusable are pretty slim.

      My Linux gets backed up just by running CloneZilla Live to an external drive, then copying the results to two other drives. All told, less than an hour of my time and effort. (But this is all Commmand Line and bootable medis, so one does have to learn the procedure once.)

    • #33058

      There are issues with internal Widnows Shortcuts, known technically as Symbolic Links or SymLinks. These are everywhere in Widnows, not just in Libraries. This is one of many sources of troubles with this older approach to data segregation. Most modern programs are also full of internal links which complicates things even further. File History also uses SymLinks.

    • #33059

      For SSDs, you can still do Partitions and Partition Backups. At least you can do so with Macrium Reflect Free, which is the one program I know pretty well. This program (and many others) is not bothered by UEFI or Windows Fast Startup or GTP/GUID disk structures. The program is fairly simpleto learn and is presented in a clear GUI format.

      My point is, yes, cloning works well in some situations, but partition imaging is reliable, fast and once learned, fairly automatic.

      I have both mechanical hard drives and an SSD which I back up each month or even more frequently if I’m making big system changes. The whole process per PC with SSD and fast internal hardware (and SuperSpeed USB 3 ports) can take as little as ten minutes. Including verifying the image created on the external drive.

      For data only, File History is even easier and quicker — in fact, it’s almost continuous.

      These are not the only solutions, and they don’t cover every possible situation. But I cringe to read thatsome people are over-thinking something which can for most folks be so simple and automatic as image backups and File History.

    • #33060

      Plus-One for Macrium Reflect Free. WinPE is defintiely the way to go, although there is also a simple Restore Envrionment which is the Linux version and boots and runs faster. Both options are included once you do the large donwload for the initial WinPE setup. There’s even a Boot Menu option for use when Windows can start up but you can’t get beyond the Splash Screens.

    • #33061

      As the Typo King, I hate to do this, but I think you mean Windows 10, version 1511.

      I am not sure that wushowhide when used for a prolonged period, might not be messing with the Windows Updates mechanism in Windows 10. Particularly the Update History and logs. My own experiences are incomplete in this area.

      And with the Carboni (wushowhide) method, it is possible to get updates tagged as Failed To Install because they were not downloaded but were found to be available in the Windows 10 Updater. Sometimes stuff like this can get Windows Updates confused, and then the Windows Update mechanism may have to be reset, for which purpose there are batch files posted online which work well in most cases.

      The idea is to clear the Updates History and Updates Logs of these Failed To Install and other possible errors which may be blocking the display of new available updates.

      The other symptom of an issue of this sort would be that updates supposedly previously installed are offered again. I’ve also had that happen.

      Wushowhide may not be solely responsible for this situation. But it wouldn’t hurt to do a Windows Updates Troubleshooter diagnostic is this is a persistent problem as it became for me.

      Then if needed, reset Windows Update.

    • #33062

      Oh, and then there was my experience of a Sept 2016 Win 10 update interacting with my ISP’s DNS Lookup Service and blocking all of Microsoft’s Domain pages and URLs. I still don’t understand what happened there. I simply switched DNS servers to OpenDNS and the problem cleared up, and updates were available again. Weird!

    • #33063

      Tee-Hee! 😉

    • #33064

      Absolutely agree with ch100. And even with mechanical disks (or any backup media), I personally always assume that when I actually need the most recent backup it will be turn out to be unreadable, so I need another earlier (but still recent) backup on another separate spindle. “The importance of data is worth the trouble” — yes.

    • #33065

      Just watch for gaps in Linux hardware and software coverage. Bluetooth and Miracast (or any screen mirroring devices) are among the things which won’t work well for many folks in Linux.

      That said, I do 80 percent of my non-media work in Linux. On an Intel NUC, no less!

    • #33066

      The Sept 2016 updates took a long while to install after restart was initiated on all three of my PCs. This is not cause for alarm. It can take up to 20 to 30 minutes on some systems before you can use Windows again. Patience!

    • #33067

      Education is OK GPOL works and you can set Telemetry to security only with a combination of settings & GPOL apparently less intrusive than “basic” in privacy settings. Best of all no Cortana, you actually get a full task bar back again. So far so good apps dont seem to crash and are stable, although a bit of a pain to network a printer (it wont look for a driver you have to go find one) Probably the only thing to put folks off is the Edu. title.

    • #33068

      Not sure why, but switching my DNS server from the default used by AT&T U-Verse to OpenDNS unblocked the Domain. Something seems very phishy about this, but I can’t put my finger on its exact cause. Could AT&T be violating security protocols required by the Sept MS Updates patches?

    • #33069

      AVG, which I disabled and the problem persisted.

      Switching DNS servers form AT&T Default to OpenDNS cleared up the problem. I don’t have further details, as I’m not really all that technical.

    • #33070

      I lied about no further details. Linux can reach the MS Domain without changing DNS servers. Curiouser and curiouser…

    • #33071

      So I concluded.

      But the way the patches figure in is that the DNS seems to have a problem wiht Microsoft Sites which did not exist before the patches were installed. I should not have posted that this might be a bad patch on Micorsoft’s part (although that remians a possibility).

      It is becoming evident that the fault is indeed with AT&T’s Default DNS servers. OpenDNS works just fine on these machines.

      I stand corrected.

    • #33072


      I don’t have time now to check all the comments that have already been posted for your post (this post).

      I read the part about Group B, which I intend to adopt and felt that important info was left out of your post. That is, the “settings” one should set for the Group B folks going forward. How should the B’s set the Windows Update settings? I think my current settings are good for a Group B person.


    • #33073


      Since KB3182203 is NOT shown as a “Security Update” in the regular Update List, is this one which shouldn’t be DL & installed? It’s the one for Novosibirsk time change.

      Also I cannot locate the Canadian Tech’s post relevant to “DL speed up issues”. Could you please post a link?

      Your guidance would be most appreciated. Thank you.

    • #33074

      If you’re in Group A, install 3182203. If you’re in Group B, don’t.

      There’s a link to the krelay.de Win7 speedup post in the upper right corner of this page.

    • #33075

      Settings for Group A and Group B are identical to the settings I’ve long recommended: Auto Update set to “Check but don’t install” or “Never check.” See the Automatic Update tab at the top of this page.

      Those in Group A may want to check “Give me recommended updates the same way I receive important updates.” but that isn’t really necessary in advance. And it also isn’t clear exactly how Windows Update will interpret everything starting next week.

    • #33076


      Thank you, that is what I felt needed saying for those like myself who is not very into the internals. I hadn’t read all of your post so I missed that you had put into the Group A’s instructions the basic settings which will give the user what is needed. The Group B needed that same thing in their instructions.

    • #33077


      Looking at Group B here too, same OS as you have.

      I FINALLY located a link to the Canadian Tech’s directions. Did you turn off the Windows Update before you installed the KB3162605? I already have the KB3020369 installed.

      Also does this maneuver take the place of Dalai’s last “Magic Patch” directions? Thank you for any information you may be able to provide.

    • #33078

      @Woody: Thank you very much for the advice on KB3182203. I shall proceed accordingly. I am a potential Group B (Win 7, Home Prem, 64 bit).

      I already had a link to Dalai’s site, however I was wondering about the Canadian Tech’s advice, as I see there are a few who are following that.

      I did finally find Canadian Tech’s advice, however I am WONDERING if that will take the place of Dalai’s last “Magic Patch”. I have the current update patch which was provided by Dalia however it appears that this last Magic Update patch is only valid until ***October 11th***.

      Does this mean that we should use Canadian Tech’s advice now and install KB3172605? This is the new “Optional” one that is not checked, and IS italicized. Don’t know which way to “jump” at this point in time.

      Thank you once again for your help.

    • #33079

      Any chance it’s okay to wait till patch tuesday and get September’s updates along with October’s?

    • #33080

      Easier to patch when there’s only one set of patches to worry about. If you want to go through and meticulously sort them out you can, but at this point I don’t see any benefit to it.

    • #33081

      If it’s italicized and not checked, it’s a “recommended” update. Whether you install it or not depends on whether you’re in Group A or Group B.

    • #33082

      Thank you, I’ll have a look as I am indeed curious. I know I understand very little about the complexities of managing large-scale systems, but on a single isolated PC for personal use it seems that there should be an option. Well, as you suggested, the option is there, it’s just not documented or supported.
      I guess my opinion of AppData is that it is, unfortunately, a place for anything and everything. I can understand wanting temporary data such as various caches and histories to be hidden away, but actual settings that are meant to persist belong in the category of user data. The problem is that most programs don’t distinguish between the two and stick everything in there (or just as bad – in the Registry) and if I want to back up program settings, I have to go through program by program and find out where each keeps them, some may have an intelligent way of exporting them, others don’t – it’s a lot of trouble for something that could have been very simple.

    • #33083

      You have Silverlight under Important because it is a Security patch to the previously installed Silverlight product.
      Best option, uninstall Silverlight and you will not need any future patch to it.
      Your second best option, only if you need Silverlight, install all updates to Silverlight as they are like Flash patches, trying to fix design flaws on the go by patching often.

    • #33084

      I’m googling the cumulative update (win764) KB3185319 and it looks a bit problematic –

      go ahead or delay?

    • #33085

      Unless you need to get at .URL shortcuts, I’d say go ahead and install it, especially if you’ve installed Chrome or Firefox and use it as your default browser.

      Another example of how IE is tied inextricably into Windows.

    • #33086

      Do we know what the KB number of the windows update agent version 7.6.7601.23453 that resolved the speed issue in WU scan. I would like to install it without the rest of the KB3172605 update.

    • #33087

      I followed the directions exactly as posted.
      Yes, I did turn off the Windows Update first.

    • #33088

      Correct, it was an unchecked optional patch.
      Will add it to my hidden list.
      FYI, the only updates I have done in almost 2 years were only the “critical” patches.
      The exception lately are the “magic” patches needed to speed up the update, and just recently the Canadian tech patches.
      My hidden list is quite lengthy!!
      Thanks Woody!

    • #33089

      I installed the kb3185319 (win7 64bit) IE11 cumulative update, after installing the magic patch, on the 18th of Sept.
      I do use IE 11 as my browser. (gulp)

      Never have had any issues with it with the exception of the “back” button on occasion.

      (runs and hides)

    • #33090

      Has there been even a hint of news about the refurbishing of the update catalog? I know my tinfoil hat will be showing with my next thought but, is it too far out in left field to imagine M$ dragging their feet simply because people don’t want their shiny new system? I know I’m probably completely wrong, but with the stories that come out almost daily about the way tech companies operate nowadays, nothing would really surprise me anymore.

    • #33091


      If I uninstall them isn’t there a chance of some Windows Update havoc? I mean, causing me more troubles than they being installed?

      I have hidden this new pushed version of KB2952664, should I restore it?

    • #33092
    • #33093

      @Woody: Thank you for the information, however I don’t know what the difference would be between Group A and Group B, as referenced in Canadian Tech’s directions.

      I would be Group B, and would like to ensure that I’m doing this correctly.

      Following your Group B directions (as posted on October 3rd) appears to be very clear, however I don’t know what relationship it has to Canadian Tech’s directions about installing a “forever Patch” which will supposedly be the “one” which will fix the problems with the “slower than slow” updates permanently (?).

      The only question which I would like to verify is: 1. Start Windows: Change the setting to NEVER Check for Updates. Close Win Update Window. “Some members recommend you return the setting to whatever it was you used before the operation, after you complete Windows Update”. This would be AFTER the manual DL, stopping Win Update, and then installing (?). I’m only referring to the 1 update (KB3172605).

      I’m rather insecure about “trying” this maneuver however, if I don’t try it, there may be the problem of having the “never-ending search” for updates once again.

      Have you recommended that most users, utilize the Canadian Tech’s information, or is there a REMOTE chance that we’ve seen the end of the “never-ending search for updates” at last?

      Probably a foolish question, however, if I could avoid anymore problems I would be in “7th Heaven”. Thank you once again for your help. I don’t now how you keep up with it all. You are amazing, and appreciated by all of us! 🙂

    • #33094

      well i had this link kicking around for a while i wasnt going to post it as it contians a lot of blurb basically lots info about what the average user can already figure out and tinkering with the resistry which i dont advocate really. you probably have this ch100 but it may be of use to some folks.


    • #33095

      No idea if we’ve seen the end of the looooong Win7 update scans.

      Yep, you can set Automatic Update to Never check for updates.

      I’ll have a much more thorough report in InfoWorld, probably early next week.

    • #33096

      No more issues, only less. Guaranteed. Unless you intend to upgrade to Windows 10 in less than 1 week 🙂

    • #33097

      Yes, both URLs have been posted here few times before and are very useful.

    • #33098

      @dgreen: Thank you for the information!

      I noted another posting about KB3177467 which you received after you did the manual installs yesterday.

      My “Security System” shows this update is “there” (and has been for a while), however I can also note that it won’t show up in the updates until I use Canadian Tech’s Update fix.

      Very interesting!! I only have ONE “Security System”, a hard-wired firewall, and use the MSRT & Definition Updates.

      Thank you again for sharing your information.

    • #33099

      True Group A should not have any issue.
      I expect that true Group B should not have issues, as the speedup patches are all Security patches affecting supersedence and the other relevant one for Windows Update agent KB3138612 is an Important Update.
      The better agent included in KB3172605 is not part of Group B style of patching as at the time of this post, before October 2016 patches. I still believe that KB3138612 is good enough for most purposes, but time will tell. We may find KB3172605 being promoted as Important and then the issue is completely sorted.
      Be aware, if installing KB3172605 as non-important and not all other Recommended patches at least, then you are doing random selection.
      Those who selectively install patches based on their own criteria can expect any kind of scanning behaviour, from ideally short to the very long ones.

    • #33100

      Appreciate the insight guys, was ferreting around because of the curious way KB2952664 popped up straight after install of those I chose. Forewarned etc…

    • #33101



      Have not been able to update Windows Update since May 2016 on my homebuilt machine. Is first time I had troubles with this machine in 8 years.

      Took a couple of tries and playing around, eventually got it to work—64-bit, 1st selection. 70 updates!


      Where do I send a check?

    • #33102


      the 25th of September managed to fix the 0% download/installing stuck issue (with the german site fix) and added all office patches.

      Now I started the update process for windows itself, and it’s back to 0% stuck 🙁

      Did they mess things again in the past few days ?
      And what to do this time ?
      (ah right. Win7 x64)

      The only weird thing I see in the wua.log is

      2016-10-05 19:11:42:753 472 4e78 PT +++++++++++ PT: Synchronizing extended update info +++++++++++
      2016-10-05 19:11:42:753 472 4e78 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx
      2016-10-05 19:11:43:008 472 4e78 DtaStor WARNING: Attempted to add URL http://download.windowsupdate.com/d/msdownload/update/software/updt/2016/09/windows6.1-kb2952664-v20-x64_4cffa82658159f45e9ad7904bd930d22805bc2fa.msu for file TP+oJlgVn0XprXkEvZMNIoBbwvo= when file has not been previously added to the datastore
      2016-10-05 19:11:43:008 472 4e78 DtaStor WARNING: Attempted to add URL http://download.windowsupdate.com/d/msdownload/update/others/2016/10/22576251_281e15ba0173ff1c8729a05a5c3a6e298eb90b1e.cab for file KB4VugFz/xyHKaBaXDpuKY65Cx4= when file has not been previously added to the datastore
      2016-10-06 00:25:25:508 472 61a8 AU Getting featured update notifications. fIncludeDismissed = true
      2016-10-06 00:25:25:509 472 61a8 AU No featured updates available.

    • #33103

      Did you install KB3185911?

    • #33104


    • #33105

      yep, that was part of the fix to my issue,
      alongside with KB3138612
      Installed both the 23rd of september, and fixed the whole issue.

      Updated office the 25th

      Logs show a regular check for updates up to the 4th, then those 2 warnings the 5th

    • #33106

      Reset your Windows Update by deleting/renaming SoftwareDistribution folder. You will find the procedure posted by me and other posters few times on this site or on Google. It is documented by Microsoft while saying that “it is not recommended for home users”. Just go ahead and do it.
      I suspect you used the procedure of hiding patches in the past and this is what is causing major problems now.
      Follow to the letter what is on this site (which you say that you have already done) http://wu.krelay.de/en/ and after that follow Canadian Tech procedure http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c?auth=1

      You should not have any problems after that.

    • #33107

      I tried rebooting several times and it will still not update or check for new updates. It just sits there giving message Downloading Updated at 0%.
      What next? Thank you.

    • #33108

      Sorry forgot to ask isn’t there a special patch this month to fix the slowness and how do I get it if nothing will download? Is there a direct link to this particular patch?

    • #33109

      Have a very long story here about the AU but, will make it short. Somehow it installed on my machine by itself. I had the original Windows 10 and PC had been perfect since Mid June when I had my Best Buy Geek Squad install it. Since this AU installed the only problem I have is with Skype freezing on me and chat messaging coming and going late. sometimes have to wait 20 minutes for a reply. Took back to the Best Buy store Geek Squad and there they find nothing wrong with the AU install or Skype. In fact they rolled back to the orignal Win 10 and reinstalled the AU as they suggested I might as well as it will soon be shoved down my throat anyhow and it may be worse. I actuall went to the store one night and used my PC there at the store and chatted with someone and never froze once there in about 45 minutes and messaging is perfect. Took it home and hooked up and the same problem. I have cable ethernet. My Bitdefender keeps my PC squeaky clean plus the Geek squad does an optimization fire before they fix anything and again squeaky clean Pc. I have searched Skype and they don’t even mention a freezing problem. Went to community forum and sent them my results from the Run box for dxdiag.exe and haven’t heard yet about that. I can go on and on about what I have tried from googling web sites and fixes and most are old. Geek Squad says they find no problems with Skype by a method they use. Of course at their store their internet hookup etc is better than the avg person. I called my internet provider I have no cable or connection problem there and my modem is brand new. Any suggestions here about the AU messing up my Skype possibly. Sorry for the long.

      don't know what a signature is?

    • #33110

      Skype bugs are something I’ve never tried to explore. Anybody out there have some experience with freezing?

    • #33111

      See ch100’s comprehensive answer to mazzinia….

    • #33112

      In the 3 or 4 years since installing the OS I have indeed hidden some updates ( in total less than 10 ).
      Dunno, I’m a masochist and would prefer to avoid nuking the distribution folder… call it an engineer flaw. 😛

    • #33113

      Skype, globally, has some weirdness in the past months.
      Has happened that some had delays / spinning circles in different countries.

      But this description is a bit more peculiar… the differences btw the shop and the home connection are the provider and the router.
      If we assume the provider has no direct involvment, maybe is the router that for some weird reason needs to have some ports opened.


      “When you install Skype, a port above 1024 is chosen at random as the port for incoming connections. You can configure Skype to use a different port for incoming connections if you wish, but if you do, you must open the alternative port manually.”

      just an idea, anyway

    • #33114

      Well, I went and finally contacted Skype and got a guy to come on and he uninstalled the newest version and installed a different one and so far no freezing. Still having a bit of messaging problems but nearly as bad. So, as good as we can get for now. Still accepting any ideas. Pat

      don't know what a signature is?

    • #33115

      Since becoming aware of Microsoft’s Get Windows 10 drive and this website, I have generally been installing only critical and important updates for Windows 7 after Woody goes to MS-DEFCON 3. After installing updates a few days ago I very quickly skimmed the KBs for each of the twenty-five Windows updates that are still available to install. Three of these updates, KB3172605 for July, KB3179573 for August, and KB3185278 for September are titled “[Month Year] update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.”

      If these monthly updates are truly rollups of all of the respective month’s updates why do we also get additional individual updates? Also, were there any similar rollup updates prior to July 2016?


    • #33116


      3 hours after I cancelled the updating (that was stuck), I noticed a “new updates available” notice.


      it seems that
      1) 4 or 5 downloads were not cancelled and whenever a check for new updates on the ms server completed ( my guess ), they started to kick in.
      Now they are to be installed on shutdown

      2) a new, october 4th optional update appeared : kb2952664

    • #33117
    • #33118

      As far as I can tell, the monthly “update rollups” started appearing in July, as part of a test for the new method of updating Win7/8.1. More about that in an InfoWorld article that should appear shortly.

      They are NOT cumulative updates.

      We get additional individual updates because Microsoft hasn’t ironed out all the problems with its new patch delivery method.

    • #33119

      There’s a very good roundup of chat apps here:


      I use Line, or Facetime when the other person has an iPhone or iPad. And I find myself using Facebook chat more than I would like. None of them have the problems that Skype’s showing.

    • #33120

      Thank you Woody & ch100, I finally got updates following the Canadian Tech directions in ch100’s message. After doing the Canadian Tech instructions I did updates in 15 minutes!!! ch100 indicated that hidden patches may have added to the problem, and I have found5 hidden patches: office kb2791057, win7 security updates 2984972, 3076895, 3080446, 3093513. Should I unhide these and NOT install them? Would win update take them away if they are not needed? or do I leave them hidden? Thanks again.

    • #33121

      So I plan on doing a fresh install of Windows this patch Tuesday on a spare hard drive to test out the new patches before deploying them on my main installation.

      Since updates are going cumulative will all the current patches for Windows 7 & 8.1 be rolled into one update from the get-go or will they gradually be incorporated into the cumulative updates?

      I Haven’t been able to work that out. Can you clarify for me Woody? Just so you know I plan to do a clean install of Windows 7 SP1 in trial mode. I usually install updates right away but I think if the cumulative updates do become a problem I’ll start following your MS-DEFCON System. Thanks.

    • #33122

      I am not usually in favour of resetting the SoftwareDistribution folder which is only a cache, but in many cases users attract WU failure on themselves by claiming to know better than Microsoft by hiding updates, while at the same time insisting to use a Microsoft product.
      All the recent workarounds with speed up patches should really be useful only for new installations and not for Windows 7 installed many years ago.

    • #33123

      You’re going to have a mess of patches to install – the cumulative updating for Win7 is only a gleam in someone’s eye at this point.

      There’s an extensive discussion on using the “convenience rollup” here:


    • #33124

      WhatsApp seems to become very popular, needs to be associated with a phone number though.

    • #33125

      … and because there are few more days until the self-imposed deadline by Microsoft.
      It is still early and end-users are treated as beta testers for now (and the foreseeable future).

    • #33126

      Thanks a lot ch100!

      So, if uninstalled, KB2952664 should not be hidden? Should I just leave it there?

    • #33127

      I re-read some information from aboddi in few places and it appears that the Convenience Update has pre-requisites which are not made clear in the documentation. The big rollup patches Feature Pack like products which are already installed. Some of them are the Platform Update, RDP8/8.1 and few other.
      So the Convenience Update is not a fix for everything, although it may be useful if used as intended.
      For now, I think the most reliable way of patching is still installing the patches as they were released on Windows Update, with few tweaks to “grease the wheels”, like Dalai’s method and/or Canadian Tech’s method.

    • #33128

      yes, except that the Agent that microsoft pushes automatically (and checks daily versus) is 7.6.7600.320, and it’s 2 or 3 versions older than the agents linked on the german site.
      Moreover elsewhere is mentioned that that very agent, 7.6.7600.320 , has issues.
      This to say that sometimes Microsoft doesn’t know better.

    • #33129

      Woody: I came across some interesting information regarding the prerequisite updates that must be installed on Windows 7 and Windows 8.1 systems in order to bring those systems up to Microsoft’s “baseline”, i.e. to make those systems eligible to receive updates under Microsoft’s new updating protocol which goes into effect in October 2016. I think you and your readers might be interested in the following excerpt from Nathan Mercer’s August 15, 2016 article on the Microsoft TechNet website. The link is:


      In Mercer’s September 20, 2016 (10:06 am) reply to a commenter, Mercer says: “Systems need to be at Windows 7 Service Pack 1, or November 2014 update for Windows 8.1. We don’t expect to have any other prerequisite right now.”

      For those of us (like me) who are running Windows 8.1, I believe the “November 2014 update” that Mercer refers to is the dreaded, highly problematic, massive (over 700 MB), November 2014 Update Rollup KB 3000850. The most current Microsoft online support page that I could find for KB 3000850 lists multiple known issues and complex workarounds for this update (the support page itself was last revised on July 17, 2015 — that’s right, 2015 — and is up to revision 14). Do you have any reaction to and/or suggestions regarding the above?

    • #33130

      This is purely a test installation to see if the new patches are stable. It will be wiped. But I was was asking about how the announcement for the changes to Windows 7/8.1 updates. https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/

      Nathan Mercer says “We are planning to add these previously shipped patches over the next year and will document each addition so IT admins know which KBs have been included each month.” making it sound like current patches would be rolled into the monthly updates over time. But his replies in the comments say individual patches will no longer be available after October.

      So will ALL the current patches no longer be available after October or will the current 230 some patches still be available until they’re rolled up into the monthly updates? That’s what I was wondering.

      I did try the continence rollup once. It didn’t work. Since it uses ActiveX and IE is a piece of crap it wouldn’t download. Although I did discover a combo of patches that work wonders for Windows 7 updates on a clean install in terms of the scan time. I forget which ones at the moment. When I find out I will reply to this comment.

      So I hope this clarifies what I was asking. Thanks again.

    • #33131

      In short, Nathan’s planning on adding all of those 230 patches to the rollup, but it isn’t going to happen any time soon. The patches will continue to be available, I think, forever – although Nathan didn’t explicitly say that.

      Wait for my Patchocalypse article – should be up on InfoWorld shortly. If you have questions, yell!

    • #33132

      You’re right on both counts. Microsoft won’t install anything on original Win 8.1 machines. You have to have “Update 1” – since renamed to “Update,” and now largely not mentioned in casual conversation. That’s 3000850.


      I haven’t heard of any recent problems installing it.

    • #33133


    • #33134

      ‘O’, I am ‘positive’ Microsoft is up to something… something nefarious.

      I knew it the moment W10 was offered as ‘free’.

      Seriously? ‘Free’ does not exist.

      If you use MS products, you are paying, do not doubt it.

    • #33135

      Thanks again Woody.

      Also I checked and the patches I manually install on a clean install of Windows 7 are


      I install these at the same time as my programs and drivers without any other patches installed. Maybe you’ve seen this combo before. If not just thought I’d throw them out there. So if you’re doing a clean 7 install these will work wonders. Might help someone else out there.

    • #33136

      May 2016 rollup was the Convenience Rollup KB3125574
      June 2016 rollup was replaced by July’s rollup, thus not needed

      they announced in May that they will release monthly rollup for the non-security fixes, not all fixes

    • #33137

      BTW, they finally decided to include IE11 patch within the Monthly rollup and Security-Only update

    • #33138

      @Woody: I intended to ask this question long before now.

      Is it “necessary” to set up the Group (B) BEFORE I install the few updates which I have?

      I don’t think it should make a difference, however I “definitely” do not know for certain and I need to get started setting up my Group B requirements as you have set them forth.

      Apologies for not asking this question sooner. As soon as I get the Group B set up as directed, I will then try Canadian Tech’s directions for the new “forever UD Patch”. Thank you, as always, for your invaluable help. 🙂 🙂

    • #33139

      No, not pre-requisites 🙂
      Convenience Rollup include the indiviual updates components for those Feature Packs, but not the packs themselves

      and in order for the CR to install these components, those Feature Packs needs to already installed before CR

      so, if you want or choose to install any of those Feature Packs, install them first
      this is the recommended way for getting full use of CR

    • #33140

      I hope you don’t run Windows 8.1 without KB3000850 in October 2016. If you have problems with it today, then you should fix your system.

    • #33141

      KB3000850 is the so-called “Update 3”, although Update 2 was largely unnoticed and not required with KB3000850 installed.
      Update 1 (Service Pack 1) was April 2014 KB2919355 and is required for about everything.
      KB3000850 is like what we are likely to see starting this month.

    • #33142

      +1 🙂

    • #33143

      YIKES! You’re right. I forgot about Update 3….

      Yes, KB 2919355 is required for all Win 8.1 machines.

    • #33144

      Nope. Group B is a state of mind.

      I’ll have detailed instructions in InfoWorld soon. For now, don’t sweat it.

    • #33145

      Interesting. I hadn’t seen that. I wonder what will come out the chute next Tuesday…

    • #33146

      If you got that information from WindowsUpdate.log, I agree with you. However I believe that there is something hard-coded at some level in WU which makes reference to 7.6.7600.320. If you have a later agent installed, known good ones are primarily 7.6.7601.23453 from KB3172605 and the previous one coming with the Important patch KB3138612, then 7.6.7600.320 is likely referred to as a placeholder, but in fact the good agent version is used. This is my understanding and experience at least.
      7.6.7600.320 has major issues by itself and is primarily responsible for high CPU/high RAM consumption and an inefficient supersedence calculation algorithm.
      What I actually said was that for those regularly updating at least with all Important patches month by month, they should not have encountered any issues. All means all (Important or Important + Recommended, so called Group B vs Group A). Selective installation does not count.

      I want to clarify something here because it comes into discussion often. I have been following Woody regularly since August 2014, when we started having a lot of bad patches until the end of 2014. Some people here argue that some patches had problems at their time of release, KB3020369 is one good example, and they have not installed them based on a certain article written by Woody warning that there are ongoing issues immediately after release. We are now after 18 months and they still haven’t installed. This is not acceptable because Woody has changed regularly his recommendations every month saying install, install with reservations etc. This is what I call arbitrary selective updating. It is normal that those users experience problems blaming anyone else other than themselves, which made Microsoft take action and enforce mandatory updating, affecting everyone else now.

      For those doing new builds, you are right, Microsoft does not know better because primarily of 7.6.7600.320 which was good enough for a while, but it proved inefficient when too many patches were released, while the exact timing was largely dependent on each end-user computer specification.

    • #33147

      Hmmm, more surprises coming…
      Will we end up with a Windows 10 like updating mechanism?
      Office and .NET 4 patches cannot be included there because they are not part of CBS, neither silverlight, Skype, MSE, but .NET 3.5.1 and everything else can be.

    • #33148

      The Convenience Rollup is not on Windows Update, possible because of the known bugs which you may be the first who noticed and made public. It is in this matter somehow non-typical and I would not include it in the regular patching schedule. Unless it comes on Windows Update. Microsoft Update Catalog is a specialised tool and not recommended for the wider population. But this may be the exception confirming the rule, in which case you are right to include the Convenience Update in the regular patches.

    • #33149

      This is what was meant, maybe the wording that I used was inaccurate strictly speaking.
      Pre-requisite means that you cannot install without the pre-requisite being installed first. It is not the case here, but it installs incompletely nevertheless.

      Susan Bradley is a fan of installing the Convenience Update without taking in consideration the “Feature Packs”.

      Are you in favour of installing the Convenience Pack if the Platform Update and all the other relevant bits are installed first? I think the Convenience Update is offered later again to complete the installation if one of the other components are installed post Convenience Update.

      I am asking because I am undecided and I said elsewhere that even if I don’t recommend it, I don’t consider bad practice to install it either.

    • #33150

      I think you are right, they were good patches when they were released. Only that we have newer patches doing the same thing and apparently better, superseding those which you mentioned. Check this one https://support.microsoft.com/en-us/kb/3138612
      You will need KB3020269 for it and end up with Canadian Tech’s solution.

    • #33151

      Further investigation of a problem during a computer club meeting showed a problem logging into a network with w redirect to its local login page. The page uses some old SSL or TLS protocol, which just got blacklisted by major browsers, including Edge and IE 11, Chrome and Firefox. (In fact, Chrome and Firefox outlawed insecure protocols long ago.)

      Bottom Line — I had to go into IE, change some Internet Options, and allow some insecure protocols to connect to the public wifi network’s login page. Then I reset IE to All Defaults and High Security, and my other web surfing worked like a charm.

      AT&T DNS may not have gotten the memo about banning insecure protocols. But Microsoft Sites must have had it right in line with their own MS Updates. So the Microsoft Sites were rejecting the insecure DNS messages and possibly all traffic passing through those DNS Servers.

      Today things are apparently back to normal with AT&T DNS and Microsoft Sites. My third PC (the NUC) did not need any DNS gymnastics before, during or after MS Updates were applied.

      But the public network login apparently hasn’t got the memo (and the updates) yet.

      Mystery apparently solved.

    • #33152

      Footnote — these protocols were in the SSL 2 and SSL 3 families.

    • #33153

      The fact that the June’s update rollup was replaced by July’s and May’s rollup was actually the Convenience Rollup which is only offered through the Microsoft Update Catalog explains why, despite discussion on the internet of rollups for May and June, neither have been installed or are pending on my computer.

      Thanks to abbodi86, Woody, and ch100 for bringing clarity to the monthly update rollups.

    • #33154

      Thanks. I’ll try the March Client update when I do my test install. I found for the longest time that kb3112343 & kb3135445 worked really well for a clean install in terms of cutting down scan time. But if the March one does it better then I’ll start using it instead.
      “You will need KB3020269 for it”
      I think you made a typo. I think you mean “KB3020369”. You had a second 2 in there instead of a 3. But I get what you mean. But anyways. Thank you for the tip.

    • #33155

      Updated 6/10/16 – all saved passwords gone from chrome/firefox 7/10/16.

      No F idea what happened

    • #33156

      (windows 7 64bit)

    • #33157

      You know ch100. The part where you talk about Microsoft’s enforced updates has made me think. Microsoft pays their developers to still patch Windows 7, and 8.1. Microsoft doesn’t want to support them anymore. They want Windows 10 and just Windows 10.

      I often get asked by friends, family, and colleagues how they can stop Windows from updating. And I tell them I don’t recommend it. Since I’m that guy who everyone comes to when they need help with their tech I always tell them to install updates. But they don’t because it require them waiting 5 or so for the reboot.

      It really frustrates me that people are so impatient that they can’t take 10 minutes to install updates as they come out. And it’s an easy thing to solve by starting updates before going to bed or work or whatever.

      I mean Microsoft could just say they’re no longer going to be supporting 7 or 8.1 and just focus all efforts on Windows 10. And then the people who don’t want Windows 10 will say they that Microsoft should just keep supporting 7 and 8.1. And then I’ll tell them “You never installed updates anyways. What difference does it make?” and because people never installed updates now the power user and sysadmins get the short end of the stick.

      I mean from a security standpoint it’s important to update Windows. It’s not as secure as OS X or Linux. So you really need all the security updates you can get. But people don’t update. I don’t know why it’s always such an excruciating thing for most. I could understand if updates are bricking computers. But it doesn’t happen most of the time with 7 or 8.1. On my machines at least. Most people are too impatient to reboot. So now the rest of the 7 and 8.1 users who do update, but want to avoid stuff like Windows 10 upgrades and telemetry have to suffer because of it.

      I feel there should be a fourth group. People who get their computers. Never change any settings, and get told to reboot for updates but then never do. Non tech savvy people like your parents who don’t care about updates or anything and just want it to work. Different from Group W. Group D maybe? “D” for “Don’t know. Don’t care.” Or maybe “U” for “Uninformed.” I don’t know.

      Anyways sorry for this long rant. I just had to get it out of my system. I suppose if someone has concerns over stability with patches or anything of that concern I’ll refer them to Woody’s MS-Defcon system. But for the most part when I get asked about updates, I tell them they should really update.

    • #33158

      I blame Microsoft’s support team for not clarifying that in the KB article

      yes, i install CR at last, after all other updates that are not superseded

      usually and following what WU offers of these Feature Packs (platform and RDP), the recommended instalation order would be:
      1. KB3020369 / Servicing stack Prerequisite
      2. KB2670838 / Platform Update
      3. KB2574819 / RDP Prerequisite
      4. KB2592687 / RDP 8.0
      5. KB2830477 / RDP 8.1
      6. KB3172605 / July 2016 Rollup
      7. KB3125574 / Convenience Rollup

    • #33159

      That’s a very Group A stance – and it does have merit.

      In my experience, the time to patch and reboot is a minor inconvenience. What hurts is when (a) the patch breaks something and/or (b) the patch increases Microsoft’s snooping, without my consent.

      But then I’m more of a Group B kind of guy…

    • #33160

      Hang on. The ride’s going to get very bumpy, very shortly.

    • #33161

      This message is specifically aimed for CH100


      always impressed with your technical knowledge, so thanks for your all your help in the past. I want to revisit my hidden updates before next Tuesday, and I recall you detailed the problems with “long-term” hiding, and what to do about it.

      It wasn’t just to unhide them, but also something about clearing the history cache et al.

      Would really appreciate if you are able to find the link to your article. Thank you.

      ps; I’m using W7SP1x64 and was in Group B but thinking of dropping out altogether along with my tin hat.

    • #33162

      Off topic I know but dont know where to put it.
      Today I have got a big green tick on my files in documents. I have renamed some and that seems to have taken it away but I have one very large file related to geneaology and I done want to lose it.
      Can you tell me what this tick is and can I get rid of it. Thanking you. I am using windows 7

    • #33163

      I may just wait for patch tuesday, it’s getting to the point where I’m loosing confidence in microsoft with the updates. I mean come on, they are clearly not in the right state of mind, to the point where us as users are going to have to start protecting our computers ourselves. I mean come on seriously, isn’t it true that a majority of computers getting hacked are a result of their owners being stupid and going on sites that are known to be riddled with malware.

      As for letting things through, oh come on, in this day and age AV companies are constantly updating definitions, as well as a majority, supposedly, of users also have anti-malware and/or a firewall up at all times.

      As for the whole browser thing, I get the fact IE is needed to access the internet, but seriously, is it really even needed, just look at Win10, it doesn’t even have IE, yet can access the internet just fine. Just look at Apple and Macs, they don’t even need a IE-like pseudo-browser to access the internet.

      As for the Patch Tuesday thing… Gawd, is Microsoft living in a time warp or something? Are they not aware that no other os maker follows that update model anymore because… Surprise, it’s not effective, especially if a hacker creates a bug RIGHT AFTER patch tuesday… The infected computers are SOL till the next patch tuesday, whereas other os are patched quickly. I mean just look at the recent IOS 10 debacle with the bricked phones, Apple had a fix within hours… Microsoft would take a month to get the fix out due to it requiring a hotfix, then releasing the hotfix on the next patch tuesday due to it having to be tested ‘extensively’.

      TL;DR Microsoft needs to get with the times.

    • #33164

      Really? Really? You are blaming the victims for being afraid to install the problem patches?

      You might be good at technical stuff but you forgot that not all of us have either luxury of just getting the computers to repair shop if there is problem, nor having technical knowledge to fix it ourselves. Many people still use their computers for work and every days with no computer equal no productivity or at least, much reduced productivity. For some of business, it might actually makes difference between bankrupt and staying afloat. So what you are saying is unwise for us with no luxury of time or expertise to just fix it.

      Besides, the issues with KB3020369 is not yet fully resolved. Last I heard from Woody was that he has not heard of any large issues now. However, he never wrote any of articles or post that said people has go ahead with that patch, and even the article about installing KB 316047 (the one with updated WU agent and Bluetooth bug) with has the patch KB 3020369 as prereq, Woody still warn the users to proceed with cautious about 3020369 as he was not sure if all of issues was fixed. So for many of people, as far as they know that patch is still bad as there is no word otherwise, nor the word that MS has fixed it.

      Besides, it is MS’ fault, not the users. Many of patches had bricked the computers, or degraded the computer badly. Often there is no fix, at least for not long time. No quality test (unless you want to count us) at MS, no care and no effort. No, Microsoft does not know the best, not especially those days.

      In the other words, you might be right about the technical aspects, you need to remember that not all of us are the same as you. Nor that all of the people who do not the same as you are stupid. Be charitable and aware that some people have different issues than you do and different needs as well. After all people do have different computers and some of posters here have reported that their computer can’t take various patches. Besides, usually those did not select update had reasons and researched on this (else they would have kept auto-update on). So, don’t assume.

    • #33165

      Excellent @abbodi86 😀
      This should be a reference post for anyone interested.

    • #33166

      Except for KB3020369 which is Important non-security in WU, all other updates are Optional, although KB2670838 is the main pre-requisite for IE10 and IE11.
      This is another proof that some of the Optional updates if not all are actually very useful to enable full functionality in Windows.

      The main problem with Optional updates as I see it is that they are sometimes unreliable immediately after they are released and need to be revised or there is further setting required. After few months though, sometimes it may take even 6 months for reaching full stability, they should all be installed.

    • #33167

      Thank you for your “rant”. 🙂
      I think the issue is compounded by Microsoft requiring too many updates and too often and in most cases they are too intrusive. This fact alone puts users like yours off from updating.
      I think what they try to do with the rollups is to implement a similar updating mechanism with iOS where you have one large update, in most situations fully documented, but which you either install or not. You cannot select areas of interest in a patch from Apple.
      There are other problems too. The reason that Windows is more complex is that by design it has to run on almost any hardware available, it has to run software largely out of Microsoft’s control and is more functional in this regard.
      More functionality means more complexity and inherently less security.
      Sometimes it makes me think that back-end computing should have never been allowed in the wild outside of universities or other interested entities like the Department of Defense who have the capabilities to do the relevant research and secure the systems at the best possible. This may be what the evolution to the Cloud is in fact, back to where IT back-end should belong and not to have every person on the planet act as a system administrator.

    • #33168

      Woody, I read few times what you said about snooping and the fact that Group A types are more exposed to snooping than the Group B types.
      I am not convinced that this accurate, because we actually identified here and on other sites that there are currently only 5 (five) patches which modify the snooping behaviour. Out of those 5 patches, only one KB2952664 and its follow-up KB3150513 are really annoying, changing previously documented behaviour.
      KB2952664 and KB3150513 are not recommended even for those in Group A.
      I raised recently the question of the usefulness of KB3021917 which seems to be compliant with documented behaviour, but it does not serve any useful purpose either.
      Those 2 or 3 patches are not really recommended for either of the 2 major groups.
      Then why would the Group A users be more exposed to telemetry without consent? Is it about future patches which could potentially do the same like those already mentioned or those retired after the free upgrade offer ended?
      I still believe that antivirus product are more capable of telemetry than any patch or functionality built-in the Operating System due to their unlimited access and due to their nature, their less documented behaviour.
      MSRT does daily scans starting with Windows 8 and sends information to Microsoft following each scan, unless a certain registry key is configured. The scans are triggered in Windows 8 or later by the Maintenance Scheduled Task. In Windows 7 there is only one monthly scan by default.
      I don’t know what the other non-Microsoft antivirus products do out of the box, but I can only imagine.

    • #33169

      As Woody suggests, this information is current as today.
      Tomorrow, or Tuesday it may be all different.

    • #33170

      Yes, it was typo.
      Some posters who know well what they post claim that the agent contained in https://support.microsoft.com/en-us/kb/3172605 is even better than https://support.microsoft.com/en-us/kb/3138612 which is possible, quite probable.
      The reason I tend to bring the March agent more often in discussion is that I perceive it as more stable and it is pushed as Important, while the other one which is a rollup, not only an agent is pushed as Optional at the moment.

    • #33171

      I don’t know if any other windows 8.1 users had this happen. but I only had two updates show up KB 3172729 (security) and KB 3177723 (non-security). Are these the beginning of the rollup patches that Microsoft is moving us to?

    • #33172

      I will stay tuned for further developments.

    • #33173

      Thank you Old Dog. I am impressed with how popular this thread has been due to Woody’s talent in finding the right subjects for each of his blog posts. 🙂
      The master article is this one https://support.microsoft.com/en-au/kb/971058
      This is complicated and overkill so I will tell you exactly what you have to do.
      1. Log in as Administrator – the user named Administrator, not other user.
      2. Open Services console and stop: Windows Update, BITS and Windows Modules Installer (known also as TrustedInstaller)
      3. Delete C:WindowsSoftwareDistribution folder
      4.Reboot your computer.

      Please be aware that by deleting the SoftwareDistribution folder you will lose the update history, but all installed updates are in Programs and Features under Installed Updates.
      All current hidden updates are restored, while those who are obsolete because of Microsoft expiring them in time, are no longer causing issues as the cached database is clean and created as new.

      I would suggest you giving a try to Group A, but this depends on your level of comfort in relation to Windows Update. Woody traditionally leans towards Group B in his recommendations because among other things they are addressed to a huge number of diverse users, but as he said recently, there is a lot of value to be gained by being in Group A.
      Both Groups of users should be OK.
      The main differences are that in Group B you get only Security Updates plus the minimal set of reliability updates, while in Group A you get all the features enhancements as few as they may be in the future for Windows 7. In Group A you would be able to use Windows 7 to its full potential.

    • #33174

      Then I suggest you not to play the game and stay unpatched. It is as simple as that.
      Microsoft or Woody or myself do not force you to install any patch.

    • #33175

      Well the way I see it. By using their OS and installing updates you are giving consent. People got to remember. It’s not their software. It’s Microsoft’s. Just saying.

      As for people who think Windows 10 is “spying” on them. I don’t feel they have a right to complain because it’s in the EULA they didn’t read. Said right there in the fine print. They will collect and preserve data. If they didn’t state it and collected data then yes it would be a different story. But they are up front with it. And every Windows 10 user gives Microsoft consent to do it when they click “I agree.”

      I don’t like it either, but that’s the way it is. If they don’t agree to it then they shouldn’t be using Windows 10. But then they also shouldn’t be using things like Facebook, Google, smartphones, computers, or the internet in general. Your ISP can see what you’re doimg. But that’s just my two cents

    • #33176

      Important vs Optional is a highly overrated comparison 🙂

      some users claims that msft make mess with updates, yet they follow their lead regarding which updates are “more” imporatnt to install 😀

    • #33177

      I said it how Microsoft classifies the updates, it was not my classification.
      Anyway I did further testing and found that indeed the agent contained in KB3172605 is superior and I will stop recommending KB3138612 from now on. 🙂

    • #33178

      Agreed 100%. I don’t like it, but what you say is true.

    • #33179

      Naw, those are just garden-variety patches. The patchocalypse isn’t here yet.

    • #33180


    • #33181

      Solved. Something to do with my online back up service.