News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • The latest KB blocklist

    Home Forums AskWoody blog The latest KB blocklist

    This topic contains 46 replies, has 5 voices, and was last updated by  PkCano 2 years ago.

    • Author
      Posts
    • #39721 Reply

      woody
      Da Boss

      Several of you post lists of “bad” Windows patches – the idea being that if you install all of the offered patches except for these bad ones on the bl
      [See the full post at: The latest KB blocklist]

    • #39722 Reply

      PkCano

      My blocklist includes compatibility, telemetry, and Win Update Client patches. I have included Win Update Client b/c I suspected they greased the way for the upgrade effort, or at least the slow update process encouraged people away from Win7/8. After the end of GWX in Aug, I will probably unhide the Win Update Client patches and rollup (only), and add back “give me recommended updates” (evaluation of this after GWX and I see what MS is doing). I will leave the GWX CP with DisableOSUpgrade enabled.
      I include superceded patches, b/c if you hide a later one, the earlier one shows up.

      Block list:
      KB3068708 CEIP & telemetry
      KB3035583 GWX
      KB3075249 telemetry [edit WL]
      KB3080149 telemetry
      KB3022345 CEIP & telemetry (replaces 3080149)
      KB3123862 GWX helper
      KB3150513 GWX & compatibility update
      KB3173040 full screen nag for Win7 SP1 and Win8.1
      KB3163589 full screen nag for Win7 (without SP1) and Win8 (not upgraded to 8.1)

      Win7
      KB3021917 telemetry
      KB2990214 enables upgrade
      KB2952664 compatibility [edit WL]
      KB3050265 Windows Update Client
      KB3065987 Windows Update Client
      KB3075851 Windows Update Client
      KB3083324 Windows Update Client
      KB3083710 Windows Update Client
      KB3102810 Windows Update Client
      KB3112343 Windows Update Client
      KB3135445 Windows Update Client
      KB3138612 Windows Update Client
      KB3161608 rollup including Windows Update Client

      Win8/8.1
      KB3044374 enables upgrade
      KB3058168 allows Win10 activation
      KB2976978 compatibility & CEIP
      KB3058168 Windows Update Client
      KB3065988 Windows Update Client
      KB3075853 Windows Update Client
      KB3083325 Windows Update Client
      KB3083711 Windows Update Client
      KB3102812 Windows Update Client
      KB3112336 Windows Update Client
      KB3135449 Windows Update Client
      KB3138615 Windows Update Client
      KB3140185 Windows Update Client
      KB3161606 rollup including Windows Update Client

    • #39723 Reply

      Dave

      Woody,

      Thanks for the updated lists of KB’s to avoid.

      Dave

    • #39724 Reply

      Windozxpert

      I have these posted on my wall at the shop as a quick reference.
      I’ve been looking for a way to “pre-deny/hide” these updates but I haven’t found one. We can slipstream updates and applications into OS installation, why not pre-deny/hide them? Any way to do this?

    • #39725 Reply

      Render

      “tell me that I’d be making your life too complicated if I changed to a blocklist approach….”
      —————————————————————
      From a post of yours two days ago (July 9, 2016 at 3:56 pm)

      https://www.askwoody.com/2016/how-to-get-your-win7-updates-in-less-than-glacial-time/comment-page-1/#comment-91591

      “I’m starting to warm up to the idea of installing optional updates, except those on a blackout list. It’s a lot more work for a typical user, but likely less disruptive in the long run.”
      —————————————————————
      Our current method of installing only security updates seems less involved.

      Changing to a blocklist method would add to that the optional updates that are not as clear to install as simply seeing the word “security” in the important group.

      Additionally we’d be considering all the extra updates that come with that optional group. Right now I have 46 on my Win8.1 machine. I’m OK with letting them lay there into eternity. If I need to go back to checking each one of them in that group manually by clicking on the “more information link” that takes me to the KB article so be it. However, those articles are usually written in such a vague manner as to oftentimes provide little assistance except for the prerequisite info.

      Granted, I used to think that there was a useful purpose to optional updates. With this yearlong adventure that I’ve been on, it’s certainly given me much food for thought as to my trust level for M$. Eye opening to say the least, some might say a dose of reality. I no longer believe that M$ has my interests at heart. Therefore, optional updates have taken on a new meaning for me & I might need serious convincing to begin installing them again. Not saying no altogether, only that I’m not going to be so quick to revert. My thoughts on this are probably common based on many other comments posted here.

      Blocklist or Security only, what ever the case may be, I’ll stick with the latter until I read how others fare before going back into the optional updates pool.

      My gratitude to the regulars here who inspire me to think about what course to take. You guys & gals are top notch.

    • #39726 Reply

      woody
      Da Boss

      Excellent approach.

    • #39727 Reply

      woody
      Da Boss

      Don’t know of any way to pre-emptively “hide” a patch.

      Win7/8.1 don’t work like wushowhide in Win10.

    • #39728 Reply

      EP
      AskWoody_MVP

      KB3075249 is no longer offered anymore as it is superseded by KB3139923-v2.

    • #39729 Reply

      EP
      AskWoody_MVP

      Disagree with blocking the KB3161606 & KB3161608 update rollups as Microsoft has properly fixed the WU long scan problems in those patches, PkCano.

    • #39730 Reply

      Simpson

      Here on Windows 7 I have fortunately not one of the Windows Update patches mentioned in either list (Woody’s and PkCano’s) installed, and my OS is running fine.

      Whatever my decision to continue or not patching my system with Windows Update one thing is sure : no WU before August 2016, that is once the Win10 upgrade hysteria will (or may) have calmed down. An exception nevertheless for patches concerning .NET Framework.

    • #39731 Reply

      Ed

      What proof do you have to back that statement up EP?

      KB3161664 fixed the long wait times for Win 7 in the month of June and that is a single stand-alone patch.

      Last I heard nobody knows for certain that the KB3161608 Rollup is a PERMANENT fix for that problem yet and it includes a list of bloatware I’m not willing to succumb to unless it’s absolutely necessary.

    • #39732 Reply

      Windozxpert

      We will find out Microsoft’s definition of the word “permanent” tomorrow.

    • #39733 Reply

      Allan

      +1

    • #39734 Reply

      Anonymous

      @pkcano:

      Just a quick question. Is the Win 7 update listed as KB2953664 compatibility, correct or is it a “typo” for KB2952664?

      Excellent work on these lists!! Thank you for clarifying this. 🙂

    • #39735 Reply

      NotReallyBob(fromanothercomputer)

      KB2990214 / KB3044374:
      http://www.infoworld.com/article/2910739/patch-management/microsoft-elaborates-on-kb-2990214-kb-3044374-windows-10-nagware-patches.html “Don’t think you can skip it”, also superseded by other updates (KB3161608 / KB3161606?)

      KB2953664 doesn’t exist, typo of KB2952664?

      KB3102810 / KB3102812 resovled high memory usage of windows update (Oct2015). Not that the issue with high CPU / memory usage started around May 2015, and began WITHOUT installing any updates, something changed at microsoft’s end. KB3161608 / KB3161606 appears to resolve issues with slow update (we’ll see tomorrow).

      KB3058168 appears to be an update for activation compatiblity

    • #39736 Reply

      NotReallyBob(fromanothercomputer)

      I have a script that hides updates which runs every 12 hours or when new updates are downloaded. It does ask the windows update service “what updates do you already know about offline?” which does trigger the “normal” high CPU usage unless you have the update(s) of the month that trigger slowness if not installed (or the latest WU client).

      Be aware that every time there is the slightest change to a hidden update it is unhidden until the script runs again.

    • #39737 Reply

      walker
      AskWoody Lounger

      @pkcano, @woody:

      On the list for Win 7, KB2953664 is listed. Would like to clarify if this is possibly a typo and it should be KB2952664?

      Great list, and I appreciate all of the hard work involved in compiling it. Thank you! 🙂

    • #39738 Reply

      PkCano

      Two I missed
      KB3075249 telemetry
      KB3163589 full screen nag on Win8 (= to KB3173040 Win7)

    • #39739 Reply

      cyberSAR

      EP, I have those blocked on my machines (and many, many more than listed here) and my scan times are always less than 10 minutes. Downloads are also acceptable.

      On client machines I block KB971033,KB2882822,KB2952664,KB2977759,KB3021917,KB3035583,KB3068708,KB3075249,KB3080149,KB3081954,KB3123862,KB3139923,KB3150513,KB3161608,KB3170735,KB3173040 and have very fast scans and download times.

    • #39740 Reply

      ch100
      AskWoody_MVP

      The only 2 patches which I found that are not offered to the Enterprise Edition are KB3035583 and KB3173040.
      Not installing those 2 patches and installing everything else would probably be just enough to avoid the Windows 10 adware and the upgrade itself on any other version of Windows 7.
      I see many of the telemetry updates as required outside of the Windows 10 upgrade context and as such I do not recommend avoiding them. For those overly concerned with those issues, I would recommend avoiding Windows and any other commercial operating system completely. The implementation of the telemetry and the details of it are too complex to be resolved just by avoiding certain updates.

    • #39741 Reply

      PkCano

      Yes, you caught my mistake. It is KB2952664.

    • #39742 Reply

      JB

      Unfortunately, Microsoft has created a world where avoiding their operating systems is quite often impossible.

      The telemetry updates are really downgrades from a customer perspective, each one sends more sensitive information to Microsoft in exchange for absolutely nothing (remember: Anyone not on Windows 10 *paid* for their Microsoft operating system license, at a price chosen by Microsoft, they have no justification to demand additional value back after the deal was closed, but they do have that 10 year “continuing performance” obligation to provide updates at no extra charge).

    • #39743 Reply

      PkCano

      CORRECTION – There is a typo in my list.
      The number should be
      KB2952664 compatibility (the “3” is incorrect)

      Also add two I accidentally left out:

      KB3075249 telemetry
      KB3163589 full screen nag on Win8 (= to KB3173040 Win7)

    • #39744 Reply

      ch100
      AskWoody_MVP

      Let me give an example why I say that the telemetry subject is too complex to be reduced to only installing/uninstalling/avoiding specific patches.
      KB2882822 is pre-requisite for IE11 and as such mandatory to have a supported Windows 7 system. The description is – Update adds ITraceRelogger interface support to Windows Embedded Standard 7 SP1, Windows 7 SP1 and Windows Server 2008 R2 SP1
      KB3080149 supersedes (replaces and updates) KB2882822 according to WSUS and Microsoft Catalog. The description is – Update for customer experience and diagnostic telemetry.
      The question is: should we install KB3080149 on top of KB2882822? Who decides based on objective criteria (not emotional related to the word “telemetry”) if the newer patch is useful or not? It can be argued that the previous mandatory patch contains telemetry elements and being mandatory for having the OS under support guidelines, then telemetry becomes a de-facto “feature” of Windows.
      Upgrading to Windows 10 is an entirely different subject than telemetry and the associated updates can be objectively separated from the rest of the updates.

    • #39745 Reply

      woody
      Da Boss

      That’s precisely the problem.

      It’s a lot like Win10’s cumulative updates, where you can’t separate the wheat from the chaff.

    • #39746 Reply

      woody
      Da Boss

      I edited your original post. Let me know if it’s accurate now.

    • #39747 Reply

      PkCano

      KB3173040 showed up on my Win8.1 machine as well as Win7.
      On further investigation, I think a change should be made to the list. Both KB3173040 and KB3163589 should be on the top part of the list b/c they can show up on both:

      KB3173040 full screen nag for Win7 SP1 and Win8.1
      KB3163589 full screen nag for Win7 (without SP1) and Win8 (not upgraded to 8.1)

      Otherwise, it looks good.

    • #39748 Reply

      PkCano

      It’s not so much the fact that telemetry existed. There has always been the “report windows problems” data transfer. And CEIP has been around since forever too, allbeit with an opt-out (maybe). But back then I trusted MS to not transfer problem data if I said “no” and to respect the opt-out of CEIP

      I don’t trust MS to do what they say anymore, and there have been incidences of outright their lying (“We put Win10 on your PC without your permission? Oh, that was an accident.”).
      It’s the CHANGES MS has made to what and how they collect the data, made by the patches since they’ve been on the Win10 warpath, that I am inclined to block.

    • #39749 Reply

      woody
      Da Boss

      You nailed it.

    • #39750 Reply

      ch100
      AskWoody_MVP

      @pkcano I understand and respect your point of view. It would be easy to say, if you don’t trust Microsoft, then don’t use their products. However, things are complicated by the monopoly like position of Microsoft and the way we have all been stuck with their products, in particular Windows and Office for years.
      The only supported way to work around many of the telemetry annoyances is to follow the recommendations in the official White Papers dedicated to the subject for which I posted URLs a while ago on this site. The other more complicated way is to do network monitoring and try to find ways to block the undesired communication. However, even going to that length would not guarantee that no data is sent back home to Microsoft via alternative channels. I am afraid that there is no easy answer.

    • #39751 Reply

      poohsticks

      PKCano: “I include superceded patches, b/c if you hide a later one, the earlier one shows up.”

      I agree with that — my personal blocklist may be lengthy, but it contains every patch I’ve made the decision to block for the past 16 months, even if now it’s not offered/it’s been superceded — it’s better to be complete, and I as a non-techie person like to have as much useful information spelled out/described as possible.

    • #39752 Reply

      poohsticks

      NotReallyBob(fromanothercomputer),

      In early May here on AskWoody, you mentioned that “don’t think you can skip it” comment about kb2990214 that had been made on an MS employee’s blog (who apparently abandoned his blog right after that), and I replied:

      “Responding to Bob(maybe)OrNot’s comment:

      “KB2990214 MS: ‘This update is applicable to your systems even if you’re not planning to migrate to Windows 10, so don’t think you can skip it.’
      …Suggest having at least KB3083710 to free up 2.5GB of ram.”

      Yes, a year ago I had seen the Microsoft guy’s “don’t think you can skip it” warning about 2990214.
      This is the link to that post: https://blogs.technet.microsoft.com/joscon/2015/04/14/windows-servicing-releases-april-14-2015/
      (I was hoping he’d be another go-to source, from the horse’s mouth, during my monthly Windows 7 updates researching, but he never posted again on his blog.)

      Based on his warning, I duly installed 2990214.
      It gave me problems (I don’t remember what they were now because I didn’t write them down.)
      I uninstalled it and my computer was happier.

      Throughout the year I have avoided that one, and all the ones you mentioned that superceded it.

      Last week, I installed 3145739 by itself, without co-installing 3138612 (the decendant of 2990214).

      After that, my Windows Update manual searches have taken 7 minutes….”

      Original conversation was at: https://www.askwoody.com/2016/updates-of-questionable-value/#comment-82468

    • #39753 Reply

      poohsticks

      FYI to newer readers, there were also comments on update patches that people are avoiding in the body and the discussion section of this Woody blogpost:

      “Updates of Questionable Value”
      https://www.askwoody.com/2016/updates-of-questionable-value


      Also in a couple of spots on this site, Noel Carboni has put up his list, one of them had like 5 or 6 kb numbers, and later he added 1 or 2 more.

      Not sure how it stands today, as he was thanked in the current blogpost for contributing supporting material, but the post doesn’t specify what his current list of the updates-to-avoid is.

    • #39754 Reply

      woody
      Da Boss

      It would be interesting to see. Whaddya think, Noel?

    • #39755 Reply

      ch100
      AskWoody_MVP

      @poohsticks My list had Noel Carboni’s list as starting point, from which I removed a few KBs as they do not deal with Windows 10 Upgrade, but rather with other issues like telemetry, which can be considered only loosely related to the upgrade in my view.

    • #39756 Reply

      poohsticks

      @ch100,
      Can you give us a link to Noel’s list that you worked from? Was it one of his lists that he contributed on AskWoody.com? It would be interesting to see his most recent list.

    • #39757 Reply

      ch100
      AskWoody_MVP

      It is one of the lists contributed by Noel on askwoody.com or maybe promoted by Woody on one of his Infoworld.com articles. Sorry @poohsticks, I cannot find it right now.

    • #39758 Reply

      woody
      Da Boss

      I don’t publish blocklists in InfoWorld – at least I haven’t as yet. I’m not comfortable enough with the lists to recommend them to a wider audience.

      So far.

    • #39759 Reply

      ch100
      AskWoody_MVP

      First time using subscription to posts and replies and it worked great. Excellent stuff Woody 🙂

    • #39760 Reply

      woody
      Da Boss

      Whew

    • #39761 Reply

      Herb K

      Hi All:

      Today, JULY 19, 2016, 2:PM Microsoft is at it again. KB3035583 posted in my windows updates as optional. placed in hide and then says recommended update. Now have two in hide. What a Joke.
      Herb K

    • #39762 Reply

      walker
      AskWoody Lounger

      @ep:

      I could not locate any reference to the KB3139923 update. It’s been sitting in the Optional updates for a while, and apparently is
      related to “Windows Installer Repair Doesn’t Work”. Do you have any recent information about this one? Do you know if it should be hidden, or just left on the Optional List? I don’t know anything about the “Windows Installer Repair” being referred to.

      Thank you for any information you may have on this update.

    • #39763 Reply

      ch100
      AskWoody_MVP

      @Render
      You may not use the additional functionality brought by some Optional updates, but there is certainly a purpose for them and many users who find them useful, the three updates installing RDP 8/8.1 are useful for those operating in hybrid environments. There are some updates for which I don’t have a purpose, like the timezone updates in certain parts of the world, but if they don’t cause problems, then I think it is better to install than not to install, to keep consistency with what Microsoft is likely to test most.
      Recommended Updates bring even more mainstream functionality in many cases. Few examples are the 4k native disk sector compatibility, enabling DiskCleanup to remove obsolete updates https://support.microsoft.com/en-us/kb/2852386 – this should a favourite here on this site and many others.
      Installing Security only and not installing the Important non-security/non-recommended actually does not allow you to fix your system for known issues. This is their role and I have seen enough examples. There are not many of those but most are indeed critical for the good functionality of Windows.

    • #39764 Reply

      Render

      Interesting, I see what you mean about 2852386. The “known issues” terminology also jars loose some familiarity on how some optional updates might be useful.

      Sadly, my brain is stuck on the avoidance of optional updates. If they were better worded & not so vague, I wouldn’t have to be so cautious about what they might provide. Couple that caution with my loss of faith in general & it makes for more avoidance, to which I am sure others are also experiencing. Gone are the days when trust was easier to have. Not bolting the door on trust, just not in a hurry to open it.

      Thank you for enhancing my understanding fella, you’re alright 😉

    • #39765 Reply

      Don’tTellM$

      @woody,Windozxpert,NotReallyBob(fromanothercomputer),readers here

      Hey, greetings – NRBob(fac) any chance to get a link to your script? Anything like this – Uninstall and Hide Windows Updates, http://www.mcbsys.com/blog/2015/11/uninstall-and-hide-windows-updates/
      Here is a PowerShell script that uses wusa.exe to uninstall an update, then PowerShell to hide that same update. It will even check for superseded updates with the same number and hide those. The script was designed to run from the MaxFocus dashboard [[but can also be run standalone.]]

      OR

      Block specific Windows update hotfix,
      http://serverfault.com/questions/145843/block-specific-windows-update-hotfix

      An user posted a VBscript (HideKBs_BingDesktop.vbs) on msfn.org which hides updates.
      http://superuser.com/questions/722667/how-to-hide-updates-in-windows-updates-without-gui

      Source of above mentioned link below (Note) above link shows the info. better,
      http://www.msfn.org/board/topic/163162-hide-bing-desktop-and-other-windows-updates/
      Maybe these links could help some or better yet share yours NotReallyBob(fromanothercomputer).

      What about this list – Windows Update Blacklist, http://www.getblackbird.net/blacklist/updates/

      Win 7 updates to avoid, or be careful with,
      http://www.dslreports.com/forum/r30348398-WIN7-Win-7-updates-to-avoid-or-be-careful-with~start=90
      4 pages of user comments on updates.

      What are all the Windows 7/8/8.1 updates (KBs) I must skip to avoid Windows 10 upgrading -and nags-?,
      http://superuser.com/questions/1051187/what-are-all-the-windows-7-8-8-1-updates-kbs-i-must-skip-to-avoid-windows-10-u

      Aegis: Block all Windows 10 components on Windows 7 and 8,
      http://www.ghacks.net/2016/01/26/block-all-windows-10-components-on-windows-7-and-8/

      I’m not sure but Blackbird seems to do more as th3power/aegis-voat utility is no longer being maintained. Though, the ghacks link offers some KB and their info.

      Interested in Blackbird? see,
      http://www.getblackbird.net/
      Right now Blackbird is working on an update to the Win 10 Anniversary Update, if you try and run it you’ll get this “Blackbird does not currently support Redstone builds.
      To prevent any damage to your PC Blackbird will now exit.” Blackbird says – With Redstone they made a lot of changes, registry, services and system apps-wise, with even less documentation than before. It’s working on an Alpha build and testing.
      Blackbird still is working on Win. OS’s Windows Vista, 7, 8/8.1 Home/Pro/Ent without trouble.

      I’ll stop here as it’s longer than I planned on. Thanks…

    • #39766 Reply

      woody
      Da Boss

      Good list, but note that I, personally, don’t endorse any of the products or procedures.

    • #39767 Reply

      Subliminal Dimension

      I just went through a nightmare after Windows 8.1 was forced upon my Windows 8 laptop. Luckily, I was able to restore my system back to Windows 8, using the refresher feature. However, here is my question. I know that sooner or later I am going to have to go into the WindowsStore for get updates for my start menu applications. How do I go in there without that Windows 8.1 upgrade flying right at me again? Once is enough with this forced Windows 8.1 upgrade nonsense. It was after I went in there the last time that my laptop started warning me that it was going to forcibly upgrade to Windows 8.1, and I was trying everything under the sun to stop it.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The latest KB blocklist

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.