This month’s Win7 and 8.1 “security only” patches install and activate telemetry systems

Topic

New Reply

Back in July, we discovered that the Win7 security-only patch was installing and activating telemetry (read: snooping) subsystems. The August security
[See the full post at: This month’s Win7 and 8.1 “security only” patches install and activate telemetry systems]

6 users thanked author for this post.

WSkxxxk, wdburt1, SueW, OscarCP, Microfix, abbodi86

Reply | Quote

Replies

Bet there are security issues that they are fixing.  Note that last time they did not enable telemetry.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

WildBill

Reply | Quote

Fixing something that don’t exist by default on the system does not make a sense

and the radio silence make it worse, at least give an execuse (even if we don’t accept it) 🙂

i still tend to believe that it has something to do with “Upgrade Readiness”

7 users thanked author for this post.

Bill C., David F, wdburt1, OscarCP, woody, lanceboil, Microfix

Reply | Quote

i still tend to believe that it has something to do with “Upgrade Readiness”

A final free offer to switch over to W10 before/ just after the new year per chance?
Coincides with the run up to Win7 EOL why not try W8 as well, all in for the stability and reliability creature circus.
That’s the only sense I can make of having telemetry injected into Security Only patches from where I’m sitting.

No problem can be solved from the same level of consciousness that created IT- AE

3 users thanked author for this post.

WildBill, woody, OscarCP

Reply | Quote

My guess  is that because enterprises have rolled out upgrade readiness that there are more of us that potentially have this code than we think.

Of course it would be NICE if someone was HONEST and stated WHY.

Susan Bradley Patch Lady/Prudent patcher

7 users thanked author for this post.

Kranium, abbodi86, RTEsysadmin, PerthMike, WildBill, Microfix, woody

Reply | Quote

If you ever read the MS T & C; they’re at you from the get-go. Why people are so aggrieved, by MS Telemetry; when they’re there, all the time: never fails to amuse me.

Reply | Quote

I installed the September SO updates on my Win7 computers yesterday. Telemetry was not reactivated, nor were any telemetry tasks re-enabled in Task Scheduler.

5 users thanked author for this post.

Fritz, Sueska, SueW, OscarCP, AJNorth

Reply | Quote

Well, I’ve never read the “MS T and C”, but I have read stories of tilting at windmills and of the pointlessness of resistance. What may seem to some as just imaginary goals and lessons in futility, surprisingly, when all seems lost, can become attainable with constant grit and effort. Succumbing to MS’s Telemetry mantra ‘We’re here, all the time” so just submit, may cause amusement, that there are those who haven’t yielded, given in, blinked. In my small space of the world, the Goliath MS’s telemetry and it’s ‘collective’, is a daily confrontation. Sometimes a scuffle. Other times a slugfest. So it seems that Goliath can, at times, be vanquished & become more ordinary. And maybe “You” can be reborn, and the ‘collective’ become more human again. Baby steps.

Reply | Quote

[OscarCP]

GoneToPlaid: Question: Was it because of some measures you took, earlier on, to prevent this from happening?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

• This reply was modified 4 years ago by OscarCP.

Reply | Quote

The only thing I did was to disable the two telemetry tasks in Task Scheduler which were activated by the July SO update. I did not remove these two tasks, as others have done.

1 user thanked author for this post.

OscarCP

Reply | Quote

WOODY ON WINDOWS

Heads up: Microsoft is back to snooping with this month’s Win7 and 8.1 ‘security-only’ patches

https://www.computerworld.com/article/3438501/heads-up-microsoft-is-back-to-snooping-with-this-months-win7-and-81-security-only-patches.html

1 user thanked author for this post.

WildBill

Reply | Quote

Did you see this?

1 user thanked author for this post.

AJNorth

Reply | Quote

If we don’t know what telemetry data MS is collecting and how it might be used, then, seriously, what difference does it make to our daily PC usage.  Can it really be worse than Google that is pretty much collecting our daily lives in total?

Reply | Quote

The only thing Google should know about me is what I’m typing into their search engine. I have all their analytics, tags, ads (and subsidiaries), etc blocked in DNS first and browser extensions as a backup. I don’t use GMail, I don’t have a Google Account. Not really too worried about Google to be honest.

Windows on the other hand can see every single key I type. Every single hostname or IP the TCP stack connects to. Metadata and contents of every file I interact with. Yes, I’m far more concerned about Windows telemetry than I am about Google.

11 users thanked author for this post.

zat_so, Bill C., phaolo, jagshemash, David F, Kranium, OscarCP, EstherD, wdburt1, lanceboil, HiFlyer

Reply | Quote

? says:

check out the Comments Section on Martin’s post:

https://www.ghacks.net/2019/09/11/windows-september-2019-updates-more-search-woes-and-telemetry/

 

1 user thanked author for this post.

woody

Reply | Quote

? says:

Mr. Born has an article on the subject as well:

https://www.borncity.com/blog/2019/09/12/windows-7-security-only-update-kb4516033-vom-10-sep-2019-erneut-mit-telemetrie/

i ran it through Google Translate and the comments are especially amusing…

p.s. i’m with patchlady from above on “NICE, Honest and WHY.”

Reply | Quote

[OscarCP]

Thanks for the links in the article in “Woody o Windows” to abbodi86’s two pieces of advice, one with longer and more complex implementation than the other.

If the simpler of the two approaches is sufficient:

“Disabling (or deleting) these schedule tasks after installation (before reboot) should be enough to turn off the appraiser

\Microsoft\Windows\Application Experience\ProgramDataUpdater

\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser

\Microsoft\Windows\Application Experience\AitAgent”

What is the advantage of following the other, longer recommended procedure to expurgate all MS snooping software either using the script W10Tel.cmd or manually?

Also, am I correct in thinking that one needs to set up the script, in the longer procedure, to run automatically at the start of every new session, so it also runs after installing new patches?

Or that, if using the simpler, shorter piece of advice, one must repeat this simpler procedure once a month, after every install of the monthly S&Q rollup or the SO patch?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

• This reply was modified 4 years ago by OscarCP.

Reply | Quote

I’m Not installing any Security Only Updates with any Telemetry included! So that’s September’s, and July’s, 2019 Windows 7 “Security Only” updates skipped. And I can begin to remove my personal information sooner rather than after Jan 2020 from any windows 7 PCs/Laptops to be safe.

Maybe it’s time to just stop any Windows 7 updates if necessary it the Security Only part is not being honored by the folks in Redmond. This has gone on Long enough and now I’m really never going to be forced into “fixing” anything that should not be on my system in the first place and no amount of “plausible deniability ” from anyone can convince me otherwise.

Reply | Quote

If their aim is to gain the information that enables them to encourage recalcitrant Win7 and 8.1 users to upgrade (their term, not mine) to Windows 10, then it seems to me that they’re going about it in a very strange and counter-intuitive way.

Doubtless they’re relying on the reasonable assumption that 99% of users won’t get to know about this, and most of the other 1% won’t see what all the fuss is about anyway. They may have a point – after all, if Alexa is feeding back every overheard detail of you and your partner’s intimate moments together why should you be bothered by a bit of computer-based telemetry?

Reply | Quote

Folks I know tell me that telemetry is not enabled even with these patches installed.  It pains me to see anyone say they will not install security updates.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

RTEsysadmin, WildBill

Reply | Quote

lol, they’ve been trying to get KB2952664 on my machine for years now. I’m not about to start letting it by way of SECURITY ONLY patches.

Why do SECURITY ONLY patches contain things that are not SECURITY?

So, another month’s patches skipped again. I’ll install the IE one only.

*** I wish Microsoft would get their act together. It’s my b**** machine, and I want SECURITY FIXES ONLY.

I’d rather go without and run the risk of c*** on my machine, than certifiably installing it through WU. Doesn’t matter whether it’s enabled or not, why would I want it on my machine? It isn’t necessary for what I need.

PLEASE TAKE BETTER NOTE OF THE LOUNGE RULES: NO SWEARING

Reply | Quote

BobT wrote:

Why do SECURITY ONLY patches contain things that are not SECURITY?

Who to determine that Telemetry patch isn’t fixing a security bug ? /s

Reply | Quote

Alex5723 wrote:

BobT wrote:

Why do SECURITY ONLY patches contain things that are not SECURITY?

Who to determine that Telemetry patch isn’t fixing a security bug ? /s

How can it fix something that isn’t on there anyway?

Also if there are security holes in telemetry, is that not more reason to not install such?

It isn’t needed, and shouldn’t be on my PC.
Even if it was fixing something like that, nothing to stop them putting out a separate patch for those who have it installed.

Only nefarious reasons for sneaking it in the standard “Security ONLY” patch, (that just happens to INSTALL the telemetry).

Reply | Quote

Because any folks doing the security only patching should never have any insecure telemetry related code installed on their systems by virtue of them never installing that on their systems from the beginning. And that’s by only ever installing  patches from the Security Only patches group that by definition should be Security Only and not containing any telemetry related code that needs patching.

So why do I need to fix what was never installed because I have only been installing Actual Security Only patches. Really that’s like stopping a truck driver with a manual transmission based truck  at an inspection station  and asking the driver to install some automatic transmission component required for automatic  transmissions on a truck that’s not really needing or using that functionality.

Reply | Quote

Why do SECURITY ONLY patches contain things that are not SECURITY?

Now I’m getting frustrated. I moved to Group B to avoid telemetry (KB3080149 for Win8.1) & the “Compatibility” update (KB2976987 for Win8.1). “Compatibility” is to get ready for a Win10 upgrade. I’m leaning toward jumping from Win8.1 to Win10 1909; before the jump, I would probably move back to Group A anyway. Thanks to @abbodi86 for AKB 2000012 to neutralize telemetry; I followed the manual instructions a while back. Will probably double-check to make sure they’re still in place. As for the September updates, it seems I have 2 choices:

1. Skip the security update & only apply the IE11 Cumulative Update, plus the Security & Quality Rollup for .NET Framework, Security Update for Adobe Flash Player, & the update for .NET Framework 4.8,
2. Move back to Group A & apply the Security Monthly Quality Rollup, plus the Rollup for .NET Framework, the Adobe Flash update & the .NET Framework 4.8 update.

I’m leery of skipping security updates, especially just to avoid telemetry. I probably won’t be bit by anything… but I can’t be sure of that. So has Micro$oft ultimately screwed me & forced me back into the hive mind? Or is there a way to avoid telemetry, at least for now, yet still be protected?

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

Use @abbodi86 ‘s method to avoid telemetry. It works for both Group A and Group B since the Compatibility Appraiser is the same for both. Run the script as a Scheduled Task on login so you won’t miss any changes MS tries to do.

And wait till you see what 1909 looks like. Win8.1 won’t run out of time like Win7 will.

2 users thanked author for this post.

Microfix, WildBill

Reply | Quote

I’ve used the Spybot Anti-beacon portable app to disable the “appraiser” tasks on my win7 & 8.1 machines with no side effects

Reply | Quote

WildBill: From my understanding of what is going on here, I would say that moving back to Group A will not help, because this is a problem that affects everybody, regardless of which way they patch every month. One will have to do the same things to avoid transmitting information on the use of one’s computers to MS, regardless of whether one is in Group A or B.

I think that a good and relatively painless way to get rid of the MS telemetry software is the “short method” doing three easy things, one of the two proposed by aboddi86, the same one that GoneToPlaid has written about in this thread mentioning that it has been working well for him and is the method I also intend to use.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

WildBill, I have to agree with PKC and Oscar that you may consider fighting the telemetry since it is not that hard. Further, I feel that AJNorth (and Abbodi86) has a handle on the situation and the telemetry.

While I will stay with Group B some others have jumped to Group A and then used the anti telemetry methods. PKC’s idea of running Abbodi’s script at every startup is great and like my old .BAT (now called .CMD) files I had on my PC’s to do the same for temp files, history and cookies.

Abbodi86’s suggestions from Askwoody Schtasks 1901665

AJNorth’s suggestions from Askwoody Schtasks 1902567

Look into those and see if it changes your mind.
Good luck Wild Maaaaaan!

Reply | Quote

Susan Bradley said:

Bet there are security issues that they are fixing

Seems like there was an issue, described in CVE-2019-1267 | Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability.

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The security update addresses the vulnerability by writing the file to a location with an appropriate Access Control List.

Source:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1267

The problem is that the CVE-2019-1267 issue does not exist if there was no telemetry stuff installed. Don’t fix what ain’t broken-and if the affected software is not present, it also cannot make OS vulnerable. To fix this issue they could just re-release KB2952664, like many times before. Or, if there would be a conflict in patch supercedence, as KB 2952664 functionality is included in Monthly Rollups (starting from March 2019 and KB4489878), they could make a separate patch, like KB3121461. They released separate Silverlight update to fix Japanese calendar-related specific issue. And they release separate IE11 rollup each month, where IE is present in all (currently supported) Windows versions. Not to mention the removal of vulnerable software, what they did with Windows Journal
in KB3161102 (as we all know they will certainly not do that with telemetry stuff).

Instead, they silently included this junk in Security-only update. Some of us follow group B Windows patching in order to avoid any Microsoft telemetry and/or nagware, like KB4493132 (which they released not to fix any issue, just to display Windows 7 EOS notification…And they even re-released it!). So for me and some other group B Windows 7 users it is just another security patch to skip. (And prepare for post-January eternal
group W).

Reply | Quote

I agree.  They have now introduced risk into systems that never had it in the first place.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

pmcjr6142 wrote:

If we don’t know what telemetry data MS is collecting and how it might be used, then, seriously, what difference does it make to our daily PC usage.  Can it really be worse than Google that is pretty much collecting our daily lives in total?

And this was the argument when Australia introduced its metadata collection laws a few years ago. And that was supposed to have sufficient safety systems that it can’t just be abused for any old purpose. Metadata was only to be collected for tracking terrorism cases, child porn and other nasty law enforcement issues, etc.

And then we found in the next few years out that it was being misused by everything down to local councils to track parking fine offenders, etc.

It’s like facial recognition, it’s all fine and harmless unless someone puts it to a use that it really shouldn’t.

 

No matter where you go, there you are.

6 users thanked author for this post.

rc primak, SueW, Bill C., David F, Kranium, EstherD

Reply | Quote

I did not install July’s Security only update. I thought long and hard then this post from Canadian Tech cemented my decision.

I look after about 130 client Win7 systems. None of them are enterprise. All just like you describe yourself. I stopped all Windows Updates on all of them 26 months ago and their systems run dramatically better than ever. Never a single problem in all this time.

He isn’t the only person who has posted that no patches are being installed and the computers are running with no problem.

Source: https://www.askwoody.com/forums/topic/microsoft-surreptitiously-adds-telemetry-functionality-to-july-2019-win7-security-only-patch/

I make images about once a month and write down what I’ve had to update since my last image. If any computer starts acting weird, I’ll restore the image and update flash, browsers and malwarebytes among other things. I would not attempt this if I didn’t have my safety net.

I won’t be installing September’s Security only update either. I do download all the patches and have them archived on a USB stick starting with Nov. 2016 and through the current month so if I ever change my mind, I can install without having to scour the catalog to find what I need.

Got coffee?

1 user thanked author for this post.

satrow

Reply | Quote

plodr, I see what you are saying about the telemetry and not wanting to install the SO update. I also agree with you about Canadian Tech whom I follow and admire. You mentioned, “He isn’t the only person who has posted that no patches are being installed and the computers are running with no problem.” The focus is not the computer WILL have a problem. Yes it will run properly without any updates. The point is there are certain vulnerabilities in the wild or a possibility of same that could bite you.

By skipping a SO in Group B you will not get those patches. Group A does not matter they are cumulative. I would strongly suggest you do the SO patches then as is mentioned here by very good people, 1) run a script from Abbodi86, or 2) go down the list of Scheduled Tasks (as per AJNorth) and the few registry keys to change (Abbodi86) and you will have the telemetry off. See my post #1950318 to WildBill.

It is wise that you predownloaded the patches to a USB stick too.

I hope this helps you.

Reply | Quote

As has been represented to me by people I trust, the telemetry is not enabled.  I respectfully disagree with CanadianTech that going without updates on systems for two years makes them better.  Especially with Office updates, there are several in the past two years that I can point to that have been actively used in phishing/ransomware/etc.  If his clients haven’t been nailed, it’s because they are smarter than the average bear.  Going without updates is not wise.  Waiting on updates is wise.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

columbia2011, b

Reply | Quote

I have had this idea and still do. Those “patches” should be nothing more then files, and maybe Registry. Download the changed files and copy the changed files offline ( in an PE environment), no including the bad ones, and that should do it. One should not be using the registry to fix bugs because that is a GREAT way to create bugs and vulnerabilities. A program should be able to run and do what it needs without the registry. The current way of doing windows IMO uses lazy programming. Back in the day, programming was better, as there was less memory to work with. The code was written to be a small as possible and did exactly what it need to do.

Reply | Quote

An admirable plan. Have you yet begun this process? Is it a simple thing to identify the “bad ones” among the other changes that may be helpful?

Reply | Quote

They use it to track down criminals.  To quote from the Reading Eagle newspaper, 11 Sep. 19

DA Adams said his office also was notified by the National Center for Missing and Exploited Children, or NCMEC, that child pornography had been downloaded from a known child porn site to a computer registered to the defendant.

According to federal court papers filed in support of the arrest:

Microsoft Corp. submitted eight CyberTipline reports to the NCMEC, reporting that a user downloaded numerous images of child pornography Jan. 13 at about 1:30 a.m.

The images of the female victim were compared with images of known child pornography victims and matched those of a girl previously identified in a Child Victim Identification Program database.

Reply | Quote

Geo wrote:

They use it to track down criminals.  To quote from the Reading Eagle newspaper, 11 Sep. 19

For some reason the Reading Eagle omitted multiple references to OneDrive uploads in other reports of the same case:

He told them he could have accidentally “dragged and dropped” the files to the OneDrive folder on his work computer as he cleared away evidence from an adjudicated child pornography case that his department investigated, according to the court paperwork.

The agents said Woll had no explanation for how the child pornography was uploaded to his OneDrive account from his home IP address.

https://www.wfmz.com/news/berks/veteran-cumru-officer-busted-by-feds-on-child-porn-charges/1119307848

After learning his OneDrive account was disabled on Jan. 14, Woll ran an erasing program on his home and work computers “to make sure they were clean,” the FBI quoted Woll as saying.

https://www.lehighvalleylive.com/news/2019/09/police-official-facing-child-porn-charges-fbi-says.html

So Microsoft didn’t need to snoop his home computer and therefore there was no “telemetry” aspect. OneDrive has a code of conduct in the services agreement which explicitly forbids such activity, and like virtually all file sharing systems has methods to detect infractions as we all expect.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

Please, let’s keep the topic focussed on This Month’s Windows 7 & 8.1 Security Only Patches … the newspaper article mentioned isn’t related in any way!

Reply | Quote

I can’t believe that someone thinks that Microsoft is using its Telemetry to track down criminals.   Anyway…..

I rebooted my computer the other day after installing a bunch of piled-up updates that have been showing up in the system tray icon for the past month or two.

On reboot, the system was sluggish, the disk activity light stayed on, and I thought my mirrored boot drive is resync-ing, what could it be now?   But NO.   I popped up Task Manager and saw the Telemetry culprit:   “compattelrunner.exe” grinding the whole system down.   I killed it, and searched all my hard drives for that file.   You can guess what happened next.   Yep, NOT FOUND.

Microsoft is becoming more devious than they ever have been… by virtue of the fact that the aforementioned Telemetry program was started at boot-time but is hidden somewhere.   They are modeling themselves after the Hackers and using rootkit techniques to carry on their spy work.   All for what?   To surprise me with some offer for Windows 10 which is a big fat barge full of oversized bloated start menu icons that dumb-down my computer?

To those who think that the “Security Only” patches don’t contain Telemetry, please tell me where compattelrunner.exe came from and why I can’t find it on my system;  YET IT RUNS.

-J1B

EDITED for language!

Reply | Quote

“I rebooted my computer the other day after installing a bunch of piled-up updates that have been showing up in the system tray icon for the past month or two.”

This line does not sound like you are careful about following a Security Only update routine, something referred to on this site as Group B.

The file compattelrunner may have been reactivated among that “bunch of piled-up updates”. You are welcome to use the search box above, on the right, for the terms conpattelrunner, security only, group b, telemetry, or other items you may be curious about. Some of the comments ahead of you have good information. You could also try AKB2000012 that has been mentioned further up.

Reply | Quote

I self medicated the telemetry issue when I installed my update.  Before starting, I simply set my firewall (part of Norton360) to alert me any time that any program (including Windows 7 O/S files) wanted access to the internet.   As the computer was rebooting, alerts started popping up.  They were windows system files (mostly, NETBios and Print/File Sharing services) that wanted access.  I chose the ‘BLOCK ALWAYS’ option.  I got a confirmation on each block with something like ‘A windows subsystem was blocked from accessing another system…..”  And the problem was solved.  Or seemed to be.  Sure, the telemetry and compatibility files were still installed, but they don’t work unless they have internet access.

Seems to me that if we just use our firewalls properly and allow them to do the job they are supposed to, we can block the snooping, the telemetry, and the compatibility files. Then we won’t have to cherry-pick which updates to install.

"War is the remedy our enemies have chosen. And I say let us give them all they want" ----- William T. Sherman

Reply | Quote

Thank you ClearThunder. I have lightly suggested for a long time the same. I too have a 3rd party firewall and usually let the OS “SVHOST” go out. But if one is willing to work with that firewall, much can be stopped.

On an older PC with older Zone Alarm, I would have it block a SVHOST service from going outbound. But after a while of loosing the internet connection 30 minutes after of non use, I decided to allow it. If the telemetry could be spotted with the July and September patches (7 & 8.1), that would be nice. Also if you ClearThunder or anyone sees the exact name of the outbound service, let us know.

1 user thanked author for this post.

ClearThunder

Reply | Quote

Firewalls are an excellent perimeter defense. This approach will block all gathered data from being sent out of your system to Microsoft. For people whose only goal is to ignore all communication with the licensor of your system this approach will satisfy that goal until Microsoft changes course again.

Other users are less concerned over sharing with Redmond, but really do not appreciate their system resources being used without the local user’s instruction. No matter how minute the drain on processing power and speed may be. These users want to stop the background processes that gather the data and create the files that would be blocked by your firewall method. These files may grow more verbose with the continued failed attempts to communicate in the expected manner. This may in turn trigger Microsoft to “repair” the difficulties that are preventing the expected communication.

It is these background processes that abbodi86 and others seek to stop, nullify, or remove as appropriate to each targeted process, and are discussed at length and with more intelligence elsewhere. Of course nothing is made weaker by incorporating BOTH approaches into your overall security posture. So it is good to continue mentioning this as an adjunct. Thanks for bringing it up.

2 users thanked author for this post.

Kranium, ClearThunder

Reply | Quote

When I (finally) installed August updates to my Win7 Pro, here are the windows programs that I chose to block as the computer was rebooting after install:

.NET runtime optimization service, Microsoft compatibility telemetry, Windows activation technologies service, System, and Host process for windows services

After I installed Norton360 a few months ago, it caught quite a few Microsoft irritants that the old McAfee had missed. I promptly blocked;  Microsoft feeds synchronization, Device Display object function discovery provider (whew!), Windows media configuration utility, and Windows Live ID

Now, If I blocked anything that affects the computer adversely, in any way, it hasn’t reared it’s ugly head.  Yet.  Everything seems to be functioning just fine. Including my Peace of Mind.

"War is the remedy our enemies have chosen. And I say let us give them all they want" ----- William T. Sherman

Reply | Quote

Thank you anonymous #1951343 and ClearThunder. These are excellent posts!

Anon you are correct only blocking with the firewall -could- result in larger error logs. Based on your suggestion I may go through my AVG I have blocked and disable the scheduled tasks that initiate them instead.

ClearThunder, thank you for the outbound items you blocked and that it has not affected your windows 7.

Reply | Quote

I like using MsIE11 and WLM to access the internet and to read/send email/news, respectively.

I find that if I block “Host Process for Windows Services” and “Microsoft Windows Live ID Service” in my “Norton Security Suite” firewall that “Windows Live Mail” will be blocked also (e.g., does not work) even though it (WLM) is not really blocked by my firewall.  I think it is really the latter services fault, that WLM will not work without enabling MWLIDS.

What is the reasoning for blocking these two services from communicating through the firewall?  (Please give us some links to past/present {“Ask Woody” / “Windows Secrets”} articles about these services.)

Windows 7 Ultimate 64-bit desktop computer user (forever).

Reply | Quote

Anon, the reason I have those ‘apps’ blocked is because there is no reason for me to give them access. I don’t use any of those apps or services — including the one’s you mentioned.   It’s not a protocol I’ve seen in the forum. It’s just the way I do biz with the internet and my desire to give Microsoft minimal access to my rig.

"War is the remedy our enemies have chosen. And I say let us give them all they want" ----- William T. Sherman

Reply | Quote

[Sueska]

For Windows 8.1 the Sept security only update KB4516064 added and activated telemetry on one PC and re-activated telemetry on another PC.

On the first PC, in an effort to avoid telemetry, the Microsoft Compatability Appraiser had not been previously installed.
1) Scheduled Tasks: Microsoft/Windows/Application Experience folder prior to installation only had 2 tasks, AitAgent and StartupApp. Both tasks were disabled. Post install the Microsoft Compatability Appraiser task was added to the Application Experience folder and the status was Ready. The AitAgent and StartupApp tasks remained disabled.
2) New Folders and Files:
Post KB4516064 install a new executable in Windows/System32 called CompatTelRunner.exe. A new folder in Windows/System32 called Appraiser and a replaced folder in Windows/System32 called CompatTel. The Appraiser folder contained 3 files (appraiser.sbd, Appraiser_Data.ini, and Appraiser_TelemetryRunList.xml) The CompatTel folder contained 2 files (diagtrackrunner.exe and diagtrack.dll)

On the 2nd PC
The tasks ProgramDataUpdater and Microsoft Compatibility Appraiser in the Microsoft/Windows/Application Experience folder were re-enabled post install of KB4516064. The addition of new folders and files were the same as 1st PC.

I disabled the Microsoft Compatability Appraiser tasks on both PCs and ProgramDataUpdater on one PC. Rebooted. All tasks remained disabled.

• This reply was modified 4 years ago by Sueska. Reason: typo

Reply | Quote