What issues can result from hiding a Windows update?

Topic

New Reply

What issues can result from hiding a Windows update? I know of one: user confusion (see this topic for details). Are there any other issues? Is there really a corruption issue as claimed in this post? Have those of you who hid updates experienced issues that you believe are related to hiding of Windows updates?

4 users thanked author for this post.

FakeNinja, Elly, Noel Carboni, ch100

Reply | Quote

Replies

Never had any problem with hiding updates. If is update outdated is automaticaly removed from hidden list. I regularly hide monthly preview rollups and it automaticaly dissappear from my hide list when is released full rollup.

3 users thanked author for this post.

FakeNinja, AJNorth, MrBrian

Reply | Quote

@ anonymous#113171

I can attest to that, ie no problems with Windows Update for Win 7 after hiding many unwanted updates and Rollups.

Since Win 10/29 July 2015, Windows Update for Win 7/8.1 has turned into a malware-like utility, eg GWX KB3035583, Telemetry KB2952664, mandatory monthly Patch Rollups, processor-blocking updates, etc.

1 user thanked author for this post.

MrBrian

Reply | Quote

Other than Windows 7 Update client taking some extra time while scanning, nothing bad happened to me yet because of hiding patches.

I believe using WUShowHide on Windows 10 has saved me from undesired acute trouble with driver updates or the fact some drivers offered may remove access to device features.

1 user thanked author for this post.

MrBrian

Reply | Quote

Year ago my updates take 20 min to find updates, but now it takes 30 seconds. Maybe because Microsoft fix this by released fix for Windows Update.

1 user thanked author for this post.

MrBrian

Reply | Quote

I’ve been hiding unwanted updates for years without any trouble. I have never had to wipe and reinstall due to a Windows Update corruption issue. In fact, I have never had to run the “Repair Windows Update Components” tool on any of my managed systems (although I’ve done so on many other third-party client systems that have been borked over the years for various reasons, none of which are related to hiding updates).

The other advantage of hiding unwanted updates is that I don’t have to worry that they’ll be reinstalled accidentally or intentionally. This was a big deal during the GWX campaign with KB3035583. I hid this update every time it appeared. Had I left it alone and unchecked, it may have been rechecked and installed automatically. I saved several dozen Win 7 and 8.1 boxes from being upgraded to 10 during GWX by hiding this update for clients whenever it appeared on their computers.

Currently, I’m a card-carrying member for Group B, and I also manage Win 7 & 8.1 rigs for friends and family. All in all, a total of 18 computers at the moment. I manually install the Security Only Quality Update and the now monthly Cumulative Update for IE 11, and then hide the MSRT and Monthly Rollup to prevent them from being accidentally installed. None of these systems have ever experienced WU corruption, and I’ve been hiding various updates on these systems since before GWX began.

There may be a theoretical “on paper” db corruption issue with hiding updates, but based on my own anecdotal data of 30+ computers going back years, I just haven’t seen it yet.

5 users thanked author for this post.

Elly, HiFlyer, owdrtn, GoneToPlaid, MrBrian

Reply | Quote

I’m curious as to the reason for hiding the MSRT.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

My reason for hiding MSRT (Group B) is that it sends a ‘heartbeat’ back to Microsoft since the July/August 2016 version IIRC, and not knowing what it sends, I don’t use it. Instead I use Malwarebytes Anti-Malware in cojunction with an AV scanner.

Windows - commercial by definition and now function...

4 users thanked author for this post.

HiFlyer, Elly, owdrtn, Cybertooth

Reply | Quote

Hi Microfix, I do install (actually it is run) the MSRT but the moment it starts making a restore point, I break the internet connection. After it installs, I reboot. When I look at the MRT.log it says it failed to send the heartbeat. I delete the log and reboot again then turn on the internet connection. Subsequent checks for the MRT.log shows none are there. I think I even turned on the internet connection after a few reboots to see if it tried again and did not see any further attempts (I have a 3rd party firewall) and the log file never said that it was successful.  (I have also just refused outgoing with my 3rd party firewall but decided disconnecting from the internet was good too). So I think I have it contained. I see the MSRT as a free virus scan like malwarebytes.

Reply | Quote

Microfix hit it–that’s exactly why I’m hiding MSRT.

https://www.askwoody.com/2016/telemetry-from-the-malicious-software-removal-tool/

Rather than doing this (https://www.ghacks.net/2016/10/20/disable-microsoft-windows-malicious-software-removal-tool-heartbeat-telemetry/) every time, I just don’t install MSRT anymore. I practice good browsing habits, use NoScript/AdBlock Plus, run ESET anti-virus, and run Malwarebytes occasionally. MSRT is useless to me.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Thanks to everyone who replied so far :).

Please continue reporting your experiences with hiding Windows updates, since hiding updates might become part of a modified procedure for those who want to be in Group A but still want to avoid certain Windows updates.

Reply | Quote

Technical details: File datastore.edb stores the hidden Windows updates information.

Windows comes with a program called esentutl that can work with datastore.edb and other files that use the Extensible Storage Engine. My datastore.edb is around 1.2 GB, and compacting it with esentutl made almost no change in its size.

There are viewer programs for datastore.edb and other files that use the Extensible Storage Engine.

1 user thanked author for this post.

HiFlyer

Reply | Quote

I used esentutl to defragment datastore.edb (size 1223 MB on my computer) in an attempt to make it smaller. There was barely any change in its size. Then in Windows Explorer I set its attributes to compressed. Its size on disk is now reported as 338 MB, which is much smaller than before. Oddly, after making this change, I noticed no change in partition free space as reported by Windows Explorer.

Reply | Quote

After rebooting, unexpectedly my datastore.edb file was reset to a new version of datastore.edb with a very small file size (8 MB), and is no longer compressed. I’m not sure why the actions I did should have caused this to happen.

Reply | Quote

Maybe it’s because I tried (as a test) the repair functionality of esentutl.

Reply | Quote

Update: after compressing datastore.edb, after the next reboot a new datastore.edb is created. Apparently it’s not a good idea to compress datastore.edb.

2 users thanked author for this post.

HiFlyer, satrow

Reply | Quote

Personaly i hided this 3 updates for IE from year 2014. It is probably a bug. So hide is best action you can do, be doing this you avaoid acidentaly installation. Windows Update become bad and not reliable. Some years ago i did not  read update details but today its very important. Also microsoft dont allow disable automatic updates in Win 10, this is why i stuck at Win 7.

2 users thanked author for this post.

HiFlyer, MrBrian

Reply | Quote

A couple of data points from me:

I have had NO problems here hiding a few unwanted updates over time. Both my hardware systems run well after having hid several updates for quite a long time.

Here are my own personal lists of updates that I have always hidden, and which will be re-hidden if seen again, from my “Updates to Hide.txt” list:

Win 8.1 x64 Pro MCE workstation, used heavily, managed as “almost Group A” for quite a long time now. Currently running on the latest cumulative Windows 8.1 updates (minus the following):

• KB2976978 – Win 10 Compatibility update for Windows 8.1 and Windows 8
• KB3035583 – GWX
• KB3046480 – Determines whether to migrate the .NET Framework during Win 10 “upgrade”
• KB3068708 – Update for customer experience and diagnostic telemetry
• KB3080149 – Update for customer experience and diagnostic telemetry
• KB3123862 – Updated capabilities to upgrade Windows 8.1 and Windows 7
• KB3173040 – Windows 8.1 and Windows 7 SP1 end of free upgrade offer notification

Win 7 x64 Ultimate system with a role as a small business server, not used much interactively, and managed as “Group B bordering on Group W”. Currently running with April security updates (KB4014661, KB4015546, KB4015549), with the prior update having been in May 2016.

• KB971033 – checks whether Microsoft wants to deactivate your system
• KB2952664 – diagnostics for Win 10 compatibility
• KB3021917 – diagnostics for Win 10 performance compatibility
• KB3035583 – this one is GWX itself
• KB3068708 – adds capabilities to easily upgrade to Win 10

These systems pass SFC checks with flying colors, don’t log unexplained errors, run their applications reliably, and stay up 24/7 (including running lots of nightly backups and other jobs).

The workstation (Win 8.1) checks for updates quickly, once reconfigured to allow Windows Update. I have only installed updates directly from the catalog on the Win 7 system since about a year ago, so I don’t know how a Win 7 update check would run on that machine. I don’t care, TBH, since it’s already in Group W with as few exceptions as I can make.

-Noel

2 users thanked author for this post.

Microfix, MrBrian

Reply | Quote

Much the same excluded/ hidden from my W8.1 Pro as yourself Noel, with the addition of KB3044374 and Silverlight / MSRT. Being in Group B, I also hide ‘Security Monthly Quality Rollups’ as I have taken a tangent to the ‘Security Only’ updates.

Edit: No need to hide Silverlight,  ignore it.

Windows - commercial by definition and now function...

2 users thanked author for this post.

Noel Carboni, MrBrian

Reply | Quote

Hi Noel,

You mentioned that you have installed the April Security Only Rollup KB4015546. Try downloading anything using Windows Update. You will get Windows Update error 8024402C. This error is causes by KB4015546. Now have fun trying to uninstall KB4015546. Un-installation will immediately crash with no percentage numbers. You will have to either manually reboot your computer or kill power to it. Upon rebooting, Windows will reinstall several Registry/Machine settings, then uninstall this update, and then reboot again.

Best regards,

–GTP

 

Reply | Quote

I’ve always selectively hidden those updates I haven’t wanted installed, especially since I started to follow Susan Bradley’s Patch Watch in about October 2014 prior to which I generally installed everything unless there was an internet-wide hullabaloo about a particular troublesome patch, and I may also have followed Windows 7 Help forum in those days although less so now. More recently, of course, this site has been added to my advisory library on such matters!

Over the past six and a half years I have run two Windows 7 x64 machines for principally home use, the main one being solely for gaming and browsing, and the other for browsing as well as having Office 2010 installed for accessing Office docs initially for my job and then since I retired at the end of 2014 for my voluntary work.

That’s the context within which I can confidently say (with fingers firmly crossed for the future) that I haven’t had any issues with hidden updates. They seem often to disappear on their own accord (but will also reappear on the active list whenever the version number/date is changed at which point they get promptly hidden again). Among the updates I routinely hide are the more bizarre time and currency ones, those that have anything to do with Windows 10, and more recently the preview rollup updates. I also hide any update related to my hardware such as firmware or driver updates (I get them from the manufacturers but adopting the “if it ain’t broke, don’t fix it” approach including to graphics drivers) as well as irrelevant updates e.g. for Silverlight which I no longer have on either machine.

Last month I hid the MSRT for the first time since it became associated with telemetry. I’m not convinced it serves any purpose for those who keep their machines well protected in other ways but it’s never done any harm so I’ve always run it. Given the way that MS are now operating I’m not so sure about running it again.

I’d be very reluctant not to hide any unwanted updates because of the risk of them being installed accidentally by me or maliciously by WU, as well as because of the clutter they would add to the active list with daily alerts and the need to run through many more KB numbers each month than at present in order to ensure that only the few wanted ones were being checked among the mass of unwanted ones.

2 users thanked author for this post.

Microfix, MrBrian

Reply | Quote

For decades MS has retired older, no longer needed updates without messing up the WU scan or delivery process. As a tech responsible for several systems, I have had to ignore or hide updates that caused problems on certain systems. When MS decided that our business systems were available for them to loot, I started hiding specific updates. I began this in earnest starting in 2015. During that time until now I have never seen any corruption due to this activity.

I believe that MS is causing windows update problems on user systems, not the sysadmins or the users. MS has been messing with the windows update engine for the last 2 years with occasional disastrous results. Those insufferable slow scans and download times on W7 and W8 that lasted for over a year is an example. If things have gone sideways now, it is because they have managed to corrupt windows update at their end.

4 users thanked author for this post.

HiFlyer, Sessh, Cybertooth, MrBrian

Reply | Quote

Agreed. It’s not like people are hacking Windows to have this feature to hide updates. This is a standard feature with Windows that is supposed to work properly. If there is anything like this happening, it is the fault of MS.

However, this stuff is not happening or if it is, it is so extremely rare. The only time I’ve ever had problems with WU was when the updates themselves corrupted files on the computer. I had updates corrupt the MBR when doing a fresh install of XP and updating completely requiring use of the recovery console to sort out and I had the WU itself become corrupted a time or two which required that the Software Distribution folder be renamed and the computer rebooted to fix it. Windows 7 updates, when I was happily putting blind trust into MS didn’t install correctly and had to be fixed manually just to make updates install properly again. I don’t have problems when not updating. I have problems, if any, when doing the updating.

This seems to be more FUD from those who think defying Microsoft’s wishes in regards to updates will ruin your computer; it doesn’t.

3 users thanked author for this post.

HiFlyer, MrBrian, Cybertooth

Reply | Quote

What’s puzzling is that the patching system worked for years without getting as slow as molasses, and then suddenly started getting sluggish as Microsoft was pushing Windows 10. Hmmm.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

HiFlyer

Reply | Quote

Have you read this https://www.askwoody.com/forums/topic/massive-batch-of-old-windows-updates-retired/
and this https://www.askwoody.com/forums/topic/december-2014-ie-patch-kb-3008923-is-back/

Reply | Quote

I had read those, yes.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

As I have posted before, back in 2013 IMO, an update fried my computer with Windows XP.

When I purchased this computer (Dell Inspiron) in October of 2013 I was hesitant about “automatic updates”.  I did it for a few months into 2014 but then I started to read about problems with some updates.
I started to “hide” updates in early 2014.  The only updates I installed were the ones that were “critical” and only after waiting for several weeks and googling to see if there were problems.
I began to keep a record in Oct. 2014 of what I did and did not install.
I did not find this site until late 2015.  I did follow Susan Bradley’s site and read ghacks site religiously.
So needless to say I have many hidden updates.
Never had an issue.
A little while ago when somehow all my hidden updates got restored, I entertained the thought of installing them.  I deceided not to because I really have not had any issues.
I have also noted that when they were hidden, ie GWX and telemetry updates, apparently Microsoft went into my hidden updates and removed them along with others.
So, the bottom line is, I’ve been hiding updates for 3 years, and my computer is doing just fine.
Oh and the messed up December 2014 IE11 KB3008923 was being offered again the past few days.  (It was in my hidden updates).  I kept hiding it and it kept coming back.
However today, there’s a new one….KB3003057 Dec. 9, 2014 42.4 MB
Haven’t had a chance to look that one up yet.  My gut tells me it’s not going to be good.

Windows7 64 bit SP1 Home Premium Windows Server 2008 R2x64
Group B

1 user thanked author for this post.

MrBrian

Reply | Quote

What issues can result from hiding a Windows update?

Well, not to state the obvious, but if there is a specific issue that you are having, and a certain update fixes that issue, and you hide rather than install the update, your issue will not get fixed.

For instance, you need the latest service pack for your version of Windows in order to have all the latest functionality. But rather than install the service pack, you hide it. You will miss out on whatever functionality was provided for in the service pack. In the case of XP, if you don’t have XP service pack 3 installed, some drivers and antivirus programs won’t work.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Well Yea, if someone hides a needed update it won’t get installed and a problem can remain. But people are supposed to be examining the update, read about it in Woody’s forum and decide if it is needed. Not all updates are to be hidden unless you want group W, then why bother checking. I too have been hiding updates for years, researching every one offered. Only getting ones that affect my OS and programs loaded that need it. No issues, runs fine. No hidden update in WU problems, takes 3 min to scan for updates, etc.   win 7 Group B.

1 user thanked author for this post.

MrBrian

Reply | Quote

Though some may have differing opinions of the Secunia PSI, I nevertheless still find it a useful and convenient indicator of the overall general state of security-related updates for Windows 7 & 8.1 boxes.

The machines I manage are all in Group B, and if the Security Monthly Quality Rollups are not hidden, then even with the Security Only Quality Updates installed, Secunia complains, displaying a red icon in the System Tray (FWIW, the Belarc Advisor is satisfied by the Group B protocol).  Hiding unwanted updates has not resulted in any discernible problems.

1 user thanked author for this post.

MrBrian

Reply | Quote