Aegis: Block all Windows 10 components on Windows 7 and 8
Aegis is a powerful script for Windows 7 and Windows 8 devices that takes care of all components related to Microsoft's news operating system Windows 10.
In addition to that, it is performing additional operations such as adding a number of Microsoft hosts to the blocklist, setting Windows Update to check/notify, and more.
Since it is script-based, it is easy enough to check out what it does in detail, and even to add or remove commands from the script to adjust it accordingly as its author allows code modifications or the sharing of the code or components.
Update: Aegis is no longer maintained. Check out Ancile, a fork that is in active development.
Aegis in detail
Aegis is updated regularly to reflect changes that Microsoft makes, for instance by taking into account new updates or modified updates.
The application is offered via a Mega download currently. The package is offered as a zip file that you need to download to your system. Once you have unpacked it, you find several command files listed in the directory that you can edit directly using any plain text editor.
The file setacl.exe, in case you are wondering supports the managing of Windows permissions from the command line.
How to use it
All you need to do is right-click on the file aegis.cmd and select "run as administrator" to get started. Follow the on-screen instructions from that moment on to complete the process.
Note: It is highly recommended to create a system backup before the program is run on a machine as you may not have any options to undo the changes should things go wrong.
So what does it do in detail?
- Disables or hides the Windows 10 download directory.
- Disables GWX (Get Windows 10), OneDrive, Telemetry, Wifisense.
- Uninstalls or hides 31 KB updates.
- Disables 31 schedules tasks.
- Uninstalls Diagtrack.
- Disables Remote Registry.
- Blocks 188 Microsoft Hosts on 221 IPs.
- Change Windows Update settings to check/notify instead of download/install.
The Windows Updates that the program uninstalls or hides
kb update | description |
kb971033 | update for windows activation technologies |
kb2902907 | description not available, update was pulled by microsoft |
kb2922324 | description not available, update was pulled by microsoft |
kb2952664 | update for upgrading windows 7 |
kb2976978 | update for windows 8.1 and windows 8 |
kb2977759 | update for windows 7 rtm |
kb2990214 | update that enables you to upgrade from windows 7 to a later version of windows |
kb2999226 | update that enables you to run windows 10 applications on earlier versions of windows |
kb3012973 | upgrade to windows 10 |
kb3014460 | update for windows insider preview / upgrade to windows 10 |
kb3015249 | update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 |
kb3021917 | update for windows 7 sp1 for performance improvements |
kb3022345 | update for customer experience and diagnostic telemetry |
kb3035583 | update installs get windows 10 app in windows 8.1 and windows 7 sp1 |
kb3044374 | update that enables you to upgrade from windows 8.1 to windows 10 |
kb3046480 | update for migrating .net when upgrading to later version of windows |
kb3050265 | update for windows update client for windows 7 june 2015 |
kb3050267 | update for windows update client for windows 8.1 june 2015 |
kb3065987 | update for windows update client for windows 7 and windows server 2008 r2 july 2015 |
kb3065988 | update for windows update client for windows 8.1 and windows server 2012 r2 july 2015 |
kb3068708 | update for customer experience and diagnostic telemetry |
kb3075249 | update that adds telemetry points to consent.exe in windows 8.1 and windows 7 |
kb3075851 | update for windows update client for windows 7 and windows server 2008 r2 august 2015 |
kb3075853 | update for windows update client for windows 8.1 and windows server 2012 r2 august 2015 |
kb3080149 | update for customer experience and diagnostic telemetry |
kb3083324 | update for windows update client for windows 7 and windows server 2008 r2 september 2015 |
kb3083325 | update for windows update client for windows 8.1 and windows server 2012 r2 september 2015 |
kb3083710 | update for windows update client for windows 7 and windows server 2008 r2 october 2015 |
kb3083711 | update for windows update client for windows 8.1 and windows server 2012 r2 october 2015 |
kb3112343 | update for windows update client for windows 7 and windows server 2008 r2 december 2015 |
kb3112336 | update for windows update client for windows 8.1 and windows server 2012 r2 december 2015 |
Closing Words
Aegis is a sophisticated program that is updated regularly to block Windows 10 components, updates designed solely for the promotion or installation of Windows 10, and other undesirable components on systems running Windows 7 or 8.
Hi Martin,
The project aegis-voat has been discontinued since Jul 2016 due to personal issue with the operator/owner of voat.co. Visit https://voat.co/v/technology/comments/853510 for more details.
Fortunately Matthew Linton has picked it up and continue it as a fork & rework with a new project-name ‘Ancile’.
https://bitbucket.org/matthewlinton/ancile and https://voat.co/v/Ancile
I wonder if you could consider to make a review of the new Ancile?
Many thanks for your attention.
CU
Scalar
Thanks, I have published a review and updated this one.
Great, thanks :)
CU Scalar
Great work! But i have a question: with Aegis installed, can Microsoft still copy the content of your HDD or copy an
index of all the files on your computer? or still save all the keystrokes you are typing, or record every program
you are using and check it’s license? Or can we be certain that future software will really be able to block all
Windows 10 spying and collecting..?
Specially since i read that updates are mandatory on windows 10.. and the EULA is crazy..
I want to buy a new computer..but now the new Skylake processors line (6700K..) will not recieve security updates on
windows 7 after July 2017… MS is doing that to force everyone to change to windows 10, or stay with old outdated
equippement..
I would prefer to buy new Skylake processors and new DDR4 memory and run windows 10..
But it seems is Windows 7 and old Processors are the last possible option for a Personal Computer?
At least until jan 2020 when windows will not make any more security updates for System 7..
For the first time and out of nowhere this month, my Windows 8.1 machine doesn’t let me run the aegis script and gives me a “Windows script host access is disabled on this machine” error. A little googling showed me the simple registry fix to switch it back on. A paranoid person might think MS is putting that in there attempting to block this new tool.
Since we’re not paranoid we won’t think that :)
*web browser
Problem fixed. I got a reply from another place ( https://voat.co/v/technology/comments/459263/new ). If anyone else has an issue with this, here was the response and this fixed it:
Hey, sorry you are having a problem. I checked on that and we aren’t blocking hotmail on purpose but it looks like one of the host blocks we are doing matches that host you mentioned.
Here’s what you can do to fix it immediately, run this in an admin command prompt:
route delete 204.79.197.200
route delete 204.79.197.201
route delete 204.79.197.202
route delete 204.79.197.203
route delete 204.79.197.204
route delete 204.79.197.205
route delete 204.79.197.206
route delete 204.79.197.207
route delete 204.79.197.208
route delete 204.79.197.209
route delete 204.79.197.210
route delete 204.79.197.211
I will go ahead and remove those host blocks so that it won’t happen again in the future. Give me a few minutes and I will push the update. You can grab the latest version here:
https://github.com/th3power/aegis-voat/archive/master.zip
Let me know if you have any other questions. :-)
Good to know. Thanks for posting this!
I have just run the Aegis script “aegis-voat-1.11”. Now I can’t access Hotmail. My we browser no longer connects to https://blu182.mail.live.com/default.aspx How can I fix this?
@Thane Ahrens: When I ran Aegis, it blocked connections from the computer to many Microsoft domains, including Hotmail, etc.. (See comments above.) As Martin suggested to you, you can see if the website you are no longer able to connect to is listed as being blocked in your HOSTS file, and then you could edit your HOSTS file and remove the entry or entries that are affecting you.
Alternatively, you can also boot into Safe Mode and run System Restore, restoring your machine back to the time just before you ran Aegis. That’s the method I followed, because I could not find the websites being blocked in my HOSTS file.
Check the hosts file and see if it lists the host. You find it in c:\windows\drivers\etc
What lines of code in the HOSTS file do I need to erase exactly? A friend of mine (who’s more tech savy than me) recommended me Aegis because of the constant Windows 10 nagging message, but now I can’t access my e-mail because Hotmail seems to have been blocked… How do I re-enable this to be able to use all the functions of the e-mail?
I’m not using hotmail, but start with live.com as this is the entry point and used when you open the web interface.
I didn’t realise that before but the name gwx.exe seemed to be weird name to give to the Windows 10 updater. Now I finally realised what it stands for. It’s “Get Windows X”, or “Get Windows 10”!
X = 10 in Roman numerals, that definition explains the name perfectly I think.
Now that you mention it… indeed.
I’ll stick on WVII for the time being, which could lead to KWVII (Keep Windows 7) :)
Martin,
Thanks for the mention. FYI a new version has been released with many improvements. Also we have moved the project to GitHub. Please let us know if you have any questions. Thanks. :-)
You have to be careful with mistakes.
Among the Windows Updates that the AEGIS program uninstalls or hides is :
kb2999226 : update that enables you to run windows 10 applications on earlier versions of windows
I haven’t run the AEGIS application (fortunately!) but I have removed the KB2999226 after reading their description about it.
Then I ran a program which wouldn’t start anymore : ‘Simple DNSCrypt’ : a popup specified that file api-ms-win-crt-runtime-l1-1-0.dll was missing.
I searched for information and found out that the file api-ms-win-crt-runtime-l1-1-0.dll was part of the KB2999226.
Microsoft states KB2999226 as “Update for Universal C Runtime in Windows”
AEGIS states KB2999226 as “update that enables you to run windows 10 applications on earlier versions of windows”
-> Find the culprit.
I followed advise found (done for the same file missing problem but for another app) at https://www.smartftp.com/support/kb/the-program-cant-start-because-api-ms-win-crt-runtime-l1-1-0dll-is-missing-f2702.html
That is, I reinstalled KB2999226, uninstalled then re-installed Microsoft Visual C++ Redistributable Package 2015 for both x86 and x64 (I’m on Win7 x64), and all is fine again, api-ms-win-crt-runtime-l1-1-0.dll back in place and ‘Simple DNSCrypt’ running correctly.
For whom this may concern : be aware of what a good intention can lead to if unskilled.
Tom, this update has been removed from the latest version. Please let us know if you have any questions. https://github.com/th3power/aegis-voat
Thanks, thepower, for bringing this public, and be thanked, you (and the Aegis Team) for your work, your commitment to a better Web. As in life, reasons to frown and reasons to smile :)
I had forgotten to mention in my first posts that the KB2999226 update was the only one in your list that I had not already uninstalled and/or hidden from updates, this explains also why I focused on it (I was telling myself then “What, I’ve missed one, I still have an intruder on board?!” …
All is well, keep up the good work.
Tom,
I’m sorry this caused you a problem, and I want to thank you for your feedback. I appreciate what you are saying. When I say it was not a mistake I simply meant it in the context as it was not an accident that we blocked it – we did it on purpose. However I don’t necessarily claim it was a good choice.
In any case I am always open to user feedback and I often change my mind after listening to what people have to say and learning new information. In this case it seemed prudent at the time and I was not aware that it was going to cause other problems so I will definitely take a look at that update and re-evaluate. :-)
I’ve always focused on the intention, far more important to me than the result. I know you have good intentions and your work proves it. After that, opinions may diverge. My point was more to share a difficulty and its solution than to emphasize on what I call a mistake but which may be arguable even if, in this case, it doesn’t come to my understanding.
No bigger problem than that. It wasn’t an issue for me (even if I’d dare not even imagine getting on a work such as yours with this application), so the comment was motivated — very frankly — at 49% by an immediate irritation and at 51% by a “good action” :)
There are much bigger problems in life and even within the cyberworld.
All the best, thepower (is with you!)
Hi Tom,
This was an intentional choice rather than a ‘mistake’. Although you could argue it was not a good choice. We have so far only had one person report this to us as an issue – maybe that was you? :-)
I am still on the fence about this, since we feel like it’s better to err on the side of caution, and a user can always comment out this one update in the code so that it won’t be blocked.
Well, the fact is that applications requiring Microsoft Visual C++ Redistributable Package 2015 may be blocked without the KB2999226 update. I haven’t found any relationship between this update and Windows 10, unless one argues that if Windows 10 has it natively then it is suspicious, in which case applications such as .Net Framework would be suspicious once they are built in the latest Windows version but require an install for previous versions…
What I mean is that I can understand the awareness Microsoft’s aggressive Win10 upgrade policy has and continues to stir, and that I realize that this distrust can lead to automatism and the mistakes this can carry, as in “real” life. In this case, removing KB2999226 is a mistake.
I wasn’t the one who reported as you mention it above. We are at least two then, hoping a plain user totally out of the computing basics will not have been a third, anonymous and maybe deeply annoyed. You have to be careful and I don’t understand how your choice might have been deliberate and not a mistake : this IS an authentic BIG mistake, sorry to say so.
You can allways safely update windows 7 via Simplix UpdatePack7R2
You can eliminate a lot of microsoft shit by using Winreducer for win7 to win 10
icy
I ran Aegis and found it to be a little overly-aggressive in its blocking for my taste. It blocks Bing webpages and Skype login page, as well as Microsoft pages where I look up KB update info. I could learn to live without the occasional Bing image, video, map, and news search, but I have to be able to login to the Skype website to manage my account, so this is a dealbreaker for me.
I reverted back to the system restore point I made and got rid of Aegis. I’m sticking with GWX Control Panel and its realtime monitoring protection for now.
Hy,
At this point I would say it is a combination of at least 5 or 6 others scripts and utilities, including the 2 you mentioned. I try to watch out for anything it may be missing and add those bits. It would probably be redundant but I don’t see any reason why it would cause a problem to run it in combination with them. However if you have any problems please let us know.
Hy,
Based on user feedback (including yours) we have removed the blocks for bing, hotmail, msn, outlook, and skype in v1.10. If you find anything else that you feel shouldn’t be blocked please let us know. And of course you can always modify the code and remove anything you like, it’s all open source and plain text.
P.S. @thepower: Thanks for your important, invaluable work on this project to help people protect their privacy!
@thepower: Thanks very much for the response and for letting me know! Sounds like a good decision to remove the blocks for those domains. I think I will give Aegis a try again.
It sounds like Aegis is a cross/combination of Spybot Anti-Beacon (which blocks telemetry) and GWX Control Panel, which blocks forced Windows 10 upgrade. Would that be a fair characterization of Aegis–that it does both?
Is Aegis fully compatible with both SAB and GWX CP? I am currently runing both, and wonder if Aegis is still necessary and if so, if it would work with both of them side-by-side with no problems.
Thanks for letting me know!
#
Had to use Internet Explorer to download aegis v. 1.9. Irony?
Suppose because of the new security settings in Firefox 44.
Took a while until I had the idea.
GWX Control Panel registered the changes and says
“At least one hidden download folder was found”.
Thanks, Martin, for another great article and thanks
to the author of the script. Great work!
Had to use Internet Explorer to download aegis v. 1.9. Irony?
Suppose because of the new security settings in Firefox 44.
Took a while until I had the idea.
GWX Control Panel registered the changes and says
“At least one hidden download folder was found”.
Thanks, Martin, for another great article and thanks
to the author of the script. Great work!
Sorry you had a problem, the project is now hosted on Github so hopefully that will make it easier for users to download the files. :-)
hey Martin,
please check this. https://www.safer-networking.org/spybot-anti-beacon/
I’m curious if uninstalling all those KB’s leaves still something on or not and if this kind of stufuW10 programs are still needed
Aegis does everything SAB does plus a lot more (note they use host blocking, we use persistent static null routes, but I checked our lists against theirs and we aren’t missing anything).
I thought there was no API to hide updates. Maybe that was incorrect. Does this uninstall and hide them?
We hide updates using a small vbs script that someone shared on serverfault. http://serverfault.com/a/341318
It mostly works pretty well however Microsoft has been un-hiding and re-pushing certain updates lately so it is an ongoing battle.
From the Windows update GUI, when it lists the available updates, right click the update you want to hide and click hide this update, that’s assuming you’ve set Windows update not to install updates automatically.
Details:
Disable gwx/skydrive(aka onedrive)/spynet/telemetry/wifisense, disable/hide windows 10 download directory, uninstall/hide 31 kb updates (see list below), disable 31 scheduled tasks (optional components that phone home to microsoft), uninstall diagtrack, disable remote registry, block 188 microsoft hosts (221 ip’s), change windows update settings to check/notify but do not download/install
Windows Update:
This script will not block Windows Update, however it will change your Windows Update settings to check/notify but do not download/install.
Sooner or later, I think users will figure out that Microsoft techs, Mark Russinovich is one (and he has trained an elite core of experts), aren’t exactly “dumb” and the computers that are running such “blocking scripts and programs” will become completely “static” and, most likely, inoperable. In other words, the MS Techs will simply say, “If you are going to use Windows and want update M, O, and P, then, the settings on your computer will have to change in order for the update to come through [which it can’t do at this moment because you are blocking it with some silly toy a nerd made to showoff to his buddies], and we won’t tell you what settings those are–go back and undo everything–good luck.
Well, in that case I will totally switch to Linux cause it’s intolerable to feel raped by any company that one support by buying their product. It is like being force fed by your local gyros restaurant.
All of these are clones of the original, called Block Windows. It’s the first one of those, and features way more stuff. Check it out, works flawless.
https://github.com/windowslies/blockwindows
top Windows 7 through 10 Nagging and Spying updates, Tasks, IPs, and services. Works with Windows 7 through 10
BlockWindows.bat – Right Click and “Run as Admin”
hosts.bat – Works with Windows 7 and 8. Appends current hosts file. Run from your Downloads directory. Doesn’t work on Windows 10, copy hosts file to your router or firewall if using Windows 10
hosts2.bat – Blocks M$ hosts with firewall BLOCKS most M$ sites OUTLOOK,HOTMAIL,ETC REM any you use
hosts – DNS file of MS hosts to block
hostlist – MS Hosts file to blocking for router or firewall use
hosts-dnsmasq – Hosts file for dd-wrt and other routers
HideWindowsUpdates.vbs – Hides blocked updates, to reinstall click ‘show hidden updates’
DisableWiFiSense.reg – Adds registry to disable WiFi Sense, which steals your wifi password without your consent.
unblock.bat – Unblocks hosts2.bat blocking
that one is outdated by now. Doesn’t include latest updates etc.
Hi John,
Aegis has been updated recently and now includes 48 kb updates among other improvements. :-)
All the “clones” or dedicated Windows 10 anti spy programs do the same thing, and there is no “original.” In fact judging project start date it isn’t the first one, there were other user create bat files created doing similar things during the Windows 10 preview period.
Anyways it is not too difficult to look at network logs and then create host file entries or look at Windows services and manually disable them, or create a bat file to do it.
In fact I like the programs better, instead of running separate multiple bat files, they put everything in application and create a UI that does it all in one click including option to undue any changes if something inadvertently breaks.
And sense the author was kind enough to put it on github, the only thing that I think is not included in the third party anti spy applications is the host files for routers.
There’s already a little program that works on 7, 8 and also 10.
https://github.com/Nummer/Destroy-Windows-10-Spying/releases/
On my machine, the above program didn’t hide the “updates”, but right click “Hide update”
PS: source code is available
If pro-Microsoft people are having problems understanding why there’s so much hate for Microsoft and Windows 10 you only have to look at the amount updates pushed onto peoples computers and the 31 scheduled tasks, while that maybe great if you want to take Microsoft up on their offer it’s not if you don’t.
If you received 31 telemarketing phone calls in the last 6 months all from the same company and they continued calling even after you told them you’re not interested you would probably start getting a little annoyed, you would probably be wondering what you have to do or say to get them to leave you alone.
@Corky
Your comparison between MS and Telemarketers is the best summation of the Windows upgrade situation I’ve read.
Simple analogy, easily understood even by Win 10 shills/trolls.
Wish I’d thought of it ! :-(
And this is why I check every single update what the update contains before I install it, just to avoid getting any of the Windows 8+ crap.
Windows 7 ftw!
This looks good. Checking and if necessary uninstalling that complete list of KBs will certainly come in handy.
Thanks for posting this, Martin!
Just a “thank you, Martin” for another highly appreciated article.
You are welcome.
http://tinyurl.com/phofgss
Thanks for providing this link. I will go through the other programs and pull in any bits we may be missing.
@ yoav – Yes it is pretty crazy but thankfully there are folks out there who are interested and technically proficient enough to offer solutions to those of us who are just “somewhat educated” users. That’s one of the terrific benefits offered by Martin through this blogsite. Thanks, once again, Martin.
It’s pretty crazy that Windows users have to install software to protect themselves from Microsoft.
Says a guy who uses google services…
@Gary, no I think you’re right. If not him, then it’s always someone. I said then, and I say it now, that I think MS employs shills to find Win 10 articles on the web and comment in favor of Win 10. If that puts a tin foil hat on my head, so be it.
The campaign seems to be to find people complaining about W10’s privacy issues, and paint them as being deranged lunatics or conspiracy theorists. From what we’ve seen from MS’ unprecedented level of aggression in forcing W10 on people, I wouldn’t put it past them.
@Andrew
I remember your name appearing in the comments on other Win 10 articles regarding telemetry, forced botched upgrades, etc., written by Martin.
From what I remember, you were extremely pro Win 10.
You regarded anybody who did not want to update to Win 10 as tin foil hat wearing, paranoid, conspiracy freaks.
Of course, I may be wrong and maybe I have remembered the comments made by a different Andrew……………….
Thanks Martin for this article and the Aegis web site link.
I never bought anything from Google, so my expectations are different. I did buy an operating system from MS and I expect to own it completely. MS is infringing on my ownership rights and I resent that.
@yoav — exactly my thoughts. That this needs to exist is sad & shameful.
Do you know Jeff personally then Andrew?
I only ask as it seems a rather large assumption to make that someone uses Google services, not that Google services are in any way, shape, or form comparable to Windows 10, in case you can’t work it out Windows 10 is an operating system and Google services are not.
Uh——-Android, Chrome, Chromium Project——-um yeah. I can see why you might reach that conclusion. (Please pause for sarcasm to settle in. Thank you.)
As far as both not being comparable somehow, that fact is that couldn’t be further from the truth.
Between Google’s Forced Integration model and Microsoft’s Forced Win 10 upgrade debacle, both Google and Microsoft are two of the biggest offenders when it comes to corporate take-overs, hubris & manipulation.
If silicon valley were a gangster’s paradise, Google & Microsoft would be the top 2 corporate thug families.