Blocking Telemetry in Windows 7 and 8.1

Microsoft pushed patches to devices running Windows 7 and 8.1 in recent time that collect information and transfer data to Microsoft regularly.

One of the main issues that Windows users may have with telemetry is that Microsoft does not reveal what it is collecting, and what is included when telemetry data is transferred to the company.

The following tutorial provides suggestions on limiting Windows data collecting and transferring. There is no guarantee that nothing is collected and/or submitted after making privacy related changes to the operating system, but a guarantee that data collecting is severely limited at the very least.

Information taken from various places around the Internet including this Ask Woody comment, this German forum post, and Günter Born's post.

Make sure you back up important data before you continue.

Update: Eric @ Tweakhound created scripts that you can download and run. It is recommended that you go through the scripts first before you execute them.

Blocking Telemetry in Windows 7 and 8.1

uninstall telemetry updates

The following Windows updates are related to telemetry and diagnostic data.



  • KB971033-- Description of the update for Windows Activation Technologies
  • KB2952664 -- Compatibility update for keeping Windows up-to-date in Windows 7
  • KB2976978 -- Compatibility update for keeping Windows up-to-date in Windows 8.1 and Windows 8
  • KB2990214 -- Update that enables you to upgrade from Windows 7 to a later version of Windows
  • KB3021917 -- Update to Windows 7 SP1 for performance improvements
  • KB3022345 -- Update for customer experience and diagnostic telemetry
  • KB3035583 -- Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
  • KB3044374 -- Update that enables you to upgrade from Windows 8.1 to Windows 10
  • KB3068708 --  Update for customer experience and diagnostic telemetry
  • KB3075249 -- Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
  • KB3080149 -- Update for customer experience and diagnostic telemetry
  • KB3123862 -- Updated capabilities to upgrade Windows 8.1 and Windows 7

You can remove any of the patches using two methods:

  1. Tap on the Windows-key, type Windows Update, and hit the Enter-key.
  2. Select Installed Updates on the window that opens.
  3. Right-click on updates and select uninstall to remove them from the system.

Second method uses the command line instead:

  1. Tap on the Windows-key, type cmd.exe, hold down Shift and Ctrl, and hit the Enter-key. This opens an elevated command prompt.
  2. Use the command wusa /uninstall /kb:3080149 /quiet /norestart to remove updates.
  3. Replace the number after kb: with the update that you want to remove.

Make sure you hide any update that you have removed, as it will be picked up by Windows again the next time Windows Update checks for update.

The Windows\System32\CompatTel folder

The CompatTel folder is still there after you remove the telemetry updates on the machine. One change that you may notice is that the older Telemetry client, diagtrackrunner.exe is in that folder, and not the newer compattelrunner.exe.

Read also:  Can I delete $GetCurrent, $SysReset, $Windows.~WS and $Hyper-V.tmp?

You cannot remove the folder or files directly, as you need ownership first for that.

Turn off the Customer Experience Improvement Program

customer experience improvement program

We have posted a tutorial already that explains how to turn off the Customer Experience Improvement Program.

Basically, what you do is click on Start, type customer experience, and select the "change customer experience improvement program settings" result. Select "No, I don't want to participate in the program" when the new settings window opens.

Remove the Telemetry service

Next thing on the list is to remove the Diagnostic Tracking service. It may not exist anymore already, but I suggest you run the commands below just to make sure.

Open an elevated command prompt -- if it is not still open -- and run the following commands:

  1. sc stop Diagtrack
  2. sc delete Diagtrack

The first command stops the Diagtrack service, the second deletes it.

Blocking Microsoft Servers

Caution: Some servers and IP addresses may be used by other Windows services. If you notice that some are not working anymore, disable them one by one until you find the culprit that you need to exclude from the blocking.

Note: the following servers cannot be blocked using the hosts file. You need to block them using another means, e.g. router firewall or installed firewall.

  • onesettings-hk2.metron.live.com.nsatc.net
  • onesettings-bn2.metron.live.com.nsatc.net
  • onesettings-cy2.metron.live.com.nsatc.net
  • vortex-hk2.metron.live.com.nsatc.net
  • vortex-db5.metron.live.com.nsatc.net

Other servers you may want to block:

  • 134.170.30.202
  • 137.116.81.24
  • 204.79.197.200
  • 23.218.212.69
  • 65.39.117.230
  • 65.55.108.23
  • a-0001.a-msedge.net
  • choice.microsoft.com
  • choice.microsoft.com.nsatc.net
  • compatexchange.cloudapp.net
  • corp.sts.microsoft.com
  • corpext.msitadfs.glbdns2.microsoft.com
  • cs1.wpc.v0cdn.net
  • df.telemetry.microsoft.com
  • diagnostics.support.microsoft.com
  • fe2.update.microsoft.com.akadns.net
  • feedback.microsoft-hohm.com
  • feedback.search.microsoft.com
  • feedback.windows.com
  • i1.services.social.microsoft.com
  • i1.services.social.microsoft.com.nsatc.net
  • oca.telemetry.microsoft.com
  • oca.telemetry.microsoft.com.nsatc.net
  • pre.footprintpredict.com
  • redir.metaservices.microsoft.com
  • reports.wes.df.telemetry.microsoft.com
  • services.wes.df.telemetry.microsoft.com
  • settings-sandbox.data.microsoft.com
  • settings-win.data.microsoft.com
  • sls.update.microsoft.com.akadns.net
  • sqm.df.telemetry.microsoft.com
  • sqm.telemetry.microsoft.com
  • sqm.telemetry.microsoft.com.nsatc.net
  • statsfe1.ws.microsoft.com
  • statsfe2.update.microsoft.com.akadns.net
  • statsfe2.ws.microsoft.com
  • survey.watson.microsoft.com
  • telecommand.telemetry.microsoft.com
  • telecommand.telemetry.microsoft.com.nsatc.net
  • telemetry.appex.bing.net
  • telemetry.appex.bing.net:443
  • telemetry.microsoft.com
  • telemetry.urs.microsoft.com
  • vortex.data.microsoft.com
  • vortex-sandbox.data.microsoft.com
  • vortex-win.data.microsoft.com
  • watson.live.com
  • watson.microsoft.com
  • watson.ppe.telemetry.microsoft.com
  • watson.telemetry.microsoft.com
  • watson.telemetry.microsoft.com.nsatc.net
  • wes.df.telemetry.microsoft.com

Deleting Scheduled Tasks

task telemetry

Windows 7 and 8.1 run a lot of tasks that send data to Microsoft.

  1. Tap on the Windows-key, type Task Scheduler, and hit the Enter-key.
  2. Navigate to Microsoft > Windows in the task hierarchy, and delete (or disable) the following tasks:
  3. All tasks with Application Experience.
  4. All tasks with Autochk.
  5. All tasks with Customer Experience Improvement Program.
  6. DiskDiagnosticDataCollector under DiskDiagnostic.
  7. WinSAT under Maintenance.
  8. Deactivate all Media Center tasks.

Closing Words

There is always the chance that new updates will add new services or tasks. This is why it is recommended to set Windows Update to inform but not download and install automatically.

Now You: Have anything to add? Let us known in the commands.

Summary
Article Name
Blocking Telemetry in Windows 7 and 8.1
Description
This guide provides you with detailed instructions on how to disable telemetry and data collecting services on Windows 7 and Windows 8.1 PCs.
Author
Publisher
Ghacks Technology News
Logo

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Blocking Telemetry in Windows 7 and 8.1

  1. Hy February 11, 2017 at 9:49 am #

    This looks superb, Martin. Thank you so much!

  2. Tom Hawack February 11, 2017 at 10:13 am #

    Excellent, Martin. Personally I go even further, but the essentials are all in your article.
    Telemetry relates to privacy and another Windows (7 Up or did it start with Vista?) is the infamous Webcache folder which collects the user's history and is problematic to clean, another Microsoft fantasy.

    If you wish to be able, more than to empty that folder but to stop Windows from filling it up in the first place, then have a look at the article which explains how to proceed. Works for Win10 as well as for Win7. I just cannot stand not being able to empty a cache, especially Windows' ...

    Disable WebCache : https://www.tenforums.com/general-support/37841-disable-webcachev01-dat.html#post_538631

    Works great here. WebCache folder no longer gets whatever. Empty, zero bytes, the end (yours) my friend (because I remain polite) Microsoft.

    Beware, what is mentioned in the article includes editing the Registry and as such requires attention. AVOID if you don't know what you're doing. If you do know then the method is radically efficient.

    • Albert McCann February 12, 2017 at 12:42 am #

      I tried the disabling WebCache things, and that kills the ability of Microsoft Outlook from displaying any web hosted HTML content. :-( Putting the registry entries back, and restarting the task then allows Outlook to properly display HTML emails.

      • Tom Hawack February 12, 2017 at 1:07 am #

        A perfect example of the way Microsoft tightens up everything, linking and building as a spider.
        What is the purpose of this Webcache, to serve Microsoft products (as Outlook) or to serve Windows globally?
        If Outlook requires that cache then MS should make that cache specific for its products. That's the core of the company, link as much as they can between what serves the user and what serves them. Pathetic.

        There is NO reason for a cache to be out of the user's control. It's always possible to clear that Microsoft WebCache manually but it's a bit problematic and never feasible automatically. Should it have been easy, obvious as it is everywhere else than in MicrosoftLand I wouldn't have searched to disable that cache in the first place. It's always been a Microsoft obsession, to control Windows caches, it bothered me and many for years with XP ... got worse with Seven, wonder how it's uncured with Win10 ...

        Thanks for reporting this internal to Microsoft issue, Albert. Good thing you managed to reverse the process (the how-to mentioned deleting those reg entries). And good thing I added in my previous comment to always be cautious with Registry manipulation.

    • diegocr February 12, 2017 at 3:21 am #

      I followed these steps to disable WebCache... unfortunately, this causes explorer.exe to crash on every startup.

      On the events viewer i can see the following error:

      Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
      Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
      Exception code: 0x80270249
      ...etc

      So, i'd advice not to do this. Instead, i did moved/symlinked the WebCache folder to a RAMDisk, so it doesn't mess with my SSD.

      (ps: explorer.exe auto resumes itself, so you may don't notice the crash beyond an increased startup delay)

      • Tom Hawack February 12, 2017 at 11:09 am #

        @diegocr, all I can say is that I've experienced no issue myself, here with Win7 64-BIT, that I don't use Outlook as Albert McCann above. Not sure twinui.dll is in whatever way related to this WebCache, Anyway for anyone such as me who avoids built-in Windows applications, no problem, but otherwise, as Albert and maybe as yourself, it may be likely that Windows does call this WebCache for its own applications. It's always the same scenario : if you use Windows and a given (Outlook i.e.)/some/all its components out of the box then think twice before tweaking its spaghetti coding, from the registry to the files.

  3. wybo February 11, 2017 at 11:21 am #

    One update slipped through the net which I have uninstalled now.

    As I have never touched the Windows firewall could someone please tell me how to block the MS servers. Thanks in advance.

    Thanks martin for yet another excellent tutorial in how to thwart MS telemetry.

    • Tom Hawack February 11, 2017 at 11:56 am #

      'MS servers' is a wide denomination.

      MS servers dedicated to tracking are mentioned in the article, perhaps a tougher approach even with,
      - WindowsSpyBlocker : https://github.com/crazy-max/WindowsSpyBlocker
      - Ancille : https://bitbucket.org/matthewlinton/ancile/
      - BlackBird : http://www.getblackbird.net/
      - Destroy-Windows-10-Spying - https://github.com/Nummer/Destroy-Windows-10-Spying

      I'd advise caution, except for WindowsSpyBlocker, because some settings (block/removable) may be arguable, IMO.
      Here I don't run the scripts and batch processing provided by the above mentioned sites, but rather extract IP ranges and urls then add the former to a personal filters list I add to the PeerBlock application and the latter to a domain blocking blacklist I use with DNSCrypt-Proxy.

      Concerning PeerBlock and your question, wybo, if you,
      - install the application (free), available at https://code.google.com/archive/p/peerblock/
      - add a dedicates Microsoft blocking list available at https://www.iblocklist.com/lists (see 'Microsoft' in the list on that page),
      then you should have most of Microsoft's servers blocked, but that means harmless servers as well : only if you've decided to ban Microsoft, totally, which is a very personal choice, mine as well need to say. I wouldn't advise to ban whatever company except dedicated ad/tracking servers. My choice is a blend of efficiency and deep irritation, not at all a calm way of proceeding. But I've had it with Microsoft.

      • wybo February 11, 2017 at 1:35 pm #

        OK. Thanks Tom. Although it seems all a tad complicated. I think I can manage that.

        PS got a 404 on the peerblock link.

      • Tom Hawack February 11, 2017 at 2:26 pm #

        @wybo, a 404 on the peerblock link? I get the page correctly. try again or reconsider your DNS server!

      • dark February 11, 2017 at 5:20 pm #

        There is updated Peerblock Microsoft IP Blocklist list here: https://encrypt-the-planet.com/windows-10-anti-spy-host-file/

      • Tom Hawack February 11, 2017 at 6:09 pm #

        @dark, the site/page you mention is interesting and indeed includes Windows (10) Anti-Spy filters, both as HOSTS filters (urls) and as PeerBlock filters (IP ranges).

        But the PeerBlock IP Blocklist is dated 8/30/2016, when that list is updated regularly at iblocklist.com ...
        As for the Hosts version it goes back to 11/22/2016

        IPs are more delicate than urls because they may be subject to changes ...

  4. Owl February 11, 2017 at 11:40 am #

    Tom: NirSoft's IECacheView is excellent. You can delete, (See his site for details), (and I use ccleaner).

  5. Tim February 11, 2017 at 12:10 pm #

    Where did this list come from, do you have a source for it? And have you checked to see what you're actually recommending people block? For example, I know that watson.telemetry.microsoft.com and watson.telemetry.microsoft.com.nsatc.net is used by Windows Defender for virus analysis.

    • Martin Brinkmann February 11, 2017 at 2:21 pm #

      I add a note that this may interfere with other Windows services.

    • illber May 26, 2017 at 1:03 pm #

      Tell me you don't actually let Windows Defender lounge around, smoking cigars and drinking martinis within your system do you? It's sort of like saying, "Hey, I'm going to install this program that's never ONCE, stopped a single viral, malware, trojan, or anything else that harms people's computers, because these people who lie through their teeth 24-7-365 told me I should."
      Of course I'm trying to bring light to the matter Tim, but investigate that thing, then shut off, block it, disable it, kill it, smash it with a digital hammer, pour water on the circuitry it's running through, and chase it all the way out of your yard.

  6. Yuliya February 11, 2017 at 12:25 pm #

    Great! I would add this one too:
    KB3184143 - Remove software related to the Windows 10 free upgrade offer
    https://support.microsoft.com/en-us/help/3184143/remove-software-related-to-the-windows-10-free-upgrade-offer
    If you don't have any of those installed (or manually removed all of them) then it's redundant and better to avoid.

  7. Bobo February 11, 2017 at 2:15 pm #

    There's probably a whole bunch of KB2952664 versions on a telemetry-infected system.. Somewhat cumbersome to get rid of them all:

    elevated command prompt enter: wusa /uninstall /kb:2952664 /norestart

    elevated command prompt enter: dism /online /get-packages | findstr KB2952664
    This pulls up all KB2952664 packages.

    To remove them, again from an elevated command prompt enter:
    dism /online /remove-package /PackageName:Package_for_KB2952664~31bf3856ad364e35~amd64~~6.1.1.3

    This removes version 6.1.1.3 only.
    On machines that also have versions 6.1.0.12, 6.1.3.0, 6.1.7.4, 6.1.8.2, etc. etc.
    this command must be repeated with the appropriate version numbers.

    Once all versions are processed, run: dism /online /get-packages | findstr KB2952664 again,
    and if it doesn’t return any packages, KB2952664 is gone

  8. Ronald February 11, 2017 at 3:00 pm #

    I'll never understand the blacklist stance regarding Microsoft programs communicating with the web. Just block everything and use a whitelist instead if you need to allow something.

    Programs that can access the internet are mostly browsers or IMs, not Windows. Don't waste your time building complex blacklists that can never catch it all: Block everything, whitelist what you know is fine when you need it.

    • john February 11, 2017 at 3:21 pm #

      Absolutely correct. The 'block all' is the only sane way to do any real security. The problem is that Microsoft has historically used DLLs and other support executables to perform certain functions. Lots of these support files are arcanely named. If you kill access to a library because of telemetry, you might also kill access to essential Windows functions - as these libraries are reused by various programs.

      • Ronald February 11, 2017 at 3:42 pm #

        You don't kill access to a library that's on your own computer, you kill the ability of Windows to send data outside. You can let all the telemetry shit run on your computer if you like, it's only a computer resource issue if they can never report back to Microsoft.

    • Henk van Setten February 11, 2017 at 4:10 pm #

      Sure, I've tried the whitelist approach (block everything by default, then grant access as needed) once. But only for a brief time!

      I very soon got fed up with the result: spending half my time with error messages, all kinds of unexpected program failures, and adjusting firewall settings again and again.

      So no, I don't feel this is a sensible solution, unless perhaps you use just a very limited and never-changing selection of software.

      • Ronald February 11, 2017 at 4:35 pm #

        I've been doing that for at least 10 years without problems. When you install a new program that requires internet, you can just allow it if you like: It's not Windows shit. You don't need to setup complex rules if your goal is to block Microsoft, just spend 30 seconds to allow the new program you installed and from then you can use it normally without ever having to deal with its firewall settings :)

  9. john February 11, 2017 at 3:36 pm #

    The amount of hoops a user needs to go through for any type of security and privacy on Windows is absolutely insane. At some point, users need to ask themselves what keeps them on Windows. I think there needs to be a valid reason why anyone would subject themselves to this kind of behavior in their daily lives.

    I use to spend loads of time securing XP, Windows 7. I don't think I could effectively manage the privacy and security issues built into Wiindows anymore. It's completely out of control. I had switched to Linux a few years ago but briefly considered switching back to Wiindows 10 but read about the built-in spyware and data-mining when it was released.

    I'm not advocating a move to Linux (or other) here. Use what you want. I'm suggesting that Microsoft and others need to be called out on a regular basis on every single tech article, they need to see this issue resolved in the courts. This behavior is beyond insane and it just keeps on getting worse.

    • Ronald February 11, 2017 at 3:46 pm #

      I can secure my Windows computer in just a few steps. The thing that takes times is to figure out how, but that only occur a couple times over the life of a computer, namely when the OS is first released or you have to change a key element in your setup such as the firewall.

      That said I agree, law will have to get involved to enforce proper opt outs. Special mention to Facebook which is possibly the worst offender both in scale and data type. I rarely see it mentioned here.

      • Frank February 11, 2017 at 4:11 pm #

        Maybe you can enlighten the rest of us and share your knowledge on securing Windows computers "in just a few steps"?

      • Ronald February 11, 2017 at 4:49 pm #

        1. Find a good firewall. Takes time, mostly a one time chore. A good firewall is very thorough and flexible. (I have to change mine due to changes in the firewall market so I can't give advice, sorry. My current firewall brand has served me well for probably a decade and two OS versions, but it is time to change.)

        2. Configure it so it blocks everything. One time chore, takes from a few minutes to an hour depending on firewall UI and your habits and knowledge.

        3. Enable select features, like WiFi handshakes and Time sync. One time chore, can take some time unless there exist guides somewhere. Otherwise resources on protocols like good old Wikipedia coupled with firewall logs. If you never did that it's a chore, but when you know what's up it's technically just setting less than 10 rules.

        4. Allow non-Microsoft programs like browsers or IMs as needed. It's extremely fast to do because you don't make spot-on rules like in 3. You can if you care or are using software from privacy invasive company like Google, but we are talking about protection against Windows' embedded spying here

        5. Update Windows manually using the new update bundles, it should be one single download each month obtained from the browser.

        6. Optional: Disable telemetry and other crap if you want to regain some computer resources, but that's not required since they can't phone home.

      • Dale February 11, 2017 at 5:01 pm #

        What are those "few steps"?

      • jern February 11, 2017 at 5:29 pm #

        @Frank
        You write...
        Maybe you can enlighten the rest of us and share your knowledge on securing Windows computers "in just a few steps"?

        Well Frank, what you do is take a "few steps" to the wall and unplug your computer.

    • Tom Hawack February 11, 2017 at 4:36 pm #

      @John,

      They need to be called on every single tech article, they are once in a while, never on a regular basis, and far from every tech article, indeed. But should it be would remain the fact that non-tech medias never, or hardly never mention these "beyond insane" practices of those worldwide companies dominating the Web. Most users consider the Web and their connected devices as a tool, and they are right, many conceive this tool as a basic TV that you set once and for all and forget to maintain afterwards. Fortunately security and privacy are starting to concern more and more, but the mental scheme is binary, with the good guys one one side and the bad guys on the other. The bad guys are those who infect the Web and all end-users, the good guys include those major companies with insane practices because they communicate a lot on users' security and privacy, and of course never mention their inquisitive policies and when they do it is to explain that this behavior is required for users' safety ...

      Those companies, though private, are more and more perceived as "out of copyright" because they hold the whole system, the Web system anyway, it's as if they are constitutive of the modern era. In the same way we call a refrigerator a frigidair (in France anyway) when "Frigidair" was the leading company in that sector, in the same way these leading Web and computing companies are now part of our lives in such a way that they are more than, beyond their private status. Was a time here in France when naming "Facebook" on a public media was considered as promoting, advertising. No longer.

      So, yes, this presumptuousness must be countered. Not sure if it's not already too late. Those of us who feel concerned and have the time (and aptitude) to reserve energy for a computer maintenance are a tiny minority, I'm afraid. You can't help people if they don't ffeel concerned or if, worse, they don't care.

  10. Kubrick February 11, 2017 at 4:40 pm #

    Good grief thats a lot of calling home.I havent used windows for 2 years now as i am a confirmed linux user and it seems microsoft has slowly got worse,
    Glad i dumped it with all that crap going on.

  11. Rob February 11, 2017 at 5:10 pm #

    Thanks.
    But there are another group of software (indispensable?) that collect too much info from users and require an internet connection: protection software. And this is a paradox too. Privacy goodbye.
    PS: only for people who like to read EULA of internet security... :-)

    • Ronald February 11, 2017 at 7:17 pm #

      Yeah, it's hard to find the proper tool that fits all requirements nowadays.

  12. jern February 11, 2017 at 5:24 pm #

    MS says Win7 is outdated - not like Win10. These telemetry updates turn Win7 into spyware - like Win10. They're just MS's way of proving its point.

  13. Mikhoul February 11, 2017 at 6:36 pm #

    How to exclude Windows Updates with WSUS Offline Update:

    Just follow my tutorial: https://justpaste.it/WSUS_OfflineExcludeUpdates

    Enjoy ! 😺

  14. Xircal February 11, 2017 at 8:20 pm #

    You might want to check C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl

    If the ADL is present you can disable it via these registry keys:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener\{DD17FA14-CDA6-7191-9B61-37A28F7A10DA}

    'Modify the Enabled key to 0 (zero) to disable it for both.

    Once you've done that, you can delete the AutoLogger-Diagtrack-Listener.etl

  15. AJ North February 11, 2017 at 9:45 pm #

    Hello Martin,

    Thank you for this excellent overview, and for sharing it with Woody Leonhard's readers at AskWoody.com -- a wonderful example of collegiality (that will hopefully inspire others)!

    Regards,

    AJ

  16. Kulm February 11, 2017 at 11:22 pm #

    I use Ancile. It's updated regularly. Read the ghacks article here:
    https://www.ghacks.net/2016/09/12/ancile-block-spying-on-windows-7-and-8/

  17. diegocr February 12, 2017 at 3:30 am #

    > Deleting Scheduled Tasks
    > ...
    > 8. Deactivate all Media Center tasks.

    What "Media Center" tasks?

    I have none, which actually might be good i suppose.

    Other than that, awesome guide, did everything else, thanks!

  18. Jes February 12, 2017 at 4:39 am #

    Alternatively, insert the Windows 7 SP2 disk, install from scratch, and turn off automatic updates. Sadly, this is notably safer than allowing Microsoft any access to your computer whatsoever any longer.

  19. OldNavyGuy February 12, 2017 at 7:06 am #

    Installed KB2952664 again today after having it installed previously.

    After it was installed and the system rebooted...

    Diagnostic Tracking Service was still disabled (as I had set it)

    The Customer Experience Improvement Program setting was still set to No (as I had set it).

    No new tasks were added to Task Scheduler, and the tasks that are related to CEIP remained Disabled (as I had set them).

    No new processes were started.

    To sum up, no changes from before.

    So it seems the hypothesis about KB2952664 "snooping" is more science fiction than fact.

  20. Matt February 12, 2017 at 11:13 pm #

    You’re doing Odin’s work here, son. Thanks a lot für the detailed explanation and helpul article!

  21. hornylamb February 13, 2017 at 8:02 am #

    Hi Guys,
    After doing this above tricky block ,Does this update will reappear if Microsoft will again push for update ?
    Thanks

    • Martin Brinkmann February 13, 2017 at 8:12 am #

      Updates will re-appear when Microsoft releases an update version.

      • Anonymous February 13, 2017 at 10:43 am #

        Thanks martin.. but bad habit of MS.

      • www February 14, 2017 at 7:19 am #

        Martin, by turning off automatic updates and using WSUS offline and picking the "security only" updates, will that avoid these unwanted KBs from being installed again?

      • Martin Brinkmann February 14, 2017 at 7:36 am #

        Yes that should prevent the installation.

  22. Carl D February 13, 2017 at 2:02 pm #

    So much time and effort being expended by so many people trying to keep Windows secure and private.

    The solution is simple. Dual boot Windows and Linux (Mint in my case).

    Keep Windows off the Internet (Network adapter disabled) and only use Linux online. I have Windows 7 at SP1 level only and it runs all of my Windows programs perfectly. No need to worry about updates or having to run antivirus, antimalware, etc.

    • Doug February 15, 2017 at 5:25 pm #

      I'm doing this too. I've taken my home Win 7 workstation offline entirely. It runs peripherals like scanners, printers and other devices, and still has software that is useful - but it no longer surfs. I built an older Toshiba Tecra M2 with a Mint distro and use this for email and web access. Anything I need to transfer is done by flash drive and the contents are screened by manually updated AV apps. Simple and it works.

      Look for more people building function-specific dedicated Linux builds on older systems. Like a Raspberry Pi as a dedicated audio/video streamer. And old hardware is plentiful and cheap. If the initial config is simple, rebuilding it on occasion is simple too.

  23. Evhell February 14, 2017 at 8:39 pm #

    To block MS Servers i strongly suggest WindowsSpyBlocker : https://github.com/crazy-max/WindowsSpyBlocker

  24. ConnectWithGreg™ February 15, 2017 at 6:13 pm #

    Thanks for this article. I tend to track what's running and I know what I install, so I was pretty alarmed when 7 or 8 new services started running this morning, Telemetry being most noticeable.

    I appreciate your solutions. Got them under control AND deleted a few additional thx to your Task Manager section. :D

  25. BlastOrDudge February 26, 2017 at 11:38 pm #

    To me it's still fascinating that Microsoft is trying so hard to force the users into the updates. I guess in the the near future you have to upgrade to Win 10 and its "Windows as a Service" mentality. Just read about it at https://microsoft-windows-10.com/everything-you-need-to-know-windows-as-a-service/ and still not sure if this is the way to go.

    What is your biggest concern about the forced updates? I mean, why are you avoid most of them with so much afford?

  26. Ritterbrater April 17, 2017 at 1:32 pm #

    Hi,
    took script from here: https://tweakhound.com/2017/02/11/blocking-windows-7-telemetry/
    and I adopted it to the KB list from above:
    REM :: BlockGWXetcV6.bat

    ECHO OFF
    SETLOCAL

    REM --- uninstall updates
    echo uninstalling KB971033
    start "title" /b /wait wusa.exe /kb:971033 /uninstall /quiet /norestart
    echo done, uninstalling KB2952664
    start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart
    echo done, uninstalling KB2976978
    start "title" /b /wait wusa.exe /kb:2976978 /uninstall /quiet /norestart
    echo done, uninstalling KB2990214
    start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart
    echo done, uninstalling KB3021917
    start "title" /b /wait wusa.exe /kb:3021917 /uninstall /quiet /norestart
    echo done, uninstalling KB3022345
    start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
    echo done, uninstalling KB3044374
    start "title" /b /wait wusa.exe /kb:3044374 /uninstall /quiet /norestart
    echo done, uninstalling KB3068708
    start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
    echo done, uninstalling KB3075249
    start "title" /b /wait wusa.exe /kb:3075249 /uninstall /quiet /norestart
    echo done, uninstalling KB3080149
    start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
    echo done, uninstalling KB3123862
    start "title" /b /wait wusa.exe /kb:3123862 /uninstall /quiet /norestart
    echo done, finished uninstalling telemetry updates
    echo next, block OS upgrades (in case GWX comes back)...

    REM --- Block OS upgrade
    reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX /f
    reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX /v DisableGWX /t REG_DWORD /d 00000001 /f
    echo finished...Disabling CEIP...

    REM --- Disable Customer Experience Improvement Program
    reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows /v CEIPEnable /t REG_DWORD /d 00000000 /f

    -----
    And then I also disabled following scheduled tasks: \Microsoft\Windows\Autochk\Proxy, AitAgent, ProgramDataUpdater
    And following windows service disabled: Diagnostics Tracking Service (DiagTrack)
    The C:\Windows\System32\CompatTel\diagtrackrunner.exe should be removed via uninstall of one certain KB file, otherwise one has to change the file owner (or what I sometimes did in the past: use killbox to force removal on reboot)
    This might valid for Win 7 only.

    (sorry for in case of double post)

  27. Guaitiao April 25, 2017 at 3:42 am #

    It is nice to have all this information in one site.

    Does anybody know if there is a search option within the Windows Important Update List? The only search option is located within the navigation bar. However, it only search apps within the control panel. It will be nice if a Find text option within the UI screen was incorporated to it. I wonder why Microsoft did not include this option?

    Without it, it will be hard to find what updates have to be hidden in the list. Specially if you have almost 200 important updates pending in a new Windows 7 Install...

  28. Ryu May 24, 2017 at 8:53 am #

    I accidentally installed KB3133977, and since I have an Asus motherboard, and it killed my boot. I eventually got my computer started up again and uninstalled the update but now my computer still gives me the message, if I turn secure boot back on, as if the update was still installed even though I can see it in my hidden updates. Has anyone else had this problem?

  29. advocateforchange June 24, 2017 at 1:10 pm #

    I admire the diligence shown here, going to ever increasing lengths to block the Microsoft spy machine.
    Realizing that this would be an endless task, I opted out a long time ago as I have better things to do with my life.
    I would definitely recommend you spend some of this effort trying out Linux. It's legally free & does not have a corporate spy machine behind it that attempts to make up for loss of license revenue by selling their own customers private data. In win10 everything you do is reported back by default - not merely the web-sites you surf.

    I have absolutely no regrets about my switch.

  30. genetix July 13, 2017 at 10:23 pm #

    Beautiful, been doing this for years and years, but one hell of an article too bad there's no simply patch updated constantly to do these changes.

    Those with Pro/Ultimate etc. Windows editions.. Might also wanna check gpedit.msc locate both:

    Computer-/User Configuration

    Rules for:

    Administrative Templates\SYSTEM\Internet Communication Management

    Disable everything except maybe for auto update certificates and access to Windows Update (Computer Configuration).

    Since there is absolutely nothing none of those services, tasks do that is useful.

Leave a Reply