Better check your Windows 7 PC for Get Windows 10 (GWX) traces
Depending on from what angle you look at it, Microsoft's Get Windows 10 (GWX) campaign to get Windows 7 and Windows 8.1 devices to upgrade to Windows 10 was either a colossal disaster, a great success, or something in between.
Microsoft launched Windows 10, the last version of Windows ever, in 2015. Windows 10 was a new beginning for Microsoft; the company wanted customers to forget Windows 8 and move towards a Windows as a service model.
Microsoft launched the Get Windows 10 campaign to push Windows 10 and the 1 billion Windows 10 PCs by 2018 target.
What looked like a good deal on paper -- free upgrades to Windows 10 for devices running legitimate copies of Windows 7 or Windows 8.1 -- turned into a nightmare for customers who did not want to upgrade to Windows 10.
Microsoft used near-malware like tactics to get users to upgrade, for instance by displaying upgrade prompts without opt-out option, sneaky prompts, or windows where the close button would not actually close the window anymore.
Microsoft ended the free upgrade to Windows 10 offer a year after its launch. It is still possible to upgrade Windows 7 or Windows 8.1 devices to Windows 10 for free if a genuine product key is used.
Microsoft rolled out an update to Windows 7 and Windows 8.1 devices after the end of the offer designed to disable the Get Windows 10 functionality. The company continued to push compatibility updates KB2952664 and KB2976978 on the other hand but without the "Get Windows 10" functionality included.
Get Windows 10 Traces
Get Windows 10 should not be on fully patched Windows 7 or Windows 8.1 devices anymore; Michael Horowitz published a report recently that claims otherwise.
An event log check on a Windows 7 PC with November 2018 Patches revealed that attempts to upgrade to Windows 10.
Further analysis revealed the following:
- A Task Time-5d in the Task Scheduler pointing to C:\Windows\system32\GWX in Microsoft > Windows > Setup > GWXTriggers.
- A task refreshgwxconfig-B in the Task Scheduler under the same folder.
- A task Logon-5d under the same folder.
Horowitz discovered three additional tasks in the same folder. These tasks were never execute, however, unlike the three tasks mentioned above. The task were MachineUnlock-5d, OutOfIdle-5d, and OutOfSleep-5d.
Two tassk, refreshgwxconfig and launchtrayprocess under Microsoft > Windows > Setup > gwx, had been disabled by Horowotz in the past.
Horowitz could not disable these tasks. The folder C:\Windows\system32\GWX displayed that most files were from 2015 including GWX.exe. Renaming GWX.exe did not work either; what worked was renaming the GWX folder but it is too early to tell whether the renaming is enough to block GWX tasks from running on the system.
What is puzzling about all this is that GWX should not be running anymore on the system. Microsoft ended the Get Windows 10 campaign in 2016 and there is no reason to keep scheduled tasks or files associated with it on the system.
Is Microsoft preparing for another Get Windows 10 campaign? Is it a bug? Leftover files on a system that were never removed completely?
It is unclear but it is probably a good idea to check the tasks and folders on Windows 7 or Windows 8.1 devices to make sure that these tasks and files don't exist.
Now You: Did you check? (via Born)
I have some gwxold folders left , made it myself. No traces found. Still have GWX control panel installed, after Msoft became crooks, culminating with that click on the red X. That was uncalled for. Definitely lost all my trust in them then and there.
I was dead set against upgrading my Windows 7 machine to Windows 10.
As the end of support approaches in January, 2020, I am more receptive to the idea of upgrading to Windows 10 next December.
My new Windows 10 computer makes me like Windows 7 even more.
Did an in-place upgrade on a couple of machines last year.
Downloaded the Windows 7 ISO from heidoc, and updates from WSUS offline.
Never saw anything related to GWX.
I have killed all updates by DENY “Everyone” access to WUAENG.DLL in System32-folder. Telemetry is killed via HOSTS and third party firewall.
Windows 7 Ultimate x64 is installed from an ISO updated until May 2017.
I only found these links to GWX after installation :
amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23538_none_0f162766860b858c.manifest
amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23538_none_ba618baef45f937a.manifest
wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23538_none_196ad1b8ba6c4787.manifest
I have Windows 7 Pro on an old AMD duo-core machine. It was installed from DVD just before Christmas. All updates were then applied from Windows Update. There are only a few manifest files with “GWX” included in the name. There are no other signs of the exes or scheduled tasks.
MS may not have pushed their GWX in updates I got since my pre-Christmas install. So they could do it again in the future.
I believe there is another reason I may not be seeing it. My machine is probably too old to be updated with Win X. It was bought with Windows Vista installed. There is no video driver for the old NVIDIA chip in it for Win X. I did have it running Win X with a Win 8 video driver. But, with each new update MS put out, the machine got slower and slower. It’s much faster with win 7.
I am sure this is the exception not the rule. No doubt, something went wrong with the GWX removal on this machine. It serves a single purpose and thus goes for very long stretches without Windows Updates. That said, I agree with Kevin in not forgiving Microsoft for the whole GWX thing.
I downloaded Nirsoft’s TaskSchedulerView application, but don’t see any of the tasks mentioned in Horowitz’s report so I guess I’m safe from the evil M$.
No telemetry tasks running either; in fact nothing beginning with the letter “T” running anywhere at all.
Neither is there a GWX folder to be found anywhere which is hardly surprising since I blocked it when the controversy surrounding the W10 upgrade first appeared.
TelV, check for Diagnostic… services. And, if you have the updates which bring in the telemetry, there is also another one, something along the lines dwa… with letter “d” and all in small caps. The service’s name is more of an acronym. Present on 8.1 u3 and 10 also.
@Yuliya,
Nope, nothing of that nature present either.
Zero traces of that nastyness, thanks to Simplix Update Pack 💗
I thought installing the KB3184143 update should remove all these GWX stuff:
https://support.microsoft.com/en-us/help/3184143
check if the KB3184143 update is installed on any affected Win7/Win8.1 PCs that still have the GWX traces.
otherwise, time to break out either the GWX Control Panel app or GRC’s Never10 program to clean up Microsoft’s mess.
I get the impression this is much ado about nothing. Does Horowitz have all the patches installed?
“Microsoft used near-malware like tactics to get users to upgrade”
Not that *near* like Firefox by Mozilla huh XD.
“Did you check?”
I don’t check. I killed the whole Windows Update components long time ago.
I have updates disabled on Windows 7, it has updates all the way up until December 2018, but after that they are disabled and the Windows Update service is stopped from even running.
I don’t need anymore updates, everything runs perfectly fine and the last thing I want is Shitdows 10.
@ Weilan Well, me being a veteran ‘victim’ of a no-longer supported Microsoft Vista O.S., everything may seem well and good “now”, but just wait till 2020 rolls around and Windows 7 is no longer supported. (Accidentally let’s out a big, unintentional, maniacal laugh.) (Pardon me, it must be gas..)
Everything slowly begins to implode.. your browser deserts you, your favorite programs turn their back on you, Microsoft as a whole, abandons you like some kind of.. well, “orphan”, and pretty soon, you’re an operating-system-outcast. Like some sort of O.S.-forsaken Oliver Twist, without an open ‘Window” to turn to, (nor even to “jump out of”).
It happens so gradually, yet with such systematic life-line snipping precision and prowess, that you’ll wake up one day and you’ll find yourself literately screaming out loud, about how you “..wish you’d followed the robotic masses into Windows 10 oblivion; for anything,… ANYTHING is better than,.. than “THIS” ! Mark my words, grasshoppah. The end is nigh. ;o)
No updates Win7, everything just fine.
I have had my Win 7 desktop (paid extra not to get 10, in fact) since 9/14, & never had update enabled. Things seem fine.
Still haven’t forgiven Microsoft for the lines that they crossed during the Get Windows 10 campaign, and never will. I used to voluntarily help people fix their Windows computers, but at that point I decided I will never fix one again. I instead drive people in the direction of alternatives to Windows. Chromebooks, Ipads, Linux, etc. This is how we fight back; If the average geek starts refusing to support Windows and instead converts users to other platforms, we can decrease Microsoft’s market share. Most average people don’t “need” Windows anyway; they’re not gamers and they don’t run specialized software.
@Kevin:
I agree. The GWX campaign was the moment when Microsoft unequivocally became a malware vendor.
Wouldn’t be too surprised if they bring it back since we’ve entered the last year of Windows 7 extended support.
Haven’t updated 7 since 2012. No viruses. No incompatibility. No explosions. Microsoft updates are worse than the viruses.
@Anonymous:
“Microsoft updates are worse than the viruses.”
Tell that to the UK’s National Health Service, many of whose trusts’ Windows 7 computers got locked up by a WannaCry ransomware attack *two months* after Microsoft released the update that patched the vulnerability it exploited. Or to the *many* victims of the Petya ransomware attack not long after, which exploited the *same* vulnerability and would have been prevented by the *same* Microsoft update.
With a proper backup scheme, the negative consequences of buggy Microsoft updates are usually reversible and fixable. (Even with the Windows 10 update a couple/few months back that wiped out some users’ data, a shallow backup system would have allowed substantial recovery.) It takes a much deeper and more expensive backup system to reliably recover from many types of malware infection, and if the malware’s or hack’s goal is theft of information, prevention is the only option — there *is* no recovery.
I recently posted this to another Ghacks article, but it bears repeating:
The calculus is NOT a high risk of problems from buggy Microsoft updates versus a low risk of getting infected or hacked. It’s a high risk of generally *fixable, reversible* problems from Microsoft updates versus a low risk of potentially *catastrophic, irreversible* problems from getting infected or hacked.
My approach in Windows 7 is to avoid “quality” updates unless there’s a *really* compelling reason to apply them — I’ll let you know when this happens! — but to apply *all* security updates. For security updates with known bugs that are likely to affect my system, I may wait until Microsoft has fixed the bugs, but I *do* apply them as soon as debugged versions are released. (I suppose that if the update were critical and patched a vulnerability that was being really widely exploited, I might even go ahead and apply the *buggy* update, so long as it didn’t threaten to make my system unusable.)
CONCLUSION: Windows has become a royal PITA. ;-)
Windows 7 64bit here.
I do have “gwx” folder along with “Microsoft-Windows-GWX-Ins%4Operational.evtx” present however, nothing is in the folder.
Same with task scheduler, nothing under gwx folder.
Did it magically deleted itself or something?
I think Microsoft released an update that removed most of the GWX.
@Kanada96
Although, one also might consider inquiring: Windows → Tasks (empty?) select the view tab – file ribbon → select Hidden items. There maybe unknown files lurking.
@kanada96: exactly the same for me. So, no worries for me. For M$ yes because like some other commenters here I will also change over to Linux.
No GWX in tasks, files, folders : checked
HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX\DisableGWX = 1 : checked
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DisableOSUpgrade = 1 : checked
Gibson’s ‘Never10’ application : ‘Windows 10 OS Upgrade id DISABLED on this system’ : checked
My Windows 7 seems to set for non-harassment.
I used the Get Linux utility. This household is now free of Windows. Big thanks to Microsoft for that.
@Jetsam:
Dude! That’s my *favorite* utility!
Yes, thanks to Microsoft’s tactics, the only windows our house now has are the glass kind.
Always wanted to take the Linux desktop plunge, did it and haven’t looked back. With Martin & Mark T’s counsel it was a smooth transition.
No GWX traces in tasks, no GWX-folder in System32 on my Win7 Pro x64 SP1.
Only 3 manifest files that have a gwx denomination:
amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23538_none_0f162766860b858c.manifest
amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23538_none_ba618baef45f937a.manifest
wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23538_none_196ad1b8ba6c4787.manifest
However, I’m getting a second hdd to try out Win10 to be well prepared for January 2020, since I will have to ‘upgrade’ anyway.
@LTL:
Are you “locked in” to the Microsoft ecosystem because you depend on Windows-only apps? Or are you planning on “upgrading” to Windows 10 because Macs are significantly overpriced and Linux seems intimidating? Or are you simply inclined to stick with the devil you know? Just curious.
Mine doesn’t have a “Microsoft > Windows > Setup” folder