Better check your Windows 7 PC for Get Windows 10 (GWX) traces - gHacks Tech News

Better check your Windows 7 PC for Get Windows 10 (GWX) traces

Depending on from what angle you look at it, Microsoft's Get Windows 10 (GWX) campaign to get Windows 7 and Windows 8.1 devices to upgrade to Windows 10 was either a colossal disaster, a great success, or something in between.

Microsoft launched Windows 10, the last version of Windows ever, in 2015. Windows 10 was a new beginning for Microsoft; the company wanted customers to forget Windows 8 and move towards a Windows as a service model.

Microsoft launched the Get Windows 10 campaign to push Windows 10 and the 1 billion Windows 10 PCs by 2018 target.

What looked like a good deal on paper -- free upgrades to Windows 10 for devices running legitimate copies of Windows 7 or Windows 8.1 -- turned into a nightmare for customers who did not want to upgrade to Windows 10.

get windows 10 schedule

Microsoft used near-malware like tactics to get users to upgrade, for instance by displaying upgrade prompts without opt-out option, sneaky prompts, or windows where the close button would not actually close the window anymore.

Microsoft ended the free upgrade to Windows 10 offer a year after its launch. It is still possible to upgrade Windows 7 or Windows 8.1 devices to Windows 10 for free if a genuine product key is used.

Microsoft rolled out an update to Windows 7 and Windows 8.1 devices after the end of the offer designed to disable the Get Windows 10 functionality. The company continued to push compatibility updates KB2952664 and KB2976978 on the other hand but without the "Get Windows 10" functionality included.

Get Windows 10 Traces

screenshot by Michael Horowitz

Get Windows 10 should not be on fully patched Windows 7 or Windows 8.1 devices anymore; Michael Horowitz published a report recently that claims otherwise.

An event log check on a Windows 7 PC with November 2018 Patches revealed that attempts to upgrade to Windows 10.

Further analysis revealed the following:

  • A Task Time-5d in the Task Scheduler pointing to C:\Windows\system32\GWX in Microsoft > Windows > Setup > GWXTriggers.
  • A task refreshgwxconfig-B in the Task Scheduler under the same folder.
  • A task Logon-5d under the same folder.

Horowitz discovered three additional tasks in the same folder. These tasks were never execute, however, unlike the three tasks mentioned above. The task were MachineUnlock-5d, OutOfIdle-5d, and OutOfSleep-5d.

Two tassk, refreshgwxconfig and launchtrayprocess under Microsoft > Windows > Setup > gwx, had been disabled by Horowotz in the past.

Horowitz could not disable these tasks. The folder C:\Windows\system32\GWX displayed that most files were from 2015 including GWX.exe. Renaming GWX.exe did not work either; what worked was renaming the GWX folder but it is too early to tell whether the renaming is enough to block GWX tasks from running on the system.

What is puzzling about all this is that GWX should not be running anymore on the system. Microsoft ended the Get Windows 10 campaign in 2016 and there is no reason to keep scheduled tasks or files associated with it on the system.

Is Microsoft preparing for another Get Windows 10 campaign? Is it a bug? Leftover files on a system that were never removed completely?

It is unclear but it is probably a good idea to check the tasks and folders on Windows 7 or Windows 8.1 devices to make sure that these tasks and files don't exist.

Now You: Did you check? (via Born)

Summary
Better check your Windows 7 PC for Get Windows 10 (GWX) traces
Article Name
Better check your Windows 7 PC for Get Windows 10 (GWX) traces
Description
Find out how to verify that Get Windows 10 files and tasks are not running on PCs with Windows 7 or 8.1 installed as the operating system.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Rantanplan said on January 15, 2019 at 11:05 am
    Reply

    Mine doesn’t have a “Microsoft > Windows > Setup” folder

  2. LTL said on January 15, 2019 at 11:11 am
    Reply

    No GWX traces in tasks, no GWX-folder in System32 on my Win7 Pro x64 SP1.

    Only 3 manifest files that have a gwx denomination:
    amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23538_none_0f162766860b858c.manifest
    amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23538_none_ba618baef45f937a.manifest
    wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23538_none_196ad1b8ba6c4787.manifest

    However, I’m getting a second hdd to try out Win10 to be well prepared for January 2020, since I will have to ‘upgrade’ anyway.

    1. Peterc said on January 17, 2019 at 6:56 pm
      Reply

      @LTL:

      Are you “locked in” to the Microsoft ecosystem because you depend on Windows-only apps? Or are you planning on “upgrading” to Windows 10 because Macs are significantly overpriced and Linux seems intimidating? Or are you simply inclined to stick with the devil you know? Just curious.

  3. Jetsam said on January 15, 2019 at 11:18 am
    Reply

    I used the Get Linux utility. This household is now free of Windows. Big thanks to Microsoft for that.

    1. Doug said on January 15, 2019 at 2:44 pm
      Reply

      Yes, thanks to Microsoft’s tactics, the only windows our house now has are the glass kind.

      Always wanted to take the Linux desktop plunge, did it and haven’t looked back. With Martin & Mark T’s counsel it was a smooth transition.

    2. Peterc said on January 17, 2019 at 9:21 pm
      Reply

      @Jetsam:

      Dude! That’s my *favorite* utility!

  4. Tom Hawack said on January 15, 2019 at 1:59 pm
    Reply

    No GWX in tasks, files, folders : checked
    HKLM\SOFTWARE\Policies\Microsoft\Windows\GWX\DisableGWX = 1 : checked
    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DisableOSUpgrade = 1 : checked
    Gibson’s ‘Never10’ application : ‘Windows 10 OS Upgrade id DISABLED on this system’ : checked

    My Windows 7 seems to set for non-harassment.

  5. kanade96 said on January 15, 2019 at 2:42 pm
    Reply

    Windows 7 64bit here.

    I do have “gwx” folder along with “Microsoft-Windows-GWX-Ins%4Operational.evtx” present however, nothing is in the folder.

    Same with task scheduler, nothing under gwx folder.

    Did it magically deleted itself or something?

    1. Klaas Vaak said on January 15, 2019 at 5:15 pm
      Reply

      @kanada96: exactly the same for me. So, no worries for me. For M$ yes because like some other commenters here I will also change over to Linux.

    2. Rush717 said on January 15, 2019 at 9:11 pm
      Reply

      @Kanada96

      Although, one also might consider inquiring: Windows → Tasks (empty?) select the view tab – file ribbon → select Hidden items. There maybe unknown files lurking.

    3. stefann said on January 15, 2019 at 9:38 pm
      Reply

      I think Microsoft released an update that removed most of the GWX.

  6. Aron said on January 15, 2019 at 3:00 pm
    Reply

    Wouldn’t be too surprised if they bring it back since we’ve entered the last year of Windows 7 extended support.

    1. Anonymous said on January 16, 2019 at 3:34 am
      Reply

      Haven’t updated 7 since 2012. No viruses. No incompatibility. No explosions. Microsoft updates are worse than the viruses.

      1. Peterc said on January 17, 2019 at 6:38 pm
        Reply

        @Anonymous:

        “Microsoft updates are worse than the viruses.”

        Tell that to the UK’s National Health Service, many of whose trusts’ Windows 7 computers got locked up by a WannaCry ransomware attack *two months* after Microsoft released the update that patched the vulnerability it exploited. Or to the *many* victims of the Petya ransomware attack not long after, which exploited the *same* vulnerability and would have been prevented by the *same* Microsoft update.

        With a proper backup scheme, the negative consequences of buggy Microsoft updates are usually reversible and fixable. (Even with the Windows 10 update a couple/few months back that wiped out some users’ data, a shallow backup system would have allowed substantial recovery.) It takes a much deeper and more expensive backup system to reliably recover from many types of malware infection, and if the malware’s or hack’s goal is theft of information, prevention is the only option — there *is* no recovery.

        I recently posted this to another Ghacks article, but it bears repeating:

        The calculus is NOT a high risk of problems from buggy Microsoft updates versus a low risk of getting infected or hacked. It’s a high risk of generally *fixable, reversible* problems from Microsoft updates versus a low risk of potentially *catastrophic, irreversible* problems from getting infected or hacked.

        My approach in Windows 7 is to avoid “quality” updates unless there’s a *really* compelling reason to apply them — I’ll let you know when this happens! — but to apply *all* security updates. For security updates with known bugs that are likely to affect my system, I may wait until Microsoft has fixed the bugs, but I *do* apply them as soon as debugged versions are released. (I suppose that if the update were critical and patched a vulnerability that was being really widely exploited, I might even go ahead and apply the *buggy* update, so long as it didn’t threaten to make my system unusable.)

        CONCLUSION: Windows has become a royal PITA. ;-)

  7. Kevin said on January 15, 2019 at 3:11 pm
    Reply

    Still haven’t forgiven Microsoft for the lines that they crossed during the Get Windows 10 campaign, and never will. I used to voluntarily help people fix their Windows computers, but at that point I decided I will never fix one again. I instead drive people in the direction of alternatives to Windows. Chromebooks, Ipads, Linux, etc. This is how we fight back; If the average geek starts refusing to support Windows and instead converts users to other platforms, we can decrease Microsoft’s market share. Most average people don’t “need” Windows anyway; they’re not gamers and they don’t run specialized software.

    1. John Fenderson said on January 15, 2019 at 5:26 pm
      Reply

      @Kevin:

      I agree. The GWX campaign was the moment when Microsoft unequivocally became a malware vendor.

  8. Weilan said on January 15, 2019 at 3:55 pm
    Reply

    I have updates disabled on Windows 7, it has updates all the way up until December 2018, but after that they are disabled and the Windows Update service is stopped from even running.

    I don’t need anymore updates, everything runs perfectly fine and the last thing I want is Shitdows 10.

    1. Mike J. said on January 15, 2019 at 6:12 pm
      Reply

      I have had my Win 7 desktop (paid extra not to get 10, in fact) since 9/14, & never had update enabled. Things seem fine.

    2. Chala Haptom said on January 16, 2019 at 12:43 am
      Reply

      No updates Win7, everything just fine.

    3. James C. in Long Beach said on February 13, 2019 at 4:08 am
      Reply

      @ Weilan Well, me being a veteran ‘victim’ of a no-longer supported Microsoft Vista O.S., everything may seem well and good “now”, but just wait till 2020 rolls around and Windows 7 is no longer supported. (Accidentally let’s out a big, unintentional, maniacal laugh.) (Pardon me, it must be gas..)

      Everything slowly begins to implode.. your browser deserts you, your favorite programs turn their back on you, Microsoft as a whole, abandons you like some kind of.. well, “orphan”, and pretty soon, you’re an operating-system-outcast. Like some sort of O.S.-forsaken Oliver Twist, without an open ‘Window” to turn to, (nor even to “jump out of”).

      It happens so gradually, yet with such systematic life-line snipping precision and prowess, that you’ll wake up one day and you’ll find yourself literately screaming out loud, about how you “..wish you’d followed the robotic masses into Windows 10 oblivion; for anything,… ANYTHING is better than,.. than “THIS” ! Mark my words, grasshoppah. The end is nigh. ;o)

  9. gwacks said on January 15, 2019 at 4:08 pm
    Reply

    “Microsoft used near-malware like tactics to get users to upgrade”
    Not that *near* like Firefox by Mozilla huh XD.

    “Did you check?”
    I don’t check. I killed the whole Windows Update components long time ago.

  10. Klaas Vaak said on January 15, 2019 at 5:18 pm
    Reply

    I get the impression this is much ado about nothing. Does Horowitz have all the patches installed?

  11. EP said on January 15, 2019 at 5:54 pm
    Reply

    I thought installing the KB3184143 update should remove all these GWX stuff:

    https://support.microsoft.com/en-us/help/3184143

    check if the KB3184143 update is installed on any affected Win7/Win8.1 PCs that still have the GWX traces.

    otherwise, time to break out either the GWX Control Panel app or GRC’s Never10 program to clean up Microsoft’s mess.

  12. Yuliya said on January 15, 2019 at 5:57 pm
    Reply

    Zero traces of that nastyness, thanks to Simplix Update Pack 💗

  13. TelV said on January 15, 2019 at 6:18 pm
    Reply

    I downloaded Nirsoft’s TaskSchedulerView application, but don’t see any of the tasks mentioned in Horowitz’s report so I guess I’m safe from the evil M$.

    No telemetry tasks running either; in fact nothing beginning with the letter “T” running anywhere at all.

    Neither is there a GWX folder to be found anywhere which is hardly surprising since I blocked it when the controversy surrounding the W10 upgrade first appeared.

    1. Yuliya said on January 15, 2019 at 6:51 pm
      Reply

      TelV, check for Diagnostic… services. And, if you have the updates which bring in the telemetry, there is also another one, something along the lines dwa… with letter “d” and all in small caps. The service’s name is more of an acronym. Present on 8.1 u3 and 10 also.

      1. TelV said on January 16, 2019 at 4:43 pm
        Reply

        @Yuliya,

        Nope, nothing of that nature present either.

  14. Michael Horowitz said on January 15, 2019 at 6:36 pm
    Reply

    I am sure this is the exception not the rule. No doubt, something went wrong with the GWX removal on this machine. It serves a single purpose and thus goes for very long stretches without Windows Updates. That said, I agree with Kevin in not forgiving Microsoft for the whole GWX thing.

  15. pHROZEN gHOST said on January 15, 2019 at 7:29 pm
    Reply

    I have Windows 7 Pro on an old AMD duo-core machine. It was installed from DVD just before Christmas. All updates were then applied from Windows Update. There are only a few manifest files with “GWX” included in the name. There are no other signs of the exes or scheduled tasks.

    MS may not have pushed their GWX in updates I got since my pre-Christmas install. So they could do it again in the future.

    I believe there is another reason I may not be seeing it. My machine is probably too old to be updated with Win X. It was bought with Windows Vista installed. There is no video driver for the old NVIDIA chip in it for Win X. I did have it running Win X with a Win 8 video driver. But, with each new update MS put out, the machine got slower and slower. It’s much faster with win 7.

  16. stefann said on January 15, 2019 at 9:45 pm
    Reply

    I have killed all updates by DENY “Everyone” access to WUAENG.DLL in System32-folder. Telemetry is killed via HOSTS and third party firewall.

    Windows 7 Ultimate x64 is installed from an ISO updated until May 2017.

    I only found these links to GWX after installation :

    amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23538_none_0f162766860b858c.manifest
    amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23538_none_ba618baef45f937a.manifest
    wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23538_none_196ad1b8ba6c4787.manifest

  17. OldNavyGuy said on January 16, 2019 at 3:37 am
    Reply

    Did an in-place upgrade on a couple of machines last year.

    Downloaded the Windows 7 ISO from heidoc, and updates from WSUS offline.

    Never saw anything related to GWX.

  18. Anonymous said on January 16, 2019 at 8:50 am
    Reply

    I was dead set against upgrading my Windows 7 machine to Windows 10.
    As the end of support approaches in January, 2020, I am more receptive to the idea of upgrading to Windows 10 next December.

    My new Windows 10 computer makes me like Windows 7 even more.

  19. Anonymous said on January 16, 2019 at 5:19 pm
    Reply

    I have some gwxold folders left , made it myself. No traces found. Still have GWX control panel installed, after Msoft became crooks, culminating with that click on the red X. That was uncalled for. Definitely lost all my trust in them then and there.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.

Be polite: we do not allow comments that threaten or harass, or are personal attacks. Please leave politics and religion out of discussions!