What is devicecensus.exe on Windows 10 and why does it need Internet connectivity?
If you are using a firewall on your Windows 10 PCs and have configured the protective layer to inform you about new processes that try to establish outbound connections, you may have noticed that a program called devicecensus.exe attempting to establish a connection regularly.
I noticed the process on a Windows 10 version 1809 machine. The process would try to establish an Internet connection shortly after startup.
A few questions may come to mind:
- Is devicecensus.exe a legitimate process?
- Why does it require Internet connectivity?
- Is it related to Telemetry?
- What kind of information is it transmitting?
What is devicecensus.exe on Windows 10?
The program devicecensus.exe is a legitimate Windows file provided that it is signed by Microsoft and found in the folder C:\Windows\System32 (the Windows installation location may vary depending on how this was set up during installation).
Users or system administrators cannot delete or rename the file in the location.
The process is started by a scheduled task that is run once per day. The task was set to run at 3:00 AM every day and by custom triggers as well on a test machine running Windows 10 version 1809.
You may check the task in the following way:
- Open the Start Menu.
- Type Task Scheduler and load the result once search results are displayed.
- Go to Task Scheduler Library > Microsoft > Windows > Device Information
- There you should find a single task called Device.
If you check under the Actions tab, you will find devicecensus.exe listed there as the action.
Tip: system administrators may right-click on the task and select disable to turn it off.
The process appears to have been a part of Windows 10 for some releases including Windows 10 version 1803 and 1809. It caused several issues in the past that Windows users reported including:
- Trying to access the webcam of the system.
- Reliability History reporting it as stopped working regularly.
A Microsoft support agent provided the following information in June 2017 about devicecensus,exe on the company's Microsoft Answers support forum:
In order to target builds to your machine, we need to know a few important things:
- - OS type (home, pro, enterprise, etc.)
- - region
- - language
- - x86 or x64
- - selected Insider ring
- - (etc)
This is the background process that runs to check your machine and tell us which build we should send to you. :)
The process submits information about the operating system to Microsoft and Microsoft stated that the information is used to target builds.
Is devicecensus.exe needed to use Windows Update?
Microsoft stated that it uses the information to target builds to systems. Does it mean that systems won't receive updates when you disable the task from running or block it from connecting to the Internet?
To find out, I uninstalled the latest cumulative update that was installed on the system. I fired up Windows Update after the required restart and the update was offered to the system when I did so.
I did not test if devicecensus.exe is required for feature updates or Windows Insider builds. It is possible that Microsoft uses it for these but it is easy enough to enable the task again for that or use third-party means to install the latest feature updates on Windows 10 PCs without using Windows Update at all.
Recommendation: Disable the task or block the outbound connection of the devicecensus.exe task.
Now You: What is your take on the task?
On 1803 there’s another app by Microsoft called compattelrunner.exe that wants to connect to the internet as well. Anybody know what it is?
Hi all
My God ! I find this funny ! The name of the file is enough to tell you what you need to know about it, without any speculation involved ! Considering the volume of information which Microsoft has already collected about its users, I would classify this as MILD in comparison.
Given, the chequered history of Microshaft’s telemetry and security, what strikes me, is how this could be turned into a security risk, if it were appropriately modified by a malicious party, its a perfect template for this purpose, as are all telemetry based applications embedded in the Win10.
Perhaps, if Microshaft were not so telemetry hungry, these sorts of problems would be reduced significantly, do they care ? probably not, as long as the landslides of cash keep rolling in.
The least that they could do, is try to ensure the security of their users when submitting telemetry, I don’t know if this already exists, I don’t use Winblows, but I will hazard a guess that it does not, because it would incur more expense, and like all vampiric corporations they live by “minimum investment for maximum return”.
I wonder how many other little known, embedded, and hidden telemetry services, working in the background, could be used as malicious templates, for compromising user security ?
Makes you wonder doesn’t it ?
Peter Newton [London UK]
I have the task in LTSC (and the exe file I can see it if I search system-wide via Everything). The task however has never run by the looks of it. I don’t know if it’s either not supposed to or something related to the way I have configured the OS.
Yuliya, I have LTSC 21H2 and the task last ran today.
It’s set to run on 9/1/2008 @3:00AM and repeat every 1 day with the option to delay the task for up to 2 hours. The duration is set to ‘Indefinitely.’
But it also has a Custom trigger, which makes it more difficult to know exactly what’s going to trigger it. To figure that out, you CAN venture into C:\Windows\System32\Tasks (after you unblock the UAC perms for the folder). Inside that folder should exist a .xml file of the same name as the task. At the bottom of that file, sometimes you can get hints to how the custom trigger works.
My concern about this file, is what this article says was stated by a MS rep. That it gathers info needed to send target builds. My system uses a Group Policy to lock the target builds to never upgrade past the version that I’m currently on. I would be concerned that disabling this task could affect my desired build targeting.
I guess I’ll have to look further into it.
Btw, I disabled the task, it was enabled by default.
After activating windows and then setting it up for privacy, MS never sees a box I setup again, ever.
I also like to disable Task Scheduler with extreme prejudice. First, I delete all files in the below dirs and all sub dirs: one of which is where the individual Tasks that appear inside of Task Scheduler (I forget which dir actually contains the TS files because they were deleted a long time ago)…
C:\Windows\Tasks
C:\Windows\System32\Tasks
I next go into this reg key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule
Set permissions to take ownership and full control of it, and set the “Start” parm appearing under that key to a value of 4 – which means do not start. Upon the next boot, Task Scheduler will be completely disabled.
Caveat: You loose a few Windows features doing this, such as automated backup/restore points, defrag via disk tools pane, etc… But there are easy workarounds, such as running defrag from the cli etc.
What is devicecensus.exe? https://en.wikipedia.org/wiki/Spyware
The article informs readers of the result from a micro-sample population test (one user) who, reportedly, uninstalled one cumulative update after deleting a scheduled task created by Microsoft, a task that may or may not be involved [the sources are murky] with update checking/installing in version 1809 of Windows 10, a task named “devicecensus.exe.”
It then chronciles the successful reinstall of the aforementioned cumulative update that had been purposely uninstalled for the test even though the scheduled task–devicecensus.exe–that was supposedly required to allow such updating success was deleted/disabled/vaporized by the user.
Therefore, it was determined, that all users of version 1809 Windows 10 should follow the carefully outlined procedure to delete the scheduled task since the task sends information to Microsoft and could be jeopardizing the privacy of users.
It’s this type of reasoning that usually spells trouble for users later down the road when they want to upgrade to a new version: They have “opitimized” their performance and privacy settings to the extent that Windows can’t upgrade correctly.
I would venture to say that 95% of the problems Windows’ users have, problems that are reported quite often, are the sole result of so many users tinkering with settings that Windows needs to successfully continue to run and update and upgrade.
Just a thought . . . .
Not our problem. Windows is horribly designed and dishonest. If it wasn’t full of spyware and bloatware that is FORCED on users by Microsoft people wouldn’t go to so much trouble to disable it. Microsoft has no excuse for it’s malevolent, self-serving behavior.
What’s the firewall application you’re using in the screenshot?
It is Windows Firewall Control. See our review here: https://www.ghacks.net/2009/11/09/windows-7-firewall-control/
Thank you Martin!
Unfortunately, it’s one of those scheduled tasks which re-enable themselves automatically. Couldn’t figure out how or when. I accumulated a batch file which supposedly takes care of such things, and I use it after every update. So it’s not just that. I’m getting really tired of hunting down new home calling crap with every freaking Windows version.
I’m on 1903 and I discovered it first on 1809. My firewall blocks it since. I didn’t notice any ill effects so far.
Another “feature”? Sounds like disguised telemetry to me. No thank you.
I blocked it an disabled the task when it came up.
Fortunately I wrote a script that delete ALL schedulled tasks.
All tasks are useless to me and I PROUDLY don’t use antivirus.
This paranoic generation is worried about security for no reason.
I wrote two, one that deletes the entire OS at shutdown and another that reinstalls it on startup.
Better safe than sorry; belt, suspenders and hip boots for me!
No more tin foil hat needed; those things get hot.
Just the name alone would indicate a inquiry into gathering info on the device. Possibly for driver updates or verifying you have the necessary criteria for a certain update. Such as using this as a tool to determine if a block is required for a certain device. I see Windows 10 as a micro managed attempt from Microsoft to better update the vast differences in devices out in the ecosystem. I am not sure that it has really helped? But I guess give Microsoft a C for effort. Knowing more about how each device is setup should help, but has that translated into better update stability is somewhat questionable.
Just the name alone would indicate a inquiry into gathering info on the device. Possibly for driver updates or verifying you have the necessary criteria for a certain update. Such as using this as a tool to determine if a block is required for a certain device. I see Windows 10 as a micro managed attempt from Microsoft to better update the vast differences in devices out in the ecosystem. I am not sure that it has really helped? But I guess give Microsoft a C for effort. Knowing more about how each device is setup should help, but has that translated into better update stability is somewhat questionable.
@ Martin
You are using Windows Firewall Control. I’ve used WFC since your report in August 2018. WFC reports any program which attempts to make outbound connections and lets me block or allow them.
WFC has been a huge help in blocking questionable apps which have (very rarely) sneaked on to my Laptop.
Thanks Martin
@T J : How did Windows 10 “sneak” in to Your laptop ????
@ stefann
LOL :)
Reading comprehension isn’t really your thing, is it?
And irony isn’t really your thing, is it?