Microsoft’s Sneaky Spybot

Posted on Updated on

Photo Powered by Google Drive
Microsoft Windows

Microsoft is Spying on You! 👿

Haven they learn anything yet, that we’re PowerUsers capably of launching Missiles from orbit

The community has been on the edge over Microsoft’s new Privacy Settings in Windows 10 and they should be considering this article covers what Microsoft has been doing with Windows 7, 8 and 10 operating systems.

I like to point out that there’s a little .bat and .vbs on github called BlockWindows capable of disabling Application Experience in the Task Scheduler, uninstalling those nasty Telemetry KB updates, IPs, and Services.

Microsoft has been criticized by privacy advocates in regards to the data hunger of its Windows 10 operating system. The operating system slurps data like there is no tomorrow, especially when systems are set up using the express settings. Experienced users may Disable Telemetry and Data Collection partially during setup, and then some more afterwards using the Registry or Group Policy.

Photo Powered by Google Drive

What makes this problematic however is the fact that it is nearly impossible to stop all of the data collecting that is taking place. The best way to deal with these updates is to make sure they are not installed. If they have been installed already, you may want to disable them.

Update

All the spying these days are more noticeable when ever, but when is comes to such services from a well know company like Microsoft you wouldn’t think that they would go as far as keeping track of everything you do. Before we go in guns blazing you may wanna read about Microsoft’s Telemetry Service before you take action.

These KB updates are sensually Windows Error Reporting Services that’s been around for decades. Its Microsoft’s way of collection information on details necessary to identify and help to fix problems. In later versions of Windows, the telemetry system was known as Windows Error Reporting, which traces its ancestry to the Dr. Watson feature from the earliest days of Windows. Disabling Windows Error Reporting Service in Windows XP would enable the old Dr. Watson reporting service.

Dr. Watson that came with early versions of Windows only obtain logs to diagnose a program error, you had to upload the log file for help. Were Windows Error Reporting was used to report computer and program errors to Microsoft basically the same thing that’s been happening well over 1.5 decades, so why should we care about Microsoft’s Telemetry service in Windows 10 and now Windows 7 and 8 versions. Honestly I’m just ready to expect the fact that this services is a mush have for future advancement for Microsoft to push forward, services packs are the days of hoping the driver it still available after the company goes bankrupt.

So there’s no on-off switch for this category of data collection. Instead, Windows 10 has three telemetry settings: Basic, Enhanced, and Full. Organizations running Windows 10 Enterprise or Education have the option to disable telemetry completely, although Microsoft recommends against it.

Basic: This level includes information about security settings, quality-related info (such as crashes and hangs), and application compatibility. Microsoft considers this information essential for maintaining and improving the quality of Windows 10. It contains only anonymous identifiers and can’t be used to identify an individual device or person.

Enhanced: This level includes the Basic information and adds details about how Windows and Windows apps are used, how they perform, and advanced reliability info.

Full: This setting, which is the default for Windows 10, includes all information from the previous levels, plus additional details necessary to identify and help to fix problems. Presumably, this category includes error reports and mini-dump files after serious crashes.

So again its completely up to you as a user to disable this data collection that Microsoft has in place, but for Windows 10 users it won’t be so Easily Done with Home and Professionals Editions, the versions that have this option are Enterprise or Education Editions. Even though you can’t disable it under the Home or Professional Editions of Windows 10, you most certainly can with Windows 7 and 8 versions. Why I’m against this feature in Windows 7 and probably not so much with Windows 8, is the fact that Windows 7 users never needed this services, when we already had Windows Error Reporting Service in place for diagnosing problems.

Found even more Instructions for disabling the unwanted telemetry/tracking service in Windows 7 and 8.1 by removing all KB Updates associated with upgrading to Windows 10. They can be uninstalled manually via elevated command prompt with the following commands:

wusa /uninstall /kb:3083710 /quiet /norestart
wusa /uninstall /kb:3083711 /quiet /norestart
wusa /uninstall /kb:3083325 /quiet /norestart
wusa /uninstall /kb:3083324 /quiet /norestart
wusa /uninstall /kb:2976978 /quiet /norestart
wusa /uninstall /kb:3075853 /quiet /norestart
wusa /uninstall /kb:3050265 /quiet /norestart
wusa /uninstall /kb:3050267 /quiet /norestart
wusa /uninstall /kb:3075851 /quiet /norestart
wusa /uninstall /kb:2902907 /quiet /norestart
wusa /uninstall /kb:3068708 /quiet /norestart
wusa /uninstall /kb:3022345 /quiet /norestart
wusa /uninstall /kb:2952664 /quiet /norestart
wusa /uninstall /kb:2990214 /quiet /norestart
wusa /uninstall /kb:3035583 /quiet /norestart
wusa /uninstall /kb:3021917 /quiet /norestart
wusa /uninstall /kb:3044374 /quiet /norestart
wusa /uninstall /kb:3046480 /quiet /norestart
wusa /uninstall /kb:3075249 /quiet /norestart
wusa /uninstall /kb:3080149 /quiet /norestart

For the following two updates, it is recommended to install them but to modify the registry with following procedure after installing them:

KB3065988 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: July 2015 more info
KB3065987 Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015 more info

After installing either of the above updates, open Registry Editor and navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows

Right-click on Windows and select option to create a new key and name it “WindowsUpdate”. Now right-click on the WindowsUpdate key you just created and select option to create new 32-bit DWORD and name it “DisableOSUpgrade”. Right-click on DisableOSUpgrade and select modify option and change value from 0 to 1.

The following services should also be stopped and removed from the system. In an elevated command prompt run the following, like to point out that has of now in Windows 7 for me WAP Push Message Routing Service wasn’t available. The Diagnostic Tracking Service will run for Windows machines 7 and up and WAP Push Message Routing Service is an other Windows 10 specific.

sc stop DiagTrack (Diagnostics Tracking Service)
sc stop dmwappushservice (WAP Push Message Routing Service)
sc delete DiagTrack
sc delete dmwappushservice
echo “” > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl

This step will only run on Windows 10 machines. The following command will disable telemetry. In registry editor ‘HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection, find the REG_DWORD key ‘AllowTelemetry’ value and change it to 0.

REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection /v AllowTelemetry /d 0 /t REG_DWORD /f (Note: If the key doesn’t exist for some reason then create it and set it to 0)

Microsoft’s Customer Experience Improvement Program, this step isn’t applicable to Window 10, only Windows 7 and 8. There are two options available for Task Scheduler Open the Task Scheduler and Under Task Scheduler Library\Microsoft delete the following items or disable them from the command prompt:

Everything under “Application Experience”
Everything under “Autochk”
Everything under “Customer Experience Improvement Program”
Under “Disk Diagnostic” delete only the “Microsoft-Windows-DiskDiagnosticDataCollector”
Under “Maintenance” “WinSAT”
“Media Center” and click the “status” column, then select all non-disabled entries and disable them.

schtasks /Change /TN “\Microsoft\Windows\Application Experience\AitAgent” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Application Experience\ProgramDataUpdater” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Autochk\Proxy” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Customer Experience Improvement Program\Consolidator” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Maintenance\WinSAT” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ActivateWindowsSearch” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ConfigureInternetTimeService” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\DispatchRecoveryTasks” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ehDRMInit” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\InstallPlayReady” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\mcupdate” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\MediaCenterRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURActivate” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURDiscovery” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscovery” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW1” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW2” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrScheduleTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\RegisterSearch” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ReindexSearchRoot” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\SqlLiteRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\UpdateRecordPath” /DISABLE

Now you can reboot. When you open Windows Update again it will ask to install whichever updates above were removed. Right-click on each one and select hide. There are a little more steps to take that involves jumping into your Host file and router blocking ports and URL’s, it ant recommend when you already have it under control. For businesses that may not like this new feature Microsoft introduced, can look at Third-party Software or start writing up your Super .Vbs Scripts and Batch files enjoy.

Aegis: Block all Windows 10 components on Windows 7 and 8

PhoneyVirus
PhoneyVirus
Has a passion for computer hardware and dream’s of been a professional technician one day, fairly educated on the subject and opened minded. Programing maybe one of many interest, but are divided into what you call time. When he ant learning what’s new, he’s usually jamming out on electric guitar or playing some awesome PC Game.

Advertisements