vissha Posted February 10, 2017 Share Posted February 10, 2017 Microsoft Re-Releases Snooping Patches KB 2952664, KB 2976978 Earlier versions of the Win7 and 8.1 patches kicked off enhanced snooping routines, and there's no indication what's changed in these versions We don't know what KB 2952664 (for Windows 7) and KB 2976978 (for Windows 8.1) actually do. But both patches have been shown in the past to trigger a new Windows task called DoScheduledTelemetryRun. The patches appeared in the Automatic Update chute earlier todayas Optional, so they won't be installed unless you specifically check and install them. But in the past, the Optional versions have been converted rapidly to Recommended, and thus installed on most machines. The last release of KB 2952664 went from Optional to Recommend in a week. Microsoft's descriptions of the patches are quite bland: Quote This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update. GWX, of course, is Microsoft's malware-like "Get Windows 10" campaign that plagued Windows 7 and 8.1 users last year. I last wrote about the patches on Oct. 5, 2016: Quote A Microsoft spokesman says it isn't bringing back the "Get Windows 10" campaign, but our old nemesis KB 2952664 reappeared suddenly yesterday afternoon, and Windows users are livid -- and scared. The revision dates on the KB articles don't instill any confidence. When I wrote about KB 2952664 last October, I noted that the KB article was up to revision 25, dated Oct. 4, 2016. The current KB article, dated Feb. 9, 2017, is at revision 11. I have no idea what's up. Why is Microsoft releasing this CEIP diagnostic program on a Thursday? Why isn't it being held for next Tuesday's Monthly Rollup? Why does it fall outside the announced schedule of Security Only and Monthly Rollup patches? Why did the revision numbers change? But I do know that earlier versions of these patches triggered new snooping scans, whether the Customer Experience Improvement Program is enabled or not. And I do know that Microsoft hasn't documented much at all. Discussion continues on the AskWoody Lounge. AskWoody Lounge - Comments Source Alternate Source: Windows KB2652664 And KB2976978 Telemetry Updates Re-Released (Again) Link to comment Share on other sites More sharing options...
radeonxt Posted February 10, 2017 Share Posted February 10, 2017 The answer is due to this, hehehe https://www.nsaneforums.com/topic/286323-microsoft-indirectly-confirms-windows-10-growing-painfully-slow/ Link to comment Share on other sites More sharing options...
Karlston Posted February 11, 2017 Share Posted February 11, 2017 Windows 7/8.1: Update KB2952664 / KB2976978 re-released Microsoft has re-released optional update KB2952664 for Windows 7 SP1 and optional update KB2976978 for Windows 8.1. Both are “snooping” updates for telemetry. I’ve covered both updates already in October 2016 within my blog post Some confusion about Updates KB2952664/KB2976978. Microsoft released those two updates a couple of times within the past. They declare it as ‘compatibility updates’ for Windows 7 and Windows 8.1, but it’s Telemetry updates Windows 7: Update KB2952664 Update KB2952664 has been released on February 9, 2017 for Windows 7 SP1 – I received it yesterday on one of my machines (see screenshot below). As noted above, Microsoft names it as “Compatibility update for keeping Windows up-to-date in Windows 7”, but says within it’s KB2952664 article: This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update. So, it’s a re-release of an update, that has been issues many times in the past, to force Windows 7 users to upgrade to Windows 10. Since August 2016, Microsoft has removed the GWX upgrade functionality. But the telemetry component is still there and will be extended during each re-release (the size of the package increases). My recommendation: Hide this update and you will be done. Windows 8.1: Update KB 2976978 Also Windows 8.1 received an optional update KB2976978 (Compatibility update for keeping Windows up-to-date in Windows 8.1 and Windows 8), that’s nothing else as an telemetry update. It can be hidden in Windows Update to, because it’s imho not needed. Open questions The question is “why Microsoft re-releases those updates, although they has been installed on many machines, and why as a extraordinary update on a Thursday?” Microsoft kb articles doesn’t give a clue what’s in. Woody Leonhard wrote months ago on Ask Woody: I’ve just been told of a significant reason why some folks may want to install this new version of 2952664. It looks like the patch is used by the Windows Update Analytics service – and this is their telemetry hook. That’s it. Microsoft has published a Technet article Get started with Upgrade Analytics in August 2016, explaining what telemetry data collection is for. It may be useful for companies, planning an inventory before upgrading many machines to Windows 10. But why Microsoft has re-released those updates again, without giving details? Woody Leonhard has also published this InfoWorld article raising similar questions about he re-release of those updates. He also published at Askwoody this article, pointing to two comments dealing with telemetry data collection in Windows. How to get rid of telemetry in Windows 7 / 8.1? In case, you intend to rip off telemetry data collection from your Windows 7 / Windows 8.1 system, some blog reader posted a link Meine Methode die Telemetrydatenerfassung auszuhebeln to a German forum post. It’s still in German, so here is a raw English version: Microsoft has released the following updates containing Telemetry functions – so these updates shall be uninstalled. KB971033 Description of the update for Windows Activation Technologies KB2952664 Compatibility update for upgrading Windows 7 KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows KB3021917 Update for Windows Customer Experience Improvement Program KB3022345 Update for customer experience and diagnostic telemetry KB3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1 KB3044374 Update that enables you to upgrade from Windows 8.1 to a later version of Windows KB3068708 Update for customer experience and diagnostic telemetry KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 KB3080149 (update for CEIP and telemetry) Then you need to stop and uninstall the old Telemetry service. Open an administrative command prompt (“Run cmd as administrator”) and enter the following commands: sc stop Diagtrack sc delete Diagtrack Unfortunately Microsoft uses the new compattelrunner.exe tool to collect telemetry data [BTW: compattelrunner.exe has been known as a trouble maker driving many systems CPU and RAM load to 100%]. This file is located at \windows\system32, but it’s not a service. The task will be launched via task planner. The program sends data to the following Microsoft severs: onesettings-hk2.metron.live.com.nsatc.net onesettings-bn2.metron.live.com.nsatc.net onesettings-cy2.metron.live.com.nsatc.net vortex-hk2.metron.live.com.nsatc.net vortex-db5.metron.live.com.nsatc.net But it doesn’t help to block those URLs in hosts file, because Windows ignores these settings. You need to inspect Task planner and search in branch Microsoft – Windows for: “Application Experience” delete all tasks “Autochk” delete all tasks “Customer Experience Improvement Program” delete all tasks “Disk Diagnostic” delete task “Microsoft-Windows-DiskDiagnosticDataCollector” “Maintenance” delete “WinSAT” “Media Center” click “status” column and deactivate all active tasks Then launch Windows Services manager via services.msc and set the “Remote registering” Service from “Deaktivated” to “Manual”. In a last step, the user recommends to delete the following files and folders: \windows\system32\compattel – delete the directory \windows\system32\compattelrunner.exe delete this file It requires to take ownership for those files and folders. But note, I haven’t tested it – so you are at your own risk – and we don’t know how long this trick will work. But it’s maybe helpful. Source: Windows 7/8.1: Update KB2952664 / KB2976978 re-released Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.