[German]Microsoft has re-released optional update KB2952664 for Windows 7 SP1 and optional update KB2976978 for Windows 8.1. Both are “snooping” updates for telemetry.
I’ve covered both updates already in October 2016 within my blog post Some confusion about Updates KB2952664/KB2976978. Microsoft released those two updates a couple of times within the past. They declare it as ‘compatibility updates’ for Windows 7 and Windows 8.1, but it’s Telemetry updates.
Windows 7: Update KB2952664
As noted above, Microsoft names it as “Compatibility update for keeping Windows up-to-date in Windows 7”, but says within it’s KB2952664 article:
This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.
So, it’s a re-release of an update, that has been issues many times in the past, to force Windows 7 users to upgrade to Windows 10. Since August 2016, Microsoft has removed the GWX upgrade functionality. But the telemetry component is still there and will be extended during each re-release (the size of the package increases). My recommendation: Hide this update and you will be done.
Windows 8.1: Update KB 2976978
Also Windows 8.1 received an optional update KB2976978 (Compatibility update for keeping Windows up-to-date in Windows 8.1 and Windows 8), that’s nothing else as an telemetry update. It can be hidden in Windows Update to, because it’s imho not needed.
The question is “why Microsoft re-releases those updates, although they has been installed on many machines, and why as a extraordinary update on a Thursday?” Microsoft kb articles doesn’t give a clue what’s in. Woody Leonhard wrote months ago on Ask Woody:
I’ve just been told of a significant reason why some folks may want to install this new version of 2952664. It looks like the patch is used by the Windows Update Analytics service – and this is their telemetry hook.
That’s it. Microsoft has published a Technet article Get started with Upgrade Analytics in August 2016, explaining what telemetry data collection is for. It may be useful for companies, planning an inventory before upgrading many machines to Windows 10.
But why Microsoft has re-released those updates again, without giving details? Woody Leonhard has also published this InfoWorld article raising similar questions about he re-release of those updates. He also published at Askwoody this article, pointing to two comments dealing with telemetry data collection in Windows.
How to get rid of telemetry in Windows 7 / 8.1?
In case, you intend to rip off telemetry data collection from your Windows 7 / Windows 8.1 system, some blog reader posted a link Meine Methode die Telemetrydatenerfassung auszuhebeln to a German forum post. It’s still in German, so here is a raw English version:
Microsoft has released the following updates containing Telemetry functions – so these updates shall be uninstalled.
KB971033 Description of the update for Windows Activation Technologies
KB2952664 Compatibility update for upgrading Windows 7
KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
KB3021917 Update for Windows Customer Experience Improvement Program
KB3022345 Update for customer experience and diagnostic telemetry
KB3044374 Update that enables you to upgrade from Windows 8.1 to a later version of Windows
KB3068708 Update for customer experience and diagnostic telemetry
KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
KB3080149 (update for CEIP and telemetry)
Then you need to stop and uninstall the old Telemetry service. Open an administrative command prompt (“Run cmd as administrator”) and enter the following commands:
sc stop Diagtrack
sc delete Diagtrack
Unfortunately Microsoft uses the new compattelrunner.exe tool to collect telemetry data [BTW: compattelrunner.exe has been known as a trouble maker driving many systems CPU and RAM load to 100%]. This file is located at \windows\system32, but it’s not a service. The task will be launched via task planner. The program sends data to the following Microsoft severs:
But it doesn’t help to block those URLs in hosts file, because Windows ignores these settings. You need to inspect Task planner and search in branch Microsoft – Windows for:
“Application Experience” delete all tasks
“Autochk” delete all tasks
“Customer Experience Improvement Program” delete all tasks
“Disk Diagnostic” delete task “Microsoft-Windows-DiskDiagnosticDataCollector”
“Maintenance” delete “WinSAT”
“Media Center” click “status” column and deactivate all active tasks
The launch Windows Services manager via services.msc and set the “Remote registering” Service from “Deaktivated” to “Manual”. In a last step, the user recommends to delete the following files and folders:
\windows\system32\compattel – delete the directory
\windows\system32\compattelrunner.exe delete this file
It requires to take ownership for those files and folders. But note, I haven’t tested it – so you are at your own risk – and we don’t know how long this trick will work. But it’s maybe helpful.
Some confusion about Updates KB2952664/KB2976978
Update Rollup KB3172605 for Windows 7 SP1/Server 2008 R2 SP1 screws up Bluetooth
Windows 7/8.1: Preview Quality Rollups KB3192403/KB3192404