[German]Microsoft has released a security-only update as of September 10, 2019. The Security-only update comes again with telemetry on board. Here is a review of what is known so far.
I had described the updates in the blog post Patchday: Updates for Windows 7/8.1/Server (Sept. 10, 2019).
Telemetry on board
For years, the rollup updates for Windows 7 were equipped with telemetry functions, but the security online updates were telemetry-free. Under WSUS, these updates are offered as standard anyway and installed in corporate environments.
Users who didn’t want any new telemetry functions, but are dependent on Windows Update, have manually installed the Security-online Updates. Unfortunately this model died. Already in July 2019 update KB4507456 comes with telemetry. I had reported in the blog post Windows 7 Update KB4507456 (security only) with Telemetry. The Security-only Update from August 2019 was shipped without Telemetry.
Security-only Update KB4516033 with Telemetry again
Shortly after the release of the updates I received a mail from blog reader Christoph W. with a hint to the telemetry functions in the security-only update KB4516033.
I just found out that on patchday under win 7 MS a new version of “CompatTelRunner.exe” was added! (firewall reported)
Christoph ran ZoneAlarm as a firewall, so one of them got a message. German blog reader Bolko also left a comment with details (thanks).
The security-only update KB4516033 contains telemetry again:
Previously, these files were included in the KB2952664 update.
This is of course a nasty situation. Apparently Microsoft want to find out why the machines aren’t being updated – at least that’s the only explanation I can think of.
Disable the Telemetry
The telemetry features have, besides the often unwanted data collection, the often unpleasant side effect that TrustedInstaller.exe causes a high CPU load (see this thread to Windows 8.1) or lead to problems. Some blog readers gave hints on how to disable the telemetry functions under Windows 7.
Disable Task in Task Planner
Bolko gave the tip in the comment here, to check in the task planner in the branch:
\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
whether the task is switched off. If the task is activated, the programs CompatTelRunner.exe and DiagTrackRunner.exe run daily, which collect the telemetry data and upload it to Microsoft.
You can open the entry by double-clicking it and then click on the Delete button on the Trigger tab to cancel the task. Or you can select Edit and uncheck the Enabled checkbox in the Edit Triggers dialog box.
Then at least the task is no longer executed.
Blog reader Christoph W. suggests stopping and deactivating the Diagnostic Tracking Service in question.
It is better to disable telemetry. Several steps are necessary:
1) Stop and deactivate the Diagnostic Tracking Service under the services.
2) Check in the registry whether it was successful. So check, if the entry
contains an entry “Start”.
Meaning of the values: 2 (automatic), 3 (manual) and 4 (deactivated)
3) Start editor for local group policies with gpedit.msc as admin.
Activate the entry “Deactivate application telemetry” under Administrative Templates > Windows Components > Application Compatibility.
Under Administrative Templates > Windows Components > Ease of Use Program: Disable Both Entries
At askwoody.com there is this post, that deals also with this telemetry topic. Also the article here discusses several workaround to deactivate telementry. It’s also possible, to use Software Restriction Policies to block CompatTelRunner.exe.