Windows7/8 - Updates to hide to prevent Windows 10 Upgrade / Disable Telemetry

I have been noticing lately a lot of people keep asking the same question on how to prevent the Windows 10 upgrade so here is a list of updates that need to be hidden in order to prevent the Windows 10 Upgrade or prevent updates that enable Telemetry, some of them are system preparation for the upgrade so you may not find them all in your updates list until a prerequisite update was installed before.

If doing a clean installation of Windows 7 or 8, you need to scan the list of updates carefully everytime updates appear to ensure none of them re-appears as Micro$h4ft has been showing some of them again even if you hide them.

Update: Since I have created a Windows 7 Clean Installation Guide, I now have the images of every single phase of Windows Update after a clean install to help you with the fishing for bad updates job:

Update 2: for an easier and safer method to update a freshly installed Windows 7 machine, use the Simplix Pack which installs all the latest updates minus the bad ones. If you use the Simplix Pack, then you do not have to worry about the below spoiler of manually checking for every update being installed as the Simplix Pack contains the latest updates minus the bad ones.

Spoiler

NOTE: Never install mixed updates together unless you want them to fail or for your OS to be fux0red. Example, I once installed all the security and windows updates together, a few of them failed, after I rebooted, GPEDIT.MSC would not launch and Event Log Viewer wouldn't run as well. Let's do this one stage at a time.






























































=================================================
Now that we are done with all the Windows Updates, run the Disk Clean up, then run Disk Clean Up again but choose to clean system files and select all components, then reboot and proceed with creating your first system image using your favorite imaging software:





















Note: After the disk cleanup is done and you reboot, you may get the same updates that we hid before show up in Windows Updates, simply hide them again and they're gone forever.

If you have already installed Windows and did a few updates, then head over to Control Panel > Programs and Features > View Installed Updates then go from the top to the bottom through the list to ensure none of them is installed, if you do find one installed, then uninstall it, reboot, then check for updates and once it appears right click on it and hide it.

These Windows 10 upgrade activation updates are like a virus really, only thing is, it's a legit virus


=============================================================
First of all, for Windows 7 users, let's install the Disable IE 10 and IE 11 toolkit in order for them to not showup in Windows Updates because if one installs them, he would get KB2670838 installed automatically as they come bundled with them which will break the AERO functionality on many systems and/or display blurry fonts in your browser on some sites.

IE10 BlockerToolkit

IE11 BlockerToolkit

Once you run any of the above downloaded EXEs, it will ask you to extract the contents to a folder. Select the folder you want then go through the Read Me File for instructions.

Here is how I blocked IE 10/11 on my system. Note that my computer name is PREDATOR hence you need to replace PREDATOR with your computer name.



PS: Credit to @octiceps for letting me know these tools exist.
=============================================================
KB2505438 (Although it claims to fix performance issues, it often breaks fonts)
KB2670838 (The EVIL Update, breaks AERO on Windows 7 and makes some fonts on websites fuzzy, Windows 7 specific update only, do not install IE10 or 11 otherwise it will be bundled with them, IE9 is the max version you should install)
KB2882822 (Update adds ITraceRelogger interface support to Windows Embedded Standard 7 SP1, Windows 7 SP1 and Windows Server 2008 R2 SP1 )
KB2902907 (Microsoft Security Essentials)
KB2952664 ("Get Windows 10" Assistant)
KB2976978 (Windows 10 Upgrade preparation for Windows 8)
KB2977759 (Windows 10 Upgrade preparation for Windows 7)
KB2990214 (Windows 10 Upgrade preparation for Windows 7)
KB3012973 (Force Trigger Download and Install of Windows 10)
KB3015249 (Adds telemetry points to consent.exe in Windows 7 & Windows 8)
KB3021917 (Windows 10 Upgrade preparation + Telemetry)
KB3022345 (Telemetry)
KB3035583 (GWX Update installs the "Get Windows 10" app in Windows 7 & Windows 8)
KB3042058 (Microsoft claims its a security update but it contains Winlogon Spying)
KB3044374 (Windows 10 Upgrade for Windows 8 systems)
KB3050267 (Windows 10 upgrade preparation but also adds the option in GPEDIT to disable Windows 10 upgrade altogether so you may want to actually install this)
KB3064683 (Windows 10 Upgrade for Windows 8)
KB3065987 (Windows 10 Upgrade for Windows 7)
KB3065988 (Windows 10 Upgrade for Windows 8)
KB3068708 (Telemetry)
KB3072318 (Windows 10 Upgrade preparation for Windows 8)
KB3074677 (Windows 10 Upgrade preparation)
KB3075249 (Telemetry)
KB3075851 (Windows 10 Upgrade for Windows 7)
KB3075853 (Windows 10 Upgrade for Windows 8)
KB3080149 (Telemetry)
KB3081437 (Windows 10 Upgrade preparation)
KB3081454 (Windows 10 Upgrade preparation)
KB3081954 (Telemetry Update for Windows 7)
KB3083324 (Windows 10 Upgrade preparation for Windows 7)
KB3083325 (Windows 10 Upgrade preparation for Windows 8)
KB3083710 (Update for the Windows Update client with sketchy details for Windows 7, see this thread)
KB3083711 (Update for the Windows Update client with sketchy details for Windows 8, see this thread)
KB3086255 (Flagged as an Important update. It disables SafeDisc games in Windows Vista, 7, and 8/8.1)
KB3088195 (Miscorosft Claims it's a security update but also has a key logger on the Kernel Level)
KB3090045 (Windows 10 Upgrade Update for Windows 7/8)
KB3093983 (Microsoft claims it's a security update but it contains IE spying)
KB3102810 (Fixes an issue regarding long wait while searching for Windows Updates but also has Windows 10 Upgrade preparation for Windows 7)
KB3102812 (Fixes an issue regarding long wait while searching for Windows Updates but also has Windows 10 Upgrade preparation for Windows 8)
KB3107998 (Removes Lenovo USB Blocker)
KB3112336 (Windows 10 Upgrade for Windows 8)
KB3112343 (Windows 10 Upgrade for Windows 7)
KB3123862 (Windows 10 Upgrade for Windows 7 & 8)
KB3125574 (Telemetry for Windows 7)
KB3133977 (adds UEFI Secure Boot to Windows 7 computers and renders them unbootable)
KB3135445 (Windows 10 Upgrade for Windows 7)
KB3135449 (Windows 10 Upgrade for Windows 8)
KB3138612 (Fishy update to for Windows Updates)
KB3138615
KB3139929 (Fishy update for Windows 7/8 to Windows 10 Upgrade)
KB3139923 (Update adds a point telemetry consent.exe file)
KB3146449 (Windows 10 Upgrade for Windows 7/8)
KB3150513 (Windows 10 Upgrade for Windows 7/8)
KB3161608 (Update adds a point telemetry consent.exe file)
KB3163589 (Report on the work of running an outdated version of Windows)
KB3172605 (Update adds a point telemetry consent.exe file)
KB3173040 (Windows 10 Upgrade notice)
KB4012218 (Windows Update processor generation detection)
KB4012219 (Windows Update processor generation detection)
KB4015546 (Hardware check for CPU Platform for Windows 7)
KB4015547 (Hardware check for CPU Platform for Windows 8)
KB2976978 (Useless diagnostics update for those who participated in the Windows improvement program)


=============================================================
To uninstall all the above updates in one shot rather than looking for any of them if they are installed or not as it can be a daunting task to go through the large list of installed updates, @Ethrem created a great script that does this job. Please make sure to rep him for his hard work.

Download the "Remove Telemetry-Win10 Upgrade Updates Script" then extract it from the ZIP file. After that, you need to right click on it and choose Run as Administrator and wait for the on screen message to display that all updates have been uninstalled.

Reboot after that and search for Windows updates again, once you see them bad updates re-appear, just right click on them and select HIDE from the context menu.

To do this manually for each update, simply run the below command in an elevated command prompt.

Code:

wusa /uninstall /kb:2505438 /norestart

Replace the number in red with the KB Update # you want to uninstall.

=============================================================
Additionally, please go to Task Scheduler and disable the following items:

Note: instead of doing this manually, you can simply download this batch file I created, right click on it and choose Run as Administrator and it will disable all the privacy related tasks.

Download Disable Task Scheduler Privacy Related tasks Batch File









=============================================================
Please ensure you have KB3050265 (Which fixes a major leak in Windows Updates that causes slow scanning and also adds the option to disable automatic update to the latest Windows Virus) then head over to Group Policy Editor and to this:
View attachment 128267

=============================================================
Finally, create an empty TXT in notepad and copy/paste the below text then save it as hosts without any extension; then copy this file to C:\Windows\System32\drivers\etc overwriting the existing file then reboot.

This hosts file will block OpenCandy Malware, Telemetry, and a few dangerous domains like SourceForge. Feel free to remove any entry you don't want to block.

Spoiler: Ultra Male Hosts File

Code:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  102.54.94.97  rhino.acme.com  # source server
#  38.25.63.10  x.acme.com  # x client host

127.0.0.1 localhost
127.0.0.1 bi.bisrv.com
127.0.0.1 www.softonic.com
127.0.0.1 softonic.com
127.0.0.1 sourceforge.net
127.0.0.1 www.bestvistadownloads.com
127.0.0.1 image.online-convert.com/convert-to-ico
127.0.0.1 tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 media.opencandy.com
127.0.0.1 cdn.opencandy.com
127.0.0.1 tracking.opencandy.com
127.0.0.1 api.opencandy.com
127.0.0.1 offer.alibaba.com
127.0.0.1 a.ads1.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 a.ads2.msn.com
127.0.0.1 ads1.msads.net
127.0.0.1 ads1.msn.com
127.0.0.1 adsmockarc.azurewebsites.net
127.0.0.1 ads.msn.com
127.0.0.1 b.ads1.msn.com
127.0.0.1 b.ads2.msads.net
127.0.0.1 bingads.microsoft.com
127.0.0.1 dl.delivery.mp.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 sb.scorecardresearch.com
127.0.0.1 spynet2.microsoft.com
127.0.0.1 spynetalt.microsoft.com
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 survey.watson.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 telemetry.appex.bing.net
127.0.0.1 telemetry.microsoft.com
127.0.0.1 telemetry.urs.microsoft.com
127.0.0.1 vortex-sandbox.data.microsoft.com
127.0.0.1 vortex-win.data.microsoft.com
127.0.0.1 watson.live.com
127.0.0.1 watson.microsoft.com
127.0.0.1 watson.ppe.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 wes.df.telemetry.microsoft.com
::1 localhost

(Note: You may notice that my list of entries in the HOSTS file are less than those found on other sites, reason being is after testing, when some of the addresses were in the HOSTS file, it caused problems connecting to some Micro$h4ft sites like the Micro$h4ft Office account page for managing your office subscriptions and OneDrive; but as long as you use this list along with O&O Shutup10 you should be safe.)
=============================================================

 

Thank you for this . This has been really ticking me off...time to nuke them

 

You should add a link to this thread in your forum signature.

 

Roger that boss.

 

Thank you for the list and for keeping up with all the new updates Windows has been putting out!
I'll be doing another round tonight to see if any of these updates slipped past me.

 

Well so far I have found 10 of the 15 posted here and from another another thread.

 

Do you mean I missed any updates? please tell me which ones to add them to the list.

 

Ok these are the ones you posted here and another thread but I now see you have update it since then..
kb:3021917 done 6/11/15
kb:3035583 done 7/17/15
kb:2990214 done 5/13/15
kb:3050265
kb:2952664 done 8/12/15
kb:3022345 done 5/13/15
kb:3068708 done 6/11/15
kb:3080149
kb:3075249
kb:3065987 done 7/17/15
kb:3075851 done 8/12/15
KB2505438
KB2670838 done 4/28/14
KB2952664 done 8/12/15
KB29766978

I will check in later tonight...work tonight

 

3035583 keeps coming back even after I hide it. I think that is the one that displays win 10 update icon.

 

Toolkit to Disable Automatic Delivery of Internet Explorer 10