Jump to content

KB4462926 from Oct. 2018 contains telemetry components


pcalvert

Recommended Posts

It appears that last month's KB4462926 contains telemetry components. I discovered it yesterday when one of my anti-malware defenses detected new stuff trying to run. What's annoying is that I'd previously opted out of this, and also disabled telemetry (as best as I could). It looks like I will need to resort to more aggressive countermeasures.

Phil

 

generaltel.dll Properties - Details_2018-11-14.png

generaltel.dll Properties - General_2018-11-14.png

CompatTelRunner.exe Properties - Details_2018-11-14.png

CompatTelRunner.exe Properties - General_2018-11-14.png

invagent.dll Properties - Details_2018-11-13.png

invagent.dll Properties - General_2018-11-13.png

Link to comment
Share on other sites


Great! :(  That means it's likely present in the Server 2012 update that I'd use for Windows 8.

Damn that @NoelC - it appears he's right again.  See I've been waiting for the ABSOLUTE GREEN LIGHT to install updates from December 2017 onwards (skipping only the month with the Spectre and Meltdown mitigations).  I just wouldn't feel right in October 2023, having only updated my system to five years ago.  But it's almost starting to make sense.  My whole reason for sticking with Windows 8 was that Microsoft seemed to leave it alone, yet I could still manually patch it.

I'll be interested in what measures you come up with @pcalvert

Link to comment
Share on other sites

Well, there was a security-only update (KB4462941) that I could have installed instead, and that's probably what I should have done. Regarding my approach, I decided a long time ago that avoiding updates isn't really a viable long-term option. And even if I am somewhat successful at avoiding unwanted components, there's a good chance that they'll eventually sneak in at some point. That being the case, I decided that I will learn how to disable the unwanted software so it's not able to run.

Phil

 

Link to comment
Share on other sites

I have these files on my (almost) only with its own updates Windows 8, they must be compatibility telemetry elements. Having my network being monitored with NetBalancer: CompatTelRunner.exe has some communication with the internet, mostly after searching for Windows updates (of course there is only the MRT stuff now), invagent.dll rarely communicates with the internet (and with very low bandwidth) and generaltel.dll, well..., I discovered its existence today.:whistle:

Edited by HarryTri
Link to comment
Share on other sites

On 11/15/2018 at 3:53 PM, Jody Thornton said:

Great! :(  That means it's likely present in the Server 2012 update that I'd use for Windows 8.

AFAIK these telemetry updates are only included in the 8.1 and 7 Monthly Rollups. Windows 8 still hasnt incorporated any kind of telemetry in its Rollups.

On 11/15/2018 at 4:31 PM, Jody Thornton said:

Does anyone have such a list of updates to block on Windows Server 2012?  I understand there would be low demand for such a thing, but I was just curious.

I've been compiling EOL updates for Windows 8.0 (basically from its launch all the way to January 2016) and have a sort of list of updates that either:
a) Add telemetry
b) Add upgrade components for Windows 8.1
c) Add nag screen for you to upgrade to either Windows 8.1 or Windows 10

I'll let you know when I get to my main PC, where I stored those files.

On 11/15/2018 at 5:10 AM, pcalvert said:

It appears that last month's KB4462926 contains telemetry components

It also contains an update for several files for Windows Update, which means most tools to circumvent the CPU block are now useless... Beware anyone with a Kaby Lake CPU or a Ryzen.

Link to comment
Share on other sites

On Πέμπτη, 22 Νοεμβρίου 2018 at 11:43 AM, greenhillmaniac said:

AFAIK these telemetry updates are only included in the 8.1 and 7 Monthly Rollups. Windows 8 still hasnt incorporated any kind of telemetry in its Rollups.

What about compatibility telemetry (the files are present on Windows 8 with the until the EOL updates)? Yet there isn't really a reason to worry, Microsoft has forgotten Windows 8 altogether... (this has its good side though). As for Windows Server 2012, I don't know if they are interested in server only telemetry at all.

Link to comment
Share on other sites

Here's the list of unwanted updates for Windows 8.0:

  • KB2871389 - Update is available that prepares Windows 8 and Windows RT-based computers for the update to Windows 8.1 and Windows 8.1 RT
  • KB2885699 - Update is available that enables a notification to be displayed that helps you update Windows 8 or Windows RT to Windows 8.1 or Windows RT 8.1
  • KB2957026 - Update for Windows 8.1 Upgrade notification in Windows 8 and Windows RT
  • KB2976978 - Compatibility update for keeping Windows up-to-date in Windows 8.1 (It says 8.1 but it's also available for 8.0)
  • KB3008273 - An update to enable an automatic update from Windows 8 to Windows 8.1
  • KB3150513 - Latest compatibility definition update for Windows
  • KB3163589 - "Your PC is running an outdated version of Windows" notification (MS released this after 8.0's EOL)
17 hours ago, HarryTri said:

What about compatibility telemetry (the files are present on Windows 8 with the until the EOL updates)? Yet there isn't really a reason to worry, Microsoft has forgotten Windows 8 altogether... (this has its good side though). As for Windows Server 2012, I don't know if they are interested in server only telemetry at all. 

If you go into the Server 2012 Update history site, you can download the list of files contained in each update in a CSV format. Opening it with a decent text editor you can search for the telemetry components listed in the OP and, so far, the files weren't listed in them (once again, good news for 8.0 users).

Link to comment
Share on other sites

On Κυριακή, 25 Νοεμβρίου 2018 at 4:28 PM, greenhillmaniac said:

If you go into the Server 2012 Update history site, you can download the list of files contained in each update in a CSV format. Opening it with a decent text editor you can search for the telemetry components listed in the OP and, so far, the files weren't listed in them (once again, good news for 8.0 users).

Surely, that's even better.:cool:

Link to comment
Share on other sites

2 hours ago, HarryTri said:

Surely, that's even better.:cool:

Now what I'd want to know is that, if I install all of the updates for Server 2012, from December 2017 to current (but skipping whichever month has Spectre/Meltdown), would I incur slow downs of a significant type?  Is it OK to skip the month's update?

 

Link to comment
Share on other sites

37 minutes ago, Jody Thornton said:

Now what I'd want to know is that, if I install all of the updates for Server 2012, from December 2017 to current (but skipping whichever month has Spectre/Meltdown), would I incur slow downs of a significant type?  Is it OK to skip the month's update? 

According to MS itself, you can disable the fixes by adding a couple keys in the registry after installing the Spectre/Meltdown patches: https://support.microsoft.com/en-us/help/4073119

Just simply add this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

"FeatureSettingsOverride"=dword:00000003
"FeatureSettingsOverrideMask"=dword:00000003

I've been using this reg tweak for quite some time, and haven't noticed any performance drop, though I haven't done any kind of extensive testing like @NoelC.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...