Blocking Windows Update

Saaglem

Saaglem

Active Member
After all what I have done, this morning on switch on I got the store access icon on my desktop.....meaning crap is still coming in. I have reached the end of my knowledge regarding blocking windows update and has reached out for a corruption trick. It's an old trick but it works. Even the Anti-Virus packages has hidden features to allow windows background updates. Soooo. I have corrupted the wuaueng.dll file with it's proxy stub file to not except updates. Added a schedule to replace the dll at intervals in case it gets replaced and blocked the crap out of windows and almost all of the ports, the firewall ports I now have only 80 and 8080. Nearly broke my foot off in windows ass. Now it is starting to purr like the V12 I know and remember. Will see what new curveball I'm gone get after I through this the box of spanners at it. After that.....I'm using the cutting torch to loosen it up.
 
Last edited:
what will happen if you run the same preset that you run with the install.wim against the boot.wim?
 
It is done.

Included in the firewall rar is 2 reg files. A security file and a firewall file. The security you can run on any machine, it simply just disable telemetry settings in the registry. Put it on a schedule since windows has the tendency to enable them automatically from time to time.

BEFORE YOU USE THE FIREWALL FILE. Look in the the registry for the strings and export yours (Look in my reg files for the strings). Once you imported this you cannot revert to the default firewall anymore. At least you will have a backup.

The firewall is machine specific. This firewall file is meant for Windows 10 x64 Enterprise LTSC 2019 (1809 build). Open it with a text editor and look at what is blocked. Export your registry firewall and block accordingly. DO NOT RUN THIS ON YOUR MACHINE, unless it is 2019 LTSC version. It blocks ALMOST everything.

The reason it is machine specific is simply because I do not use the same stuff you do, no printers, no vpn, no homegroup, and a lot of other stuff. Once you merged you registry again you have to restart otherwise you will find the surprise that it doesn't work and then you fidel in the wrong place and screw everything up that will result into a format if you do not have a backup.

I've been testing this for almost week now and I monitor it with NetBalancer, Netlimiter - Thanx Kasual. You can use any other tool, you do not have to buy one. Download a free one and just monitor what is active and block it in the registry file accordingly. The monitor tools give an average of 10 days usage before expiry of payment.

NOTE: It is NOT a 100% block, I have found it to be about 98-99% accurate since svchost open with new ports with different PiD when needed. So even if you block it-it will regenerate and open a different port and PiD....blocking the ports is not a good idea, you will get stuck since there is about 65000 ports if I am not mistaken, more or less, don't scratch were it doesn't itch.

That's it....done. Cheers

UPDATED. Look at last post
 
Last edited:
Saaglem What are you allowing out with the firewall rules, just the browser?

The hardest part of sharing your own work built for your own needs is when people ask will this work on x y or z and when it doesnt work or breaks something you are expected know why.
 
That's were the backup registry string comes in. If it breaks just import the backup and restart.....done. Will post everything I allow out.....and obviously the rest gets blocked.
 
All i need is broswer and idm downloader out, the rest can g-ts. I had a look at your files, the policies looked ibteresting, will see if they are in 8.1.
 
These are running, you can block ALL inbound. You can remove the Homegroups as well, if you remove more in outbound it gives a TCP-IP time out and disconnect the nic. If you continuously ping a site then it stays enabled.

Outbound Allow
Core Networking - DNS (UDP-Out) - Needed (IPv4 and IPv6)
Core Networking - IPHTTPS (TCP-Out) - Needed for browsing
Core Networking - Ipv6 (IPv6-Out) - Needed if you use IPv6
Homegroup Out - Not needed
Homegroup Out (PNRP) - Not needed
mDNS (UDP-Out) - Needed for IPv4


Inbound Allow
Homegroup Out - Not needed
Homegroup Out (PNRP) - Not needed

NOTE: I have not tested the file and print sharing yet. Will add to the next post once it is tested.
 
Future placeholder for post

DO NOT IMPORT the firewall reg file with NTLite. It royally screw the firewall up. I used NTLite registry tool and gave a full net block, restored only the firewall settings, restarted, net back. Merged it again and then it worked fine. As if it the settings didn't all take. Merge it once you are on the desktop. Here's a new Group Policy file...made a small boo-boo by adding my wallpaper root. Fixed....Sorry about that

UPDATED. Look at last post
 
Last edited:
videobruce Removing files is 1 thing but showing users how to modify any ms file might result in nuhi getting a takedown warning annd we dont want that to happen. There are other places to discuss fille modding.
 
videobruce. If you can read the dll's then you can change the DNS in the dll and then remove the Microsoft update servers.....then no update. But I have recended my post and removed the files
 
Just for interesting sake......I also use Group Policy to block stuff.....which I also think helps. The group policy I have transfers from windows 10 Pro to Enterprise and now to LTSC.......and it works in all of them. Also important, LTSC does have the ability to prevent updates better than Pro. This is my last edit of the Group Police in this matter. This one is full blown.

UPDATED THE GPE. LOOK AT LAST POST
 
Last edited:
Clanger said:
videobruce Removing files is 1 thing but showing users how to modify any ms file might result in nuhi getting a takedown warning annd we dont want that to happen. There are other places to discuss fille modding.
Click to expand...
But, isn't removing files (modifing the program) pretty much the same thing? Don't get me wrong, I'm the last one to take sides with M$ (or any corporation for that matter).

Saaglem said:
videobruce. If you can read the dll's then you can change the DNS in the dll and then remove the Microsoft update servers.....then no update. But I have recended my post and removed the files
Click to expand...
Other than knowing what "dll" letters stands for (linking files), I had no idea they have anything to do with or could contain web addresses.
 
When I stared to look into the possibility of tring to use W10, I found up to a certain point (build) blocking updates was fairly easy. Past that, not so. IIRC the build number was/is v1511 from two years ago (2/16). It was the 3rd version, or 3rd update from the 1st release (or something like that).
Comment on this?

In the past 20 years, I never put priority on their updates, so the ability not to get them is little concern.
 
DLL - Direct Link Libraries

Windows update consumes on average about 7GB of data downstream, upstream is another matter......If you have 2x 2TB drives in your machine then you Upstream will succumb to 4TB initially and then everything you add like EVERYTHING you type in the keyboard, text files, email's, browsing , ALL OF it, video feed, audio feed include music you listen to, ambient audio in the room, camera feed.......all added you will feed Upstream close to 20GB a month....you do not see it since your monitor doesn't display all of it. Read a little bit about it on the net, it is full of it. And I am not paranoid. My argument is simple. I paid for my machine, my windows, my software and I DO NOT GIVE PERMISSION TO ANYBODY to view, listen peak at it. If asked I will present it but if not asked then it constitute as theft, plagiarism, etc. I understand that the windows remain the property of Microsoft but I paid for the copy I have......it is mine, registered to my name meaning it is mine.


Oh....and you do not need all the updates....some yes but a lot of them you don't need
 
Last edited:
videobruce said:
But, isn't removing files (modifing the program) pretty much the same thing?
Click to expand...

No because you arent hacking files and i wouldnt even take a chance that could drop nuhi right in the sh*t cos i would be shooting myself in the foot and end up p---ing off every user here.

Time to finish this conversation i think and get back on topic.
 
Last edited:
You must log in or register to reply here.
Back
Top