I haven’t tried this, but if you stop the service, can you rename the EXE file to stop it starting again? (Although I would not be surprised if Windows then repairs this…)
I agree. I don’t think Microsoft was actually wrong to strongarm this, it’s just inevitable and very unfortunate that some folks on the end of the bell curve are going to feel that it’s more pain than gain.
For every person who is responsible enough to diligently apply updates within their own quite reasonable schedule, there are ten idiots who just don’t see the point of security, or don’t think there is a risk (or believe it’s their risk to take, even though it really isn’t, because a compromised machine is a risk to others). There isn’t any way Microsoft could have given some useful control to the one responsible individual that wouldn’t be also abused by the ten idiots.
Bear in mind that you’re manually trying to do something that is exactly what a piece of malware might very well try to do. Expect the OS to fight you on this.
Fixing update workarounds is done via svchost.exe. You really do NOT want to change the name of this.
As noted, MS has gone to great lengths in Windows 10 to defeat simple methods to stall updates for a more suitable time later. And once a technique gets well known, they push thru a fix to stop that. (Without specifying which patch is the one that does this. So if you are selecting patches yourself, it’s a total crapshoot.)
I lost work (and therefore money) when my new laptop did an unstoppable reboot after a silent update download on me last year. I had “taken care” of this problem, I thought. I got more aggressive about probing Windows 10 and have stopped it, for now. But I think I’ll try something like the above.
I don’t want to post what I did since I don’t want MS to get any ideas.
The update service seems to depend on WUAUSERV.DLL, not an EXE file. Right now, the Win 10 system seems content to not re-enable the service after I used some trickery like ftg reports, but if it tries again, I will delete or rename the DLL file and see what happens. Virus writers know how to re-enable such services, but I doubt that MS writers are that smart.
You give MS programmers entirely too much credit. It took them 20 years before they even tackled security with sincerity. Shit, they don’t even fight malware much now.
No, I’m stating a fact. SFC has been part of Windows since at least XP - detecting changes to system files is old news in terms of malware protection.
Another thing you might do is set up a Pi Hole on your network and black list all the Microsoft update servers.
Bonus. You won’t be burning your data cap on ads either.
Microsoft update servers.
http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.microsoft.com
http://*.download.windowsupdate.com
http://test.stats.update.microsoft.com
http://ntservicepack.microsoft.com
ETA: Breaking links
I’m wondering if you can’t just edit your HOSTS file on the local machine to point those DNS names to 0.0.0.0. I guess that might be another thing that Windows Defender will detect and undo.
Yes, the Update service gets re-enabled automatically for me, within a few hours I think. Not at reboot, it just happens.
Does the thing still work where you change the login credentials that the update service uses, thereby making it unable to start or have insufficient permissions to actually do updates? AFAIK that did work quite recently. (I got a new company laptop so am not inclined to mess around with Windows Update any more, and only have Win 7 otherwise.)
I imagine it’s going to authenticate those credentials when you set them up, so you’d have to downgrade the permissions afterward (or maybe disable the account). I haven’t tried it, but again, I wouldn’t be very surprised if some other process reverts the change.
In the interest of science I went ahead and tried it. I used a non-admin account and deliberately entered an incorrect password* . It accepted the credentials, and now the service fails to start. I’ll see if this change “sticks”, at least for a day or so, I won’t leave it like this permanently.
- not sure the incorrect password is necessary, since when trying to start the service it complains that the account is different to that used for other related services.
I’m really surprised that worked at all. Other deferred-execution things (e.g. Task Scheduler) don’t allow you to set up something with invalid credentials.
Thanks everyone for all the ideas.
I’m sorry I didn’t post much info, I was just angry and desperate for ideas. Here’s the situation.
I live in a rural area and I have two options. Dial-up, which believe it or not I had until three years ago. Then I got a cheap cell phone with a cheap plan that allows tethering. To you 5 GB of high speed data is nothing, to a dial-up user it’s bliss.
After I use 5 GB they slow the data way, way down. Some webpages are almost impossible to load, even with images turned off.
If Microsoft would let me schedule an update I could do it at my brother’s house. He lives an hour away and has blazing fast unlimited internet service.
I will try out these suggestions. Thanks again for all the answers, I was afraid I was just going to get a couple of replies saying, “It can’t be done.”
Can you get your Windows 10 to the state where “Activate Windows / Go to Settings to activate Windows” is continually visible in the lower right corner of the screen?
I don’t remember exactly what I did, but that’s how my Windows 10 is now. Updates appear to be Off! Twice a week or so I still get “Your PC is at Risk Blah-blah-blah” but I just click “Remind Me Later.”
There is a scheduling option available in Windows. Set it for the time you will next be at your brother’s house, then when you turn the computer on there & then, it will update.