My 2 cents: Windows 10 Scheduled Tasks library - i was searching inside Windows 10 more deeply and found some more interesting tasks, those are excluding already disabled spynet and telemetry tasks done by other antispy tools. PS C:\WINDOWS\system32> Get-ScheduledTask | where {$_.State -eq "Ready"} I guess those are pretty safe: Code: TaskPath TaskName State -------- -------- ----- \ Adobe Flash Player PPAPI Notifier Ready \ Adobe Flash Player Updater Ready \ AdobeAAMUpdater-1.0- Ready \ DropboxUpdateTaskMachineCore Ready \ DropboxUpdateTaskMachineUA Ready \Microsoft\Windows\.NET Framework\ .NET Framework NGEN v4.0.30319 Ready \Microsoft\Windows\.NET Framework\ .NET Framework NGEN v4.0.30319 64 Ready \Microsoft\Windows\Active Directory Rights ... AD RMS Rights Policy Template ... Ready \Microsoft\Windows\ApplicationData\ CleanupTemporaryState Ready \Microsoft\Windows\ApplicationData\ DsSvcCleanup Ready \Microsoft\Windows\Bluetooth\ UninstallDeviceTask Ready \Microsoft\Windows\CertificateServicesClient\ AikCertEnrollTask Ready \Microsoft\Windows\CertificateServicesClient\ KeyPreGenTask Ready \Microsoft\Windows\CertificateServicesClient\ SystemTask Ready \Microsoft\Windows\CertificateServicesClient\ UserTask Ready \Microsoft\Windows\CertificateServicesClient\ UserTask-Roam Ready \Microsoft\Windows\Chkdsk\ ProactiveScan Ready \Microsoft\Windows\DiskCleanup\ SilentCleanup Ready \Microsoft\Windows\DiskDiagnostic\ Microsoft-Windows-DiskDiagnost... Ready \Microsoft\Windows\Device Setup\ Metadata Refresh Ready \Microsoft\Windows\Defrag\ ScheduledDefrag Ready \Microsoft\Windows\Data Integrity Scan\ Data Integrity Scan for Crash ... Ready \Microsoft\Windows\FileHistory\ File History (maintenance mode) Ready \Microsoft\Windows\GroupPolicy\ {3E0A038B-D834-4930-9981-E89C9... Ready \Microsoft\Windows\GroupPolicy\ {A7719E0F-10DB-4640-AD8C-490CC... Ready \Microsoft\Windows\LanguageComponentsInstal... Installation Ready \Microsoft\Windows\Maintenance\ WinSAT Ready \Microsoft\Windows\MemoryDiagnostic\ ProcessMemoryDiagnosticEvents Ready \Microsoft\Windows\MemoryDiagnostic\ RunFullMemoryDiagnostic Ready \Microsoft\Windows\MUI\ LPRemove Ready \Microsoft\Windows\Plug and Play\ Device Install Group Policy Ready \Microsoft\Windows\Plug and Play\ Device Install Reboot Required Ready \Microsoft\Windows\Plug and Play\ Plug and Play Cleanup Ready \Microsoft\Windows\Plug and Play\ Sysprep Generalize Drivers Ready \Microsoft\Windows\Ras\ MobilityManager Ready \Microsoft\Windows\Registry\ RegIdleBackup Ready \Microsoft\Windows\Servicing\ StartComponentCleanup Ready \Microsoft\Windows\Shell\ IndexerAutomaticMaintenance Ready \Microsoft\Windows\SoftwareProtectionPlatform\ SvcRestartTask Ready \Microsoft\Windows\SpacePort\ SpaceAgentTask Ready \Microsoft\Windows\Sysmain\ ResPriStaticDbSync Ready \Microsoft\Windows\Sysmain\ WsSwapAssessmentTask Ready \Microsoft\Windows\SystemRestore\ SR Ready \Microsoft\Windows\Task Manager\ Interactive Ready \Microsoft\Windows\Time Synchronization\ ForceSynchronizeTime Ready \Microsoft\Windows\Time Synchronization\ SynchronizeTime Ready \Microsoft\Windows\Time Zone\ SynchronizeTimeZone Ready \Microsoft\Windows\TPM\ Tpm-HASCertRetr Ready \Microsoft\Windows\TPM\ Tpm-Maintenance Ready \Microsoft\Windows\UpdateOrchestrator\ Policy Install Ready \Microsoft\Windows\UpdateOrchestrator\ Reboot Ready \Microsoft\Windows\UpdateOrchestrator\ Schedule Scan Ready \Microsoft\Windows\UpdateOrchestrator\ USO_UxBroker_Display Ready \Microsoft\Windows\UpdateOrchestrator\ USO_UxBroker_ReadyToReboot Ready \Microsoft\Windows\UPnP\ UPnPHostConfig Ready \Microsoft\Windows\Windows Filtering Platform\ BfeOnServiceStartTypeChange Ready \Microsoft\Windows\WindowsUpdate\ AUScheduledInstall Ready \Microsoft\Windows\WindowsUpdate\ Automatic App Update Ready \Microsoft\Windows\WindowsUpdate\ Scheduled Start Ready \Microsoft\Windows\WindowsUpdate\ Scheduled Start With Network Ready \Microsoft\Windows\WindowsUpdate\ sih Ready \Microsoft\Windows\WindowsUpdate\ sihboot Ready \Microsoft\Windows\WOF\ WIM-Hash-Management Ready \Microsoft\Windows\WOF\ WIM-Hash-Validation Ready \Microsoft\Windows\Work Folders\ Work Folders Logon Synchroniza... Ready \Microsoft\Windows\Work Folders\ Work Folders Maintenance Work Ready And those are pretty dangerous or potentially spying and i've disabled them all: Code: \Microsoft\Office\ Office 15 Subscription Heartbeat Ready \Microsoft\Windows\AppID\ EDP Policy Manager Ready \Microsoft\Windows\AppID\ SmartScreenSpecific Ready \Microsoft\Windows\CloudExperienceHost\ CreateObjectTask Ready \Microsoft\Windows\Diagnosis\ Scheduled Ready \Microsoft\Windows\DiskFootprint\ Diagnostics Ready \Microsoft\Windows\Feedback\Siuf\ DmClient Ready \Microsoft\Windows\Location\ Notifications Ready \Microsoft\Windows\Location\ WindowsActionDialog Ready \Microsoft\Windows\Maps\ MapsToastTask Ready \Microsoft\Windows\Maps\ MapsUpdateTask Ready \Microsoft\Windows\Mobile Broadband Accounts\ MNO Metadata Parser Ready \Microsoft\Windows\NetCfg\ BindingWorkItemQueueHandler Ready \Microsoft\Windows\NetTrace\ GatherNetworkInfo Ready \Microsoft\Windows\PI\ Secure-Boot-Update Ready \Microsoft\Windows\PI\ Sqm-Tasks Ready \Microsoft\Windows\RemoteAssistance\ RemoteAssistanceTask Ready \Microsoft\Windows\RemovalTools\ MRT_HB Ready \Microsoft\Windows\SettingSync\ NetworkStateChangeTask Ready \Microsoft\Windows\Shell\ CreateObjectTask Ready \Microsoft\Windows\SkyDrive\ Idle Sync Maintenance Task Ready \Microsoft\Windows\SkyDrive\ Routine Maintenance Task Ready \Microsoft\Windows\WCM\ WiFiTask Ready \Microsoft\Windows\WDI\ ResolutionHost Ready \Microsoft\Windows\Windows Error Reporting\ QueueReporting Ready \Microsoft\Windows\Windows Media Sharing\ UpdateLibrary Ready \Microsoft\Windows\WS\ Badge Update Ready \Microsoft\Windows\WS\ Sync Licenses Ready \Microsoft\Windows\WS\ WSRefreshBannedAppsListTask Ready \Microsoft\Windows\WS\ WSTask Ready but one task was kinda different - i failed to disable, delete, change it or take control of it. \Microsoft\Windows\SettingSync\ BackgroundUploadTask Ready it runs %SystemRoot%\system32\SettingSyncCore.dll on regular basis, hell do i know what it really does. any ideas?
Found this somewhere else on MDL. It seems to work on my machine. You'll need to take ownership of the key. Code: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18E3AD12-4E0A-4293-AE32-2B1F14BF8C9C}] "Triggers"=hex:17,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,4a,85,00,42,48,48,\ 48,48,5c,9a,5f,7b,48,48,48,48,0c,00,00,00,48,48,48,48,55,00,73,00,65,00,72,\ 00,73,00,00,00,48,48,48,48,00,00,00,00,48,48,48,48,00,48,48,48,48,48,48,48,\ 00,48,48,48,48,48,48,48,05,00,00,00,48,48,48,48,0c,00,00,00,48,48,48,48,01,\ 01,00,00,00,00,00,05,04,00,00,00,48,48,48,48,00,00,00,00,48,48,48,48,58,00,\ 00,00,48,48,48,48,00,00,00,00,30,2a,00,00,80,f4,03,00,ff,ff,ff,ff,07,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00
Spoiler My result: Code: ECHO is off. '$key' is not recognized as an internal or external command, operable program or batch file. You cannot call a method on a null-valued expression. At C:\Windows\system32\fjaf3892ajofw3298a8.ps1:1 char:1 + $acl = $key.GetAccessControl() + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull You cannot call a method on a null-valued expression. At C:\Windows\system32\fjaf3892ajofw3298a8.ps1:3 char:1 + $acl.SetAccessRule($rule) + ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull You cannot call a method on a null-valued expression. At C:\Windows\system32\fjaf3892ajofw3298a8.ps1:4 char:1 + $key.SetAccessControl($acl) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull ERROR: Toegang geweigerd. ERROR: Toegang geweigerd.
wow wow there tiger! why so complicated? just use setacl helgeklein.com/setacl/ for example as such setacl.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" -ot reg -actn setowner -ownr "n:Administrators" -rec yes setacl.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" -ot reg -actn ace -ace "n:Administrators;p:full" -rec yes and then change the triggers section or disable the task btw keep in mind - i've seen several GUIDs of this task
I have some good news. The update side is done. Using an existing Powershell module we can systematically block updates. Along with seeing a list of what updates are blocked in the end to verify it all.
Thanks all... I have seen that DOCTOR WATSON on earlier versions of windows was also a SPY... These newer additions are only upgrades to existing spies...
I think some people sit around fantasizing about telemetry, and create unreal scenarios about what MS does. Then they try to block these imaginary scenarios. LOL. These same people then complain that their OS doesn't work, or that MS somehow broke it, when it is they themselves who are the culprits.
People saying its help boosting the performance or bring back the stability and snappiness that OS had without telemetry Anyways, i suspect it because Microsoft made it one-side and very "forcefully" grabbing very personal info like Credit card to gain better service in the future Sorry, don't buy it better to do and not be sorry later but i respect your opinion cos its based on facts And one more thing there always a chance someone hack to this database and use it for bad maybe it will be hackers maybe it will be inside job after understanding how much power/money this "data/knowledge" is worth, if u think its unreal scenarios check ebay and facebook and more companies that got hacked
Might be a noob question but why doesn't anti-virus software pick up backdoor programs that Microsoft left on the system.