[Guide]Way to Disable Keylogger/ Telemetry v3.55

Discussion in 'Windows 10' started by LiteOS, Oct 9, 2014.

  1. berkxy

    berkxy MDL Novice

    Apr 5, 2017
    2
    0
    0
    working v1703 ? and tool ghacks.net/2015/08/14/comparison-of-windows-10-privacy-tools
     
  2. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,802
    773
    60
    In RS2 ms suppress the ability to remove packages that related to telemetry
    I found a way to remove it manually quiet fast
    gonna test
     
  3. wasd

    wasd MDL Junior Member

    Sep 13, 2011
    54
    12
    0
    How was the test?
     
  4. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,802
    773
    60
    its was ok few files are need so it wont be so simple
     
  5. wasd

    wasd MDL Junior Member

    Sep 13, 2011
    54
    12
    0
    Can you explain the steps?
     
  6. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,802
    773
    60
    #946 LiteOS, Apr 23, 2017
    Last edited: Apr 24, 2017
    (OP)
    Steps how to manually remove telemetry files

    Telemetry Package List
    WER
    UserDataAccess
    Microsoft-OneCore-AppRuntime-ds [not included in RS2]
    Microsoft-OneCore-AppRuntime-onecoreuap [need to test might break System]
    Cortana
    Search2 [not included in RS2]
    TroubleShooting
    UserAccounts [not included in RS2]
    Defender
    SenseClient
    WCN
    SettingSync [not included in RS2]

    use SxSExpand to extract the package to folder or cab file
    and make a list of files and remove it via ps or cmd

    it should reduce telemetry functions, few files are important for boot the OS
    like werkernel.sys driver

    When im finished i will publish cmds or files list

    change log:
    ver3.54
    removing userdatasvcs with reg.exe
     
  7. NsaFarm

    NsaFarm MDL Junior Member

    Mar 29, 2017
    68
    11
    0
    I remove most of those always, including the "asimov" packages. WER was never needed to boot the OS. Some side effects I've had before:

    *cumulative updates don't install (working on re-signing with offending packages removed)
    *Click on things and they go to nowhere
    *MS account support removal will break the start menu
    *One search2 package refuses to remove, always

    No GPFs or blue screens though and the OS has always booted. I really don't want to go through and have to do this by hand :(
     
  8. quakze

    quakze MDL Junior Member

    Dec 15, 2011
    68
    15
    0
    #948 quakze, Jul 5, 2017
    Last edited: Jul 5, 2017
    Code:
    ### Fully Automatic Removing Packages / Lite'en Windows 10 / 8.x, by Lite8@MDL / Aviv00@MSFN ###
    
    #Get packages list excluding en-us packages
    $s = dir .\temp\Windows\servicing\Packages\*.cat -Exclude *en-US*,*en-*Package*
    # Filter Packages
    $s = (dir $s -Include *senseclient*,*WindowsFeedback*,*Windows-Skype-ORTC*,*Windows-Prerelease*,*Windows-DiagTrack*,*Windows-ContactSupport*,*OneCore-Maps*,*OneDrive*,*TroubleShooting*,*Search2*,*Cortana*,*Xbox*,*Defender* -Exclude *AutoMerged-xbox*).BaseName
    #Count
    $s; $s.count
    # Hive reg
    reg.exe load HKLM\111 ".\temp\Windows\System32\config\software"
    #
    cd "HKLM:\111\Microsoft\windows\CurrentVersion\Component Based Servicing\Packages"
    # Remove Owners from reg
    $s | foreach { join-path $PSItem \owners | rd }
    #
    z:
    # save reg and unhive
    reg.exe unload HKLM\111
    # remove packages
    $s |  foreach { dism /ScratchDir:. /image:temp /Remove-Package /PackageName:$PSItem }
    #Removing packages - Mounted Wim

    Error: 87

    The /PackageName: option is missing a required argument.
    For more information, refer to the help for the /PackageName: option.

    The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
     
  9. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,802
    773
    60
    Its powershell script
    I guess u run it in cmd shell
     
  10. quakze

    quakze MDL Junior Member

    Dec 15, 2011
    68
    15
    0
    I ran powershell script as TrustedInstaller using the Process hacker and plugin
     
  11. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,802
    773
    60
    it might be cos
    /PackageName:$PSItem }
    parameter is not on same row as the rest of the command

    check the video might help

    can u check if the cmd is right in dism.log file
     
  12. quakze

    quakze MDL Junior Member

    Dec 15, 2011
    68
    15
    0
    #952 quakze, Jul 5, 2017
    Last edited: Jul 5, 2017
    I am using the above script, is that wrong !
    There is DISM log, I checked now. Will post it

    Code:
    2017-07-04 21:20:15, Info                  DISM   DISM.EXE: <----- Starting Dism.exe session ----->
    2017-07-04 21:20:15, Info                  DISM   DISM.EXE:
    2017-07-04 21:20:15, Info                  DISM   DISM.EXE: Host machine information: OS Version=10.0.16232, Running architecture=amd64, Number of processors=4
    2017-07-04 21:20:15, Error                 DISM   DISM.EXE: Failed validating command line: "C:\Windows\system32\Dism.exe" /ScratchDir:. /image:temp /Remove-Package /PackageName:
    2017-07-04 21:20:15, Info                  DISM   DISM.EXE: Image session has been closed. Reboot required=no.
    2017-07-04 21:20:15, Info                  DISM   DISM.EXE:
    2017-07-04 21:20:15, Info                  DISM   DISM.EXE: <----- Ending Dism.exe session ----->
    Why is using the "C:\Windows\system32\Dism.exe" error may be because of that ?

    Would U conform the folder structure
    DISM folder
    dism.exe and all dlls​
    temp folder
    install.wim
    FullyAutomaticRemovingPackages.ps1

    is that correct ?
     
  13. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,802
    773
    60
    i think $s var is empty
    run
    #Count
    $s; $s.count
    to see if there packages

    might be because running
    $s = dir .\Windows\servicing\Packages\*.cat -Exclude *en-US*,*en-*Package*
    in differnt folder

    do "cd temp" to enter the mounted point folder
     
  14. quakze

    quakze MDL Junior Member

    Dec 15, 2011
    68
    15
    0
    #954 quakze, Jul 5, 2017
    Last edited: Jul 5, 2017
    Now I am running from temp folder, and running cmd one by one !
    as for the $s; $s.count, I am having good number, but the next cmd fails
    PS C:\adk\temp> reg.exe load HKLM\111 ".\Windows\System32\config\software"
    Code:
    reg.exe : ERROR: The file cannot be accessed by the system.
    At line:1 char:1
    + reg.exe load HKLM\111 ".\Windows\System32\config\software"
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (ERROR: The file... by the system.:String) [], RemoteException
        + FullyQualifiedErrorId : NativeCommandError
     
  15. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,802
    773
    60
  16. quakze

    quakze MDL Junior Member

    Dec 15, 2011
    68
    15
    0
    where exactly the DISM folder goes, is the file structure right !
    PS C:\adk> dir
    Directory: C:\adk
    Mode LastWriteTime Length Name
    ---- ------------- ------ ----
    d----- 7/4/2017 8:01 PM Dism
    d----- 7/4/2017 8:53 PM temp
    -a---- 7/4/2017 8:53 PM 1348 FullyAutomaticRemovingPackages.ps1
    -a---- 7/4/2017 8:06 PM 4256258657 install.wim
     
  17. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,802
    773
    60
    if u have different dism version like
    windows 7 dism version, u will need dism folder with the right version
    in my case of the video in F:\Dism

    in ur case in c:\adk\dism
    and run the cmds from c:\adk
     
  18. quakze

    quakze MDL Junior Member

    Dec 15, 2011
    68
    15
    0
    I mount WIM using the dism folder dism.exe which I copied in adk folder, but when running the script from temp folder the dism used is system32 system dism ?

    is there a conflict between disms ?

    and when I run the cmd from adk folder:
    Code:
    PS C:\adk> $s = dir .\Windows\servicing\Packages\*.cat -Exclude *en-US*,*en-*Package*
    dir : Cannot find path 'C:\adk\Windows\servicing\Packages' because it does not exist.
    At line:1 char:6
    + $s = dir .\Windows\servicing\Packages\*.cat -Exclude *en-US*,*en-*Pac ...
    +      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (C:\adk\Windows\servicing\Packages:String) [Get-ChildItem], ItemNotFoundException
        + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand
     
  19. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,802
    773
    60
    maybe with very different dism versions would be a problem, im not sure
     
  20. quakze

    quakze MDL Junior Member

    Dec 15, 2011
    68
    15
    0
    there are same, I copied from system32 folder !

    I am saying about the dism process, one dism process for mounting and another for running the script !

    is it ok to use the system dism for mounting also and eliminating the dism folder step !