I don't think they're targeting me either. And thanks for reporting the permissons issue. I'll give you credit in the next update. And when I said they're trying to make damn sure you update, that would include them extending the period between updates, but still making sure you do it on their timeframe. It's all speculation at this point so I'll just concern myself with fixing permissions.
This would be one of those "oh by the way, I just noticed" things. I tend to watch things going on in Windows 10 (1909) and have noticed the following a couple of times, and it seems opposite to how things are set up to work. Normally, when I start up my laptop in the morning, Sledgehammer does it's thing and after a while I end up with the latest Defender definition being installed. Every so often, I end up with two sets of Defender definitions installed, about ten minutes apart, even though it should be hours before Sledgehammer's scheduled next check. Any ideas?
I am a new follower to this whole discussion, so I cannot add anything except: pf100, THANK YOU.(And to your frequent collaborators.) I'm not a tech wiz, but I've learned a lot and have a lot more to learn. My Win7 computers have done everything I need from a computer without problems, but I had to get a new Win10 machine recently for another project. So for the past weeks of my confinement (pandemic related, I'm not in jail) I have been setting up the new computer alongside my wife's Win10 that I never paid any attention to. I think I've found a great security/firewall service, and setup-wise I just want to assure that I keep the basics and get rid of the rest of Win10's junk, including updates. So I've got the latest Sledgehammer running. I can report only one issue at this time: the WDU task reports 0x1 on both computers, which I think is failure - but maybe that's what it is supposed to be! Can you let me know if you get the time to write? In any case, so far MS has not penetrated the walls with any new updates - other than their planned and staged takeover. No new file downloads as far as I can tell - I check Sys32 every day. I also have a few services disabled and blocked apart from whatever Sledgehammer does. There are new services that popping up and some changes I have found in the registry, but again nothing that looks or feels like a new update. So apart from the one question about the WDU task reporting 0x1, I'll stay up to date with this site. And even if I'm not a "geek" I'd be happy to be an Average Joe tester if that could help you in any way. In any case, don't forget the primary message in this post: THANK YOU!
And again this afternoon . . . The only thing I can think of is that last night I uninstalled O&O Shut Up 10. I reverted all settings back to "factory default" before uninstalling as I was going to try out SmartApp (by the same folks that make cleanmgr+) as it seemed to be more detailed/controlled/specific in what it did.
The WDU task checks to see if Windows Defender (windefend) is running and if not it cancels the update and reports error level 1 (0x1). I assume you either have a third party antivirus or Defender is otherwise disabled. I'm glad the script is working well for you. Windows Defender can update without the Windows Update Service, but the script starts the service whether it's disabled or not just long enough to update it and stops it immediately after, which is the fastest and least bandwidth intensive way to do it. Looking at your info earlier, it's possible that defender updates after a reboot or logoff/logon and then again 5-10 minutes later if an update is available 5-10 minutes after the first check. That either shouldn't happen or happen only rarely. If it happens a lot, something is making defender do an update check besides what the script is doing, which checks every 6 hours.
Yes, I am using a third-party security package. Defender indicates that it is running in Services but seems to just be incorporated into the third-party setup. I might also note that, from my limited experience, a good third-party security package is worth the price and the extensive effort it takes to get the settings where you want them. Just find a company that is NOT closely attached to Microsoft and does NOT come pre-installed on a new computer. Thanks again pf100. I'll sleep better knowing that the "0x1" doesn't seem to be a problem. And I'll assume that that particular task does not need to be disabled unless you tell me otherwise. (I have not checked yet to see if it even can be disabled.)
Not sure what it was (and may never know, this is Windows10 of course!) but I had Macrium Reflect images that allowed me to go back to the 17th of the month and that seemed to do the trick. The only change between when I posted the issue and now is the fact that I had uninstalled O&O Shut Up. Left it installed and everything is back to normal. Strange!
I thought I'd post the progress of the next v2.7.1 sledgehammer update Things finished: 1) run a task at boot and logon that checks update hijacker file permissions and if not locked as expected then lock them 2) fixed ms-defcon code for Windows 10 20H1+ Things not finished: 1) I'm having problems creating the LockFiles task creation from the script. This was the part of the update I thought would be easiest. Nope. Testing new script now. Looks good.
The problem i was having with task creation was that the new LockFiles task wouldn't show up in task scheduler even though it was there until I rebooted and it then became visible. I solved it by deleting any existing same named task before creating it. Makes no sense to me but it works and is the way the script has handled the other tasks up until now and I forgot because it makes no sense, so whatever. Someone asked me in a private message how to handle driver updates with the script. I explained by just telling them how I handle a new windows install with the script, so I'll post my answer here because I'm not sure of what percentage of people who use the script are aware of this. "This is how I do drivers after a clean install. I do a clean install while not connected to the internet. Then I run sledgehammer to the first screen to stop forced updates, that way no updates can start until I allow it, then I connect to the internet. Then I check for updates with sledgehammer and while it's checking I install dot net 3.5. Then when sledgehammer is done checking for updates it'll show you all the available drivers and updates too. You can then hide the drivers that you don't want and allow the ones you do want. If you want all of them just install them all." I should add that any drivers I for sure never want installed whether the script is installed or not, I block with GPO. I've ran some hardware that requires specific drivers so they have to be added to GPO. With gpedit.msc, Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions. Double-click on "Prevent installation of devices that match any of these device IDs". Add Hardware ID's of device driver installation(s) to block from device manager's, Details > Hardware Ids (pasting ID's to notepad to post in GPO works very well).
If you're not connected to internet you can bypass the internet check and continue at the start of the script on the warning screen. Other than that I've seen nothing like what you describe.
At first, 2.7.1 worked. The Defcon fetching seems to work, but is slow and the value is only shown a few seconds before scrolling off screen. Currently, I cannot get it to work, anymore, it only shows the following: Edit: I don't understand. The Windows Update Service does not exist anymore, it has been completely uninstalled, not only disabled? How could that happen?
I'll take a look. Thanks for the report. The script doesn't uninstall any services. Never has. Not sure why that would happen.
This might have happened to me once too.. Try to start powershell.exe. If if crashes, your PowerShell installation might be (temporarily) broken. That causes all sorts of issues, like Event Viewer not working correcly. It may be related to updating .NET (did you patch .NET recently?). If the computer has not yet done the ngen.exe complilation (which happens every time after .NET is updated), PowerShell might not work (PowerShell depends on .NET). Try running maintenance from Security and Maintenance, or sfc /scannow. Edit: You could also try to start the '.NET Framework NGEN' tasks in Microsoft/Windows/.NET Framework, in Task Scheduler.
Looks like v2.7.1 / LockFiles is working. But one suggestion: is running the task 'at log on of any user' a bit overkill? At system startup should be enough. And actually the same goes for Wub_task. Edit: But I don't quite understand what you are trying to do with this: Code: icacls %systemroot%\System32\SIHClient.exe >nul 2>&1 if %errorlevel% neq 0 goto okay :okay :: Update hijacker file permissions are locked. No action needed. Re-running LockFiles.cmd re-locks the files like it should, it does not skip to 'okay'. Why do you have this check in the first place? And checking just one hijacker file like this may not be enough, if you thought about making the script faster with re-runs?
Trial and error showed that that works more reliably than just running the task at startup. I had reports that the wub_task didn't run successfully sometimes on startup on some systems and running it at logon too fixed it. Why lock the files if they're already locked? Every windows 10 installation has sihclient.exe, why check every file? Icacls checks the file's permissions. If it can read them (error level 0), the file is not locked, so lock them all. If icacls can't read permissions (not errorlevel 0), the files are locked and no action is needed so skip to the end of the file where nothing will be done.
@thewizardoz and @Carlos Detweiller, what windows versions are you getting the ms-defcon errors with? I'll try to fix this.