Sledgehammer - Windows 10 Update Control

Discussion in 'MDL Projects and Applications' started by pf100, Nov 28, 2016.

  1. pf100

    pf100 Duct Tape Coder

    Oct 22, 2010
    2,069
    3,447
    90
    #941 pf100, Jan 4, 2019
    Last edited: Jan 4, 2019
    (OP)
    You're reading my mind. I didn't take my own advice ignoring... I think you know what I mean.

    I'm about to run 2.5.6 with and without disabling upfc.exe and then go from there. As we speak I've just installed the latest bleeding edge Windows 10 18309.1000 in a vm and I'll try to break it. If I can't break that I'll run 1803 in a vm and install KB4471324. Just leave 2.5.6 installed and don't update for now. Revert to script 2.5.5. I should have this all checked out by tomorrow and I'll be able to tell everybody what the hell happened.
     
  2. pf100

    pf100 Duct Tape Coder

    Oct 22, 2010
    2,069
    3,447
    90
  3. Whistler4

    Whistler4 MDL Member

    Jul 30, 2015
    204
    192
    10
    FYI, my problem was 1803 x64* after update to KB4483234, 2018-12 CU for Win 10 1803 x64 having a boot loop on two machines, finally noticing the CRITICAL_SERVICE_FAILED error just before the last reboot. That's when I restored the Windows & system reserved partitions from a backup.

    * Edit: 17134.345, to be specific.
     
  4. pf100

    pf100 Duct Tape Coder

    Oct 22, 2010
    2,069
    3,447
    90
    So now I have reports of BSOD's with 1803 KB4471324, KB4462919, and KB4483234 using the script. Did this only happen to you when you used 2.5.6?
     
  5. Whistler4

    Whistler4 MDL Member

    Jul 30, 2015
    204
    192
    10
    Correct.
     
  6. pf100

    pf100 Duct Tape Coder

    Oct 22, 2010
    2,069
    3,447
    90
    #947 pf100, Jan 4, 2019
    Last edited: Jan 4, 2019
    (OP)
    Yep. 2.5.6 disabling upfc.exe is the problem.
     
  7. freevista

    freevista MDL Member

    Jan 14, 2009
    101
    42
    10
    Sorry for being late. I've disabled Connected User Experiences and Telemetry (DiagTrack) and Windows Search (WSearch) myself, but I don't think it is these.. I have a few guesses:

    - I'm using Pro and I boot using hypervisorlaunchtype off (for using VMware and other virtualization software besides Hyper-V). I was stupid and didn't try to boot with hypervisorlaunchtype auto (the default), even if I had that sitting on the boot menu.

    - I've also disabled Defender using group policy option "Turn off Windows Defender Antivirus". No other 'tampering' with Defender. Although the 'early launch' kernel protections of Defender could still be active during boot..

    - I'm also NOT using secure boot (for booting Linux), but I'm booting in UEFI mode.

    - I'm using a customized installation: I've removed Content Delivery Manager (the s*it that brings ads and other 'pushed' content to Windows) from the wim using MSMG Toolkit (this way sfc /scannow doesn't bring it back). But I don't think this 'hack' is critical enough.. although who knows?

    Maybe one of these things PLUS your script makes Windows decide that my machine is compromised and refused to boot? I could try your script again, but first I have to make a WinPe USB stick. (Fixing Windows problems on an unclean BSOD'ed NTFS volume was a bit.. painful from Linux :))
     
  8. pf100

    pf100 Duct Tape Coder

    Oct 22, 2010
    2,069
    3,447
    90
    The problem is script 2.5.6 disabling upfc.exe. Revert to version 2.5.5. I posted the link a couple of posts above this one. Thanks for the info.
     
  9. freevista

    freevista MDL Member

    Jan 14, 2009
    101
    42
    10
    Everything was working and no update was pending/mid-install. I reverted the permission changes for these files in system32 (as found in Uninstaller_undo-all-script-changes.cmd). Not all of these files exist in 1803:

    EOSNotify.exe WaaSMedic.exe WaasMedicSvc.dll WaaSMedicPS.dll WaaSAssessment.dll UsoClient.exe SIHClient.exe MusNotificationUx.exe MusNotification.exe osrss.dll upfc.exe

    Using Linux I moved the files to /root and then back to system32 directory on Windows NTFS volume again. This causes the files to have Everyone:Full Control ACL and Windows booted again (I was quite happy :)). I ran Uninstaller_undo-all-script-changes.cmd and sfc /scannow -> sfc still complained about the files, so I deleted them and ran sfc /scannow again -> all ok.
     
  10. freevista

    freevista MDL Member

    Jan 14, 2009
    101
    42
    10
    Ah, thanks. But I'm making the WinPe stick first :)
     
  11. pf100

    pf100 Duct Tape Coder

    Oct 22, 2010
    2,069
    3,447
    90
    #952 pf100, Jan 4, 2019
    Last edited: Jan 4, 2019
    (OP)
    Thanks for that info. I'm assuming that after deleting the files SFC restored the originals, right? I'm putting together a repair guide now and this will be in it. A lot of people have no idea how to use Linux (I do) so I'll add this to my guide along with how to fix it with a Windows 10 PE boot flash//CD/DVD. Now I have to dig up a Windows 10 PE that's not third party so I can post it here on MDL. Do you know of one before I go looking? I don't want people to have to install the Windows Assessment and Deployment Kit (ADK) just to make a WinPE flash drive.

    I don't blame you. And thanks for the help.

    That is every update hijacker system32 file I've found in every version of windows 10 going back a couple of years, that way the script covers every version. If the file doesn't exist, the script skips to the next one in the list. And I think now we can remove upfc.exe from that list.
     
  12. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,104
    24,378
    340
    Just use the PE build in to every Windows ISO as base for the guide (Shift + F10), quite easy to get and the majority should have it already.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. pf100

    pf100 Duct Tape Coder

    Oct 22, 2010
    2,069
    3,447
    90
    Excellent. Thank you.
     
  14. freevista

    freevista MDL Member

    Jan 14, 2009
    101
    42
    10
    Yes, and only after deleting. For some reason, it wasn't happy about the files after running Uninstaller_undo-all-script-changes.cmd. Maybe because I messed with the files in Linux. Linux is definitely not recommended for these fixes, as it refuses to write mount an unclean NTFS partition (for a good reason). I had to run ntfsfix -d (--clear-dirty) before it mounted, and I of course ran chkdsk /f C: in Windows after that (the filesystem was indeed corrupt, chkdsk restored few unimportant files, memory.dmp and some etl log file).
     
  15. Whistler4

    Whistler4 MDL Member

    Jul 30, 2015
    204
    192
    10
    I recommend finding a good price on SanDisk Extreme USB 3.0 flashdrive (128 GB was a price sweet spot when I did it) -- much cheaper than the MS certified WTG flashdrives. Then install 1607 into it with WinToUSB, then of course put a safe for 1607 Wrapper Script on it to keep it from trying to upgrade. You can put whatever tools you want on it. Fast Win 10 boot and access to your permanent drives.
     
  16. freevista

    freevista MDL Member

    Jan 14, 2009
    101
    42
    10
    I installed 2.5.5 and it works on my system.
     
  17. Ace2

    Ace2 MDL Expert

    Oct 10, 2014
    1,374
    1,159
    60
    Why are people trying to control windows 10 updates :confused::confused::confused:
     
  18. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream

    Dec 21, 2012
    6,316
    7,023
    210
    Because the systems are OURS, not Microsoft's.
     
  19. Ace2

    Ace2 MDL Expert

    Oct 10, 2014
    1,374
    1,159
    60
    Yes, But what is wrong with updates :confused: