Thursday, 25 October 2018

How to get rid of "Updates are available" message in Windows 10?


Today I got the following message:


enter image description here


Computer was frozen and the only button available was "Get Updates".


I don't need this feature, I need to work, not serve my machine the time she wants.


Currently I did cold reboot and had time to open task manager and process explorer on different screens before the message appears again. Due to the bug in the application, I was able to kill MusNotification.exe process.


Unfortunately, I am unable to restrict system access to musnotification.exe and musnotificationux.exe files, or add them to antivirus blacklist.


How to ban this feature?



Answer




Unfortunately, I am unable to restrict system access to musnotification.exe and musnotificationux.exe files



From my observations, "restrict system access to musnotification.exe and musnotificationux.exe files" is an effective method of blocking that message, if you have administrator privilege.


Paste these lines to elevated cmd to deny Everyone from executing the two files:


cd /d "%Windir%\System32"
takeown /F MusNotification.exe
icacls MusNotification.exe /deny Everyone:(X)
takeown /F MusNotificationUx.exe
icacls MusNotificationUx.exe /deny Everyone:(X)
rem



I have managed to create a Hyper-V virtual machine that can test this "feature".



  1. Clean install Windows 10 Enterprise LTSB

  2. In gpedit.msc change Windows Update to Notify download

  3. Check for updates, but reboot when it begins to download.

  4. Run usoclient StartScan and wait for the CPU usage to drop to normal. Save a virtual machine checkpoint.


Now, changing the system date to one month later (!) will 100% immediately trigger the "Updates are available" message.


However, if I restore the checkpoint and paste the commands above, changing the date will do nothing special.




Edit:


To undo the changes, run the following commands:


cd /d "%Windir%\System32"
icacls MusNotification.exe /remove:d Everyone
icacls MusNotification.exe /grant Everyone:F
icacls MusNotification.exe /setowner "NT SERVICE\TrustedInstaller"
icacls MusNotification.exe /remove:g Everyone
icacls MusNotificationUx.exe /remove:d Everyone
icacls MusNotificationUx.exe /grant Everyone:F
icacls MusNotificationUx.exe /setowner "NT SERVICE\TrustedInstaller"
icacls MusNotificationUx.exe /remove:g Everyone
rem

This removes the execution restriction first, and temporarily grants Everyone full access to the relevant two files, so that you are able to change the owner of the files back to Windows (TrustedInstaller). After the ownership change, the temporary full access is removed. This is tested on Windows Server 2016 TP4 and does bring back the awful dialog, if I change the system date to 1 month later.


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...