[German]Users repeatedly ask how updates can be blocked for installation under Windows 10 (Home and Pro). After all, Microsoft has removed this functionality from Windows 10. If there are problems, the updates install themselves again and again, until the problem is gotten, the update has been withdrawn by Microsoft or blocked by the user. With the Windows Update Manager by David Xanatos, however, there is a tool to specifically hide updates under Windows 10.
The problem: Hiding updates
img src="https://vg01.met.vgwort.de/na/9a9ace42395d427a94620ea1beee2dda" width="1" height="1" alt="">There are frequent cases in Windows where updates cause serious problems and have to be uninstalled. Or there is an installation error, so that the update fails. Then users are often faced with the problem that the update in question would have to be blocked. The options from Windows 7/8.1 to only download and install updates on demand have been removed from Windows 10 by Microsoft.
Updates just can be delayed
The option of these Windows versions to hide updates under Windows Update is also no longer available in Windows 10 with on-board tools. Only Windows 10 Enterprise offers the possibility to set these old options via group policies – but that does not help the majority of Windows 10 users. The same applies to the management of updates via WSUS, SCCM, Intune or similar management solutions that are used in corporate environments.
Advanced update options as of Windows 10 V1903
After the update hassle became too much, Microsoft has only provided its users with the option to delay update installations by a few days starting with Windows 10 V1903 (see screenshot above). And the option described in the articles Windows 10 May 2019 Update brings back Update control and Windows 10 V1903: The 'broken' defer update options, that optional updates have to be manually triggered by the user to download and install, doesn't always work either – there are enough reports on the blog that after an update delay, the optional updates were installed without asking (Windows 10: User control of Windows Update – some inconsistencies?).
Microsoft withdraws WuShowHide
There was the tool wushowhide.diagcab from the Microsoft developers to block updates from install und hide them (see How to block Windows 10 updates and Fix: Windows 10 hangs in update installation loop). However, this approach has a flaw.
The description for blocking drivers and the references to wushowhide.diagcab are still available from Microsoft under KB3073930. However, anyone who tries to download the wushowhide.diagcab file runs into an error 404. Microsoft has simply removed the download from its servers.
There are still 3rd party sites offering an download. But I would not trust such offers. I also remember reading a note that wushowhide.diagcab no longer works reliably with newer Windows 10 builds (but this was contradicted by patch lady Susan Bradley on askwoody.com).
Use Windows Update Manager (WuMgr).
From blog reader David Xanatos (that's a nick), however, there's Windows Update Manager (WuMgr), which provides features for the update management on Windows 10 – including Home versions. The tool now operates under a new name, Windows Update Manager (WuMgr), and is available for free download on GitHub. David explains the difference to Windows Update MiniTool like this: WuMgr was inspired by WU MiniTool, but relies on .NET instead of C/C++ and is open source. All you need to do is download the archive file and unzip it. Then WuMgr can be started directly from the exe file – no installation is required. The tool requests the necessary administrator rights via the user account control and logs in with the following interface (an English edition is also available).
Windows Update Manager (WuMgr), Click to zoom
Using the tool is quite simple: in the left column, various options are displayed in the lower area. The right column lists updates found (installed, pending). Update packages can be marked via checkboxes. Then the updates can be managed via the icons in the left column.
- The first button on the left enables an update search.
- The second button from Links enables the download of an update package.
- The third button from Links enables the installation of an update package.
- The fourth button of links allows uninstalling an update package
- The fifth button from the left (crossed out eye) allows to hide an update package.
The last button from the left opens the relevant support page for the update marked by the checkbox. The buttons at the top of the left column can be used to access Windows Update, installed updates, hidden updates and the update history. Hidden updates can thus be listed, selected and then unselected via the button with the eye. On askwoody.com there is a more detailed tutorial.
At this point, however, two remarks – I have been in exchange with David Xanatos for a long time. There was/is the Update Manager for Windows also as an App in the Microsoft Store. But here I have noticed that Microsoft has blocked app updates before. Was not a safe bank in the past.
Furthermore, the Win32 program file wumgr.exe suffers from the problem that a DLL hijacking is possible. In other words, if the .exe file is started, it searches for certain DLLs in the program folder by default. If a malware succeeds in copying DLL files with the same name (as the Windows DLL counterparts) to the folder of the Win32 program file wumgr.exe, these DLLs would be loaded. Since the tool requests administrative privileges, the malware DLLs also gain administrative privileges.
I have been in contact with David regarding this since 2019 with no resolution. According to David's feedback, the dependencies that lead to DLL hijacking are directly caused by Microsoft's .NET libraries and he has not found a way to change this loading order to force access to the Windows folders. Whether the option doesn't exist, I can't say.(Video) How to disable Windows 11’s driver update to avoid downgrading your GPU
That was the reason why I didn't introduce David's WuMgr further here in the blog until now. David had once suggested building an .exe installer to get around the problem. But that doesn't really solve the DLL hijacking problem, as there is still the vulnerability during the installation. David does not seem to be able to build an .msi installer.
Currently, there are two strategies for users to mitigate the DLL hijacking issue somewhat. Copy the unzipped files to a separate folder that does not contain any other files. Then, with a glance at this folder, it is possible to detect if DLLs copied by a malware suddenly appear there. Furthermore, the write permissions to this folder could be revoked for the default account used. Then the malware would no longer have the ability to copy files to the folder with the WuMgr. With that, I'll conclude the article – you have the knowledge about the WuMgr and also know about the potential risks.
Potential errors in the Windows update database – Part 1
Potential errors in the Windows update database – Part 2
Windows 10: User control of Windows Update – some inconsistencies?
Windows 10 V1903: The 'broken' defer update options
How to block Windows 10 updates
Potentielle Fehler in der Windows-Update-Datenbank – Teil 1
Potentielle Fehler in der Windows-Update-Datenbank – Teil 2
Windows 10 V2004: Defer Feature Update removed
Windows 10: Find out the reason for blocked feature updates
How to decode Windows errors?Windows 10: Analyze upgrade errorsWindows: How to decode update 0x8024…. errors
Cookies helps to fund this blog: Cookie settings
How do you block the Windows 10 May 2021 update version 21H1 from installing? ›
- Open Settings.
- Click on Network & Internet.
- Click on Wi-Fi.
- Select the Wi-Fi connection to access its settings. Windows 10 Wi-Fi settings.
- Turn on the “Set as metered connection” toggle switch to block and delay the Windows 10 version 21H1 upgrade.
Disable Windows 10 updates
Open Start. Search for gpedit.msc and click the top result to launch the Local Group Policy Editor. Navigate to the following path: Computer Configuration > Administrative Templates > Windows Components > Windows Update. Double-click the "Configure Automatic Updates" policy on the right side.
Start regedit.exe on the machine where you want to disable Windows Update. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. From the Edit menu, select New, DWORD value. Enter a name of NoWindowsUpdate, and press Enter.Can Windows 10 updates be blocked? ›
If you don't want to install some updates via Windows Updates on your Windows 10/11 computer, you can block them using a tool called Show or hide updates from Microsoft.Should I update Windows 21H1 to 21H2? ›
Once your version of Windows 21H1 reaches its "end of service" on December 12, 2022, it will no longer receive security updates. Yes, you will need to upgrade to Windows version 21H2 to continue to receive security updates and keep your system secure, improve performance and stability.How do I get rid of 21H2 update? ›
- Open Settings on Windows 10.
- Click on Update & Security.
- Click on Windows Update.
- Click the View update history option.
- Click the Uninstall updates option.
- Use the Windows key + R keyboard shortcut to open the Run command.
- Type gpedit. ...
- Browse the following path: ...
- On the right side, double-click the Do not include drivers with Windows Update policy.
- Select the Enabled option.
- Click Apply.
- Click OK.
You can disable Windows 10 updates by following these steps: Using the Win + R keyboard shortcut, type services. msc to access your PC's service settings. Next, scroll down and double-click on Windows Update to access the General settings.How do I block feature update 21H1? ›
Block Windows 10 21H1 update
Go to Update and Security > Windows Update. Click Advanced options. Find the Pause updates section and select a period from the drop-down menu. You can pause Windows updates for up to 35 days regardless of SKU.
Now to avoid new updates, Windows+R> type: services. msc> press enter> double click Windows update> startup type> leave Manual or Disabled, as you prefer. Now click on Stop.
How do I get rid of Windows Update 21H1? ›
Go to Settings>Update and Security>View Update History. Click Uninstall Updates. Select “Feature update to Windows 10 21H1 via enablement package” right-click it and choose to uninstall. Restart the PC to remove the update.How do I stop Windows 20H2 from installing? ›
- Open Registry Editor.
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate.
- Create TargetReleaseVersion registry DWORD.
- Set its Value data to the Windows 10 version you want. ...
- Close Registry Editor and reboot to make changes effective.