Compat telemetry logs - the ultimate guide
Is it safe to disable Microsoft compatibility telemetry?
The default-enabled Windows 10 telemetry feature set periodically sends usage and performance data to select Microsoft IP addresses. Microsoft says telemetry helps improve user experience and fix potential issues. Is it OK to disable Windows 10 telemetry? Yes.
- Welcome back, guys.
Thank you for taking the time today to join in on this rather controversial topic. The question, is Microsoft spying on you? In short, yes. But not as much as you might think.
It's not Microsoft. Some angry organizations track everything you do online and sell it to the highest bidder. So there are a few things that you as an individual can do to mitigate these privacy and security concerns with your computer, so join me as today we are going to explore this topic on how to keep your computer safe and all of the privacy concerns that arise You may have.
Hi this is Steve helping you understand your computer. Well before we start I need to initiate this I know there are many tools and utilities out there. Free VBScripts, free PowerShell scripts, free whatever it is to help keep your computer safe.
But as an old school technician, I've been doing this for charity for 30 years. I don't advocate scripting that change things on your computer. Because at some point you will have a problem, you will either lock it down and it won't do what you do as a normal user.
Or here is the worst part, some of these scripts when Windows is updated to the latest version you are running an old script. It was designed for the old version of Windows and will not work properly on the new version. Or worse, it can actually damage the new version of Windows.
As a user, I tend to stay away from any script that modifies my system. Come on, let's find out how to back up our computer - Oh dear what for a tangled web we weave, Microsoft. When it comes to security, you need to educate yourself as Microsoft is doing things behind the scenes that most of us don't even know about.
The first thing I want to show you is that I want to create a new account on this computer create a new account we click on start, go to settings and under accounts click on family and users, add someone to this pc. And that's the point I want to make here is that you don't sign into your computer with Microsoft email. If you've already done this, change it to a local account.
Because there's a lot more information is sent to Microsoft than you realize when you sign in with a Microsoft account, so I'm going to say here that I don't have that person's credentials. Next screen, add a user without Microsoft Add an account and just for this article I'll create a new account called Privacy. Set up a password, and with the new version of Windows 10, you have to provide three security questions and answers to recover your password should you forget it is not a bad thing as many customers say they forget their passwords over time and I had to hack into it to reset it.
So when you've chosen your security questions, click on your answers, hit next. And as you can see, what we called Privacy is currently set up as a local account, it's related to what it will open up can, limited. In some cases it is called the Standard Account.
Just click on it, change the account type and change it to an administrator. Let's go, now we're done. I'll just sign out of this account, sign back in with a new account, and keep seeing some of the settings to avoid when it comes to security and Microsoft Windows, you have your computer so turned back on and signing back in for the first time, here is a screen you normally get, now keep in mind that the screen can be one of two things.
Either all the options are on one screen here, or Microsoft also presents it with each of these options on its own screen, but in general I disable and recommend deselecting every option on this screen. You don't have to target you with advertisements and track your keystrokes or anything like that. There's no reason for it, so turn everything off.
Click Accept, and you're back in your account. (Screams) - The whole world is going to die, Microsoft is spying on you. They collect so much data that you don't know what to do with it.
They will sell it to the highest bidder and you will be hacked, computers will be stolen, your information will be compromised. Let's get real people. - What nonsense.
There are so many articles on the internet that exaggerate the problem with Windows 10 and its privacy and security settings. Yes, Microsoft collects telemetry data. It is diagnostic information that is sent back to your server.
They say they are used to improve the user experience. And to a certain extent, I agree with that. But they collect too much.
I agree with all of the scare tactics out there that yes, they collect too much. But it's not as bad as you think because all of these settings can be turned off. The first setting you want to do is actually a service.
Enter services.MSC, which will show all the services on your computer, um. You're just looking for one here called Connected User Experience.
Just a few more down there. There it is, Connected User Experiences and Telemetry. Now just turn that service off.
If you're really worried about anything, turn it off and it is no longer running in the background. Keep in mind that the next Windows 10 update will likely enable this service again. So you need to do this on a regular basis.
Just come back, check it out, and now you can look into a few other places. Windows Pro and Windows 10 Pro and above have a wonderful thing called Group Policy. Unfortunately this is not included in the Windows 10 Home Edition you can go to Administrative Templates.
Where is it, windows components. Data collection and preview created. And on the right, if we just expand our screen, telemetry is allowed.
You can disable or enable this. Just read the options through here to know exactly what it is when you enable it you can go from zero to three to the telemetry settings. Now null usually just happens, very few people would use null because they need the Enterprise Edition of Windows 10.
Most of this is set to Basic or Enhanced or Full by default if you've allowed it to collect full information. I don't always recommend it. Mine, I usually set it to Basic because I allow them to collect some data and that's not a problem, so you can set it there.
If you have Windows 10 Home, you can just type regeditor reg REGEDT 32. Enter the registry and then simply scroll through the registry under HKEY_LOCAL_MACHINE, Software, Policies. Under Policies we have Microsoft, Windows and under Data Collection.
Is the same as what we just had in Group Policy. So if you're using Windows 10 Home, change the value here. One thing is just security.
Oh sorry, zero is just security. One is simple, two are expanded, and three are full. This is basically going to do exactly what you would with the Group Policy Editor.
Next thing you should also keep in mind, hit start again and type Task Scheduler. When you see it, open your Task Scheduler. Here I have a bit of a problem with microsoft.
Yes, they collect telemetry data. Even more than the privacy concern that I'm having the problem with is that I've seen computers where the diagnostic data is consuming more than 50 to 80% of the CPU, which is unacceptable to me. The telemetry data cannot interfere with your work on the computer.
And if the CPU goes up like this because Microsoft is collecting data, then I have a problem. So, just expand Task Scheduler, look for the application experience of this task that seems to be running. Okay, once you're in Task Scheduler Library, expand Microsoft, expand Windows, and here we have the Customer Experience Improvement Program.
This consolidator is one of the things that telemetry can collect through the opti. go to see exactly what it does, but what you might want to do instead is just turn it off. Highlight the task up here, hit disable and you've just disabled that particular data collector.
The other one that we have to disable while we're in the Task Scheduler, when you go up here, is the Application Experience, this one, the Microsoft Compatibility Appraiser. This is the one who collects the most telemetry data. Just click on that type and uncheck it, then you can close your task scheduler.
I have a problem with these because they take way too much CPU time. And if you have an older computer, you notice the difference and try to blame the operating system, but in the meantime it is because Microsoft is collecting data. So I think in some ways the operating system is to blame.
Okay, the kind of thing you want to go through. Go to your settings and go to data protection under Settings. These are the fields I would honestly recommend going through each and every one of them and unchecking what you find is questionable.
Well, for me personally, I disable all of these. I don't need Windows to track my app launches. Why? Why do you care which program I'm using? I don't want to see suggested content.
I want to use what I want to use. You don't have to tell me what I'm going to use. In each of these pages, Settings on the left, click on each one and go over them.
Online speech recognition, I disable. Ink and typing, definitely turn these off. When it is on, it tracks everything you type, and it uses this to make your life easier, improve handwriting and speech recognition when you use voice commands on the computer.
But I'm still suspicious so I'm turning it off. Activity, no, no, no. I totally disagree with that.
You don't have to see what I'm doing on my computer. And you definitely don't need to send this information to Microsoft, so don't save this, come on, disable it here and clear your activity history. Other things you want to look at is your location.
Usually when you have a laptop a lot of people turn on the location because they want to be able to see the weather and no matter where they are and various things . But I personally turn them off. Your camera, if you use your camera like zoom meetings and the like, come over here and see which apps are causing this is mainly relevant for Windows 10 apps.
If it's not a Windows 10 app, it doesn't need to be turned on. So if you are using your camera app yourself, be sure to switch it to some other apps that you know and are not using your camera. Your desktop apps that you want to keep when using Zoom or other programs.
The same goes for your microphone, it's exactly the same. The apps you use I don't think I'll use your microphone, Cortana, I don't use it. The feedback, I don't know why you want to know, and Microsoft Photos, why would it access my mic? I don't use my computer for games so I turn that off too.
So most of these settings can be safely turned off. Voice activation, well if you use voice activation certificates just turn it on. But no, I don't use it so I turn it off.
Notifications, that's up to you again. If you allow access, you can choose which apps. But want you really all get bothered? timeby notifications? I know I don't, so I usually turn it off.
Account information, no why should programs access your account information. There is no reason to do so. Like your contacts.
Why would you want a program I'm using Microsoft Outlook, so I'm not using the Mail and Calendar apps. So why should they need to access my contacts? Same thing on the calendar page here, I'm not using their built-in calendar. Phone calls, same don't use it, turn it off, allow apps to access your call history? No why? Turn them all off.
As if I'm serious, go over each of these and read what it says in them because a lot of this stuff really you don't need it turned on. The best this will do to you is that if you disable this stuff, it will speed up your computer subsignificantly. Background apps, please I couldn't understand why some of the computers I was dealing with were running so slowly.
So I started looking at these background apps. And by default everything is on and that means they run in the background, they update you, they collect, they do all sorts of things. Now I use alarm clocks so I leave the alarm clock on.
We don't need the rest to run in the background. Why? I want an app to only run when I'm actually using it. I don't want her to use my resources.
So everything in here that has no purpose running all the time, Ob ...
Yeah, because I like to use MSN Weather, so I left that running in the background. So the rest, turn it off. It speeds up your computer.
App diagnostics, really? Why do you need it? Turn that off too. Document library as well, there's no need to have it on. The same goes for pictures, why do pictures need to access them, or why did apps need to access your picture library? I don't think they'll turn them off, there are times when you might want to enable some of these settings, just come here, go back to Privacy.
Take a look at the setting you want to enable, and be sure to enable the one you actually use regularly and under the Processes tab you will usually see the Task Manager in this view. Just click on more details and you have all of your CPU checked out. You can click the CPU column once to sort it by highest usage to lowest.
And you can see what your CPU is using. And here I have found on many computers that the telemetry data is fixed, which required many processing cycles to affect the performance of the computer. So by all means come here, take the time, turn off things that you are worried about.
But whatever you do, don't listen to the fear makers out there. Microsoft isn't spying on you in the way you might think. You are collecting data that I think you shouldn't be collecting, but it's a good operating system, it's great to use a bit of your time, set it up right, and you won't have any problems. - Thanks again guys for stopping by.
I hope that you have found this topic of interest and then you now have the tools and expertise to secure your computer and allay those concerns. And as I said a couple of times, people have to answer this too far. It's not as bad as they make it out to be.
So rest assured, follow a few standard principles. Your computer will be safe and you will feel much better using it. So, if you've found this topic of use to you, please take a moment to give me a good thumbs up.
Here, click the Subscribe button at the bottom of the screen. That would be very grateful. And please leave me a comment, I'm always interested to hear what my viewers would like to hear next or what they think of this topic.
Whether I overlooked something, overlooked something or whether you have valuable insights that you can share with the rest of us. Thank you again and a fantastic ...
Can I delete CompatTelRunner?
Please, note, that CompatTelRunner.exe is digitally signed and is not recommended to remove. It may cause unexpected issues with system stability. Anyhow, a user is not allowed to modify or delete this file by default (Access is denied).
Hello friends, welcome again to my youtube channel.
I am ajay. Click the red Subscribe button below the article to subscribe to me. Friends Most of the time we have the feeling that our computer is not as fast as it was before.
Today I am going to discuss some basic tips and tricks to make your system faster than it was before. Step-1 Delete Windows Temp files Go to the Search tab and enter RUNType -> temp into the RUN- A new window will open. Select all of these temporary files and delete them.
Step 2 - Delete users' temporary files Now go to RUN again and enter% temp% and hit the OK button. A new window is going to be opened. Delete all of these files in this User Temp folder.
Step 3- Delete All Prefetch Files Go to RUN and type in Prefetch and click the OK button. A new window is going to be opened. Select all of these files and delete them.
Step 4- run the disk cleanup tool. Go to start and look for disk cleanup. Click on it.
A Disk Cleanup window will open. It will take some time to open ...
So please wait. If you have not yet subscribed to my channel ...
Now click the red Subscribe button below this article and also click the bell icon to receive all updates on my upcoming articles. If you only have one drive on your computer, it will directly open C: drive for cleaning. Select all of the options and click the OK button, if you have two or more drives on your computer.
You need to select the C: drive to clean up. The same window will open. Select all the files to clean up Step 5 - Reduce the boot time Go to RUN and type msconfig Go to Boot tab.
Change the timeout in seconds to 10 seconds for the applications that don't need to be running at startup and have them disabled. Thanks for watching this article. If you like this article, press the thumbs up and share this article with your friends.
Don't forget to subscribe to my channel to get updates on my latest articles.
Should I disable CompatTelRunner?
If a system process like CompatTelRunner.exe is using a significant amount of your system resources and slowing things down, then it makes sense to switch it off. This will disable its data collection activities, freeing up your PC resources for other software.
Hello everyone, welcome to the Pentester Academy's Network Pentesting series, in this article we are now going to take a look at how to create the HijackDLL as part of the DLL forwarding basics.
So let's get started right away. Now before we start building our DLL - sorry - let's take a look at the export table of a system DLL and try to understand a little more about it. So I go to the C drive of Windows 64.
I'm on a 64-bit system, and right now, I intend to just look at the 32-bit DLL's, which are all in this directory. And I'm going to use the P viewer - P view, I'm sorry. Now I can clearly see the export address table in here.
And now, as we may have talked about a few articles ago, DLLs are basically exporting various procedures or functions that other code in the program can call and use. Now DLLs export functions either by name or by ordinals See that many of these functions - like enable keyboard layout, add clipboard, format listener, etc. - are exported by name that some of them have no name which means they export by ordinals become.
What is ordinal number? Well, very simply put, it is a unique number within the DLL that is assigned to a particular procedure. I will actually find that this value is different on each export and that this is essentially the ordinal number. And the first two functions were clearly exported from ordinal numbers 05DC and 05DD.
Correct? Fantastic. Well, how does the function forwarding work? DLL may not implement the function it exports. Rather, this function can reside in another DLL that it can reference.
So basically let's say I have a function ABC. I can say, hey, ABC is actually in an empty dll it up from there. Well, this is a very, very common practice, and even system DLLs will continue to work.
So let's go back. And if I look at user 32 and keep scrolling down, you'll actually find these four entries interesting. If you notice this is a forwarded name, right? So def DLG-Proc A is really forwarded to NTDLL, dot, NTDLLdialogue WND proc_A.
Well, NTDLL is another proc_A DLL, right? So the format is basically the new DLL, period, name of the procedure. Now, as you can clearly see, the name of the procedure in the new DLL can be completely different from what was put into the original DLL, right - there is no requirement that the names match. How does the loader work in this case? Well, it would go ahead.
First load user 32. And if the program continues and uses def DLG proc W, then? Would go and load NTDLL. And it would now know that this is the address to be called when this function is referenced.
So how are we going to orchestrate this DLLman-in-the-middle attack? Correct? How do we add our proxy DLL? So that's what we're going to do. Step one, we're going to take the Realuser32.DLLand and export the whole process by name or ordinal number.
Well after that we will go ahead and create a proxy dll. And that DLL would basically have an export table where pretty much all the names of the procedures would be the same as the real DLL, forwarding entries that would eventually call the correct code from the real DLL. Remember that the application does not call our proxy DLL automatically.
And the only way to do that is to rename it to the real DLL Proxy User 32.DLL. Then I'm going to create a new DLL called USER32.DLL that contains functions that pass to the real user 32 who is now being renamed to do something else.
Correct? So in summary, all export functions by name and / or ordinals from the real DLL, create a DEF file that will be used by the linker to create a new DLL that is really nothing more than a function redirection to the real DLL, which has now been renamed to something else. The loader loads our new DLL, which basically wasn't hanging, but the proxy in between. And once it has gone through the entries, it will load the real DLL that we have now renamed.
So first let's create a DEF file with all the function redirection entries. Well, if you remember, in the last article we had created DLLexportdump.by where we saved all the export information of a particular DLL by name and / or ordinal number.
Now let's create a DEF file. And this DEF file will be understood by our linker LD that this essentially contains the function forwarders. So what is the format? Well, library followed by the library name.
Then we have the export section where we will put the redirects. So let me show it, let's analyze the output first. The DLL to be used is USER32.DLL.
And of course, because we're creating a proxy with the same name, the output file would eventually - for the DLL binary - be the same. At the moment we can always use a different name as far as the definition files are concerned.Bu don't remember that the new DLL name has to be mentioned in the function forwarding.
So let's call this USER32_real.dll. Let's display less so we can see the output in question is USER32_real.
Here is the export section. And when you try to access the keyboard layout, go to USER32_real and record the same function. And we have the ordinal number for too Receive further input At the very end you will of course have a few exports that are only available in ordinal numbers.
It was a bit of a chore figuring out the linker options. I tested it by name. I think the ordinal part works too, but you can try it for yourself just to check it out.
Well, let's actually put this in.Template.def.
And now when I open my template.def, here is a nice def file that our linker can now use to build the proxy dll. Of course, in order to create the proxy dll we need to have written some dll template code and everything will split this article into two parts.
And I think that's all I had in mind for this article. In the next article we will see how to create our proxy dll with a dll template code. Well that's all for this article folks.
And if you enjoy your time at Pentester Academy then please recommend us to your friends and colleagues at Infosec Community.Thank you.
Is Microsoft compatibility Telemetry a virus?
The file Compatibility Telemetry is a Windows system file, rarely causes issues. The file CompatTelRunner.exe is located in C:\Windows\System32 folder. It allows Microsoft to ensure compatibility if you want to update to the Windows latest version.11 mei 2017
Today we're going to take a look at the new Update Compliance Service in Windows Analytics.
This gives you a uniform overview of the update and anti-malware status of your Windows 10 devices, regardless of your management solution. I'll show you how to use it to keep your devices safe and up-to-date, track overall protection and threat status, monitor your updated deployments, and fix issues as they arise. With Windows 10 we have solutions as part of the Windows Analytics service is designed to give you the power of Windows telemetry to provide your costs of deploying, maintaining and supporting Windows 10.
As an example, the Upgrade Readiness service helps you plan Windows 10 upgrades by having helps identify and fix app and driver compatibility blockers. For more information on a previous Microsoft Mechanics demo bench, see the link below. With the update compliance we are focused on today, we want to keep devices safe and reliable by keeping them up to date.
Let's start with a look at the d ashboard; you can see a summary sheet on the left with key metrics and alerts to act on. We also display key information about quality updates and feature updates that will give you your overall compliance and deployment status Finally, we'll show you your protection and threat status for devices that are enabled with Windows Defender Antivirus. To use update compliance, you need to configure devices with at least Windows telemetry level to Basic.
Here is an example how you can do this in group policy, but you can choose the management option you prefer. Now let's go back to our dashboard, starting with the operating system warnings. Here you can see devices that are running the update and have been installed for more than a week.
We can also see devices that are missing multiple security updates, although I am not do you don't have it here, but here you see devices with an operating system running after support has ended. You can also do additional drill down to see devices that fall into each of these categories, click the dashboard to view the update failure alerts. Here you can expect provision errors for quality as well as function updates.
I click on line 1703, the latest feature update also known as Windows 10 Creators Update, we can add a quick filter here to investigate the deployment errors for this particular deployment. As you can see here, devices have failed for various reasons. Some of them failed because Windows Update is unreachable, some devices have incompatible apps, devices with hard drive errors, and some devices have insufficient hard drive space.
With this data you can take the necessary measures in your administration tool. Back to the dashboardlets, take a quick look at the Quality and Feature Updates sections - this is where you can expect devices to be kept safe and up to date, and we also provide improved visibility into security updates delivery to keep track of whether The update is installed on the devices, if the update is being processed or postponed, if the updates have failed or if there are devices with the status unknown. If you go to the Feature Updates section, we will provide you with similar visibility of the updated deployments for all Windows 10 versions as well as 10 All Maintenance Channels such as Current Branch, Current Branch for Business, and Long-Term Servicing Branch that you may have deployed.
Finally, let's see how to determine anti-malware compliance for devices enabled with Windows Defender Antivirus. To get insight into Windows Defender Anti-Virus, you need to enable cloud-based protection on your devices, here is an example of how you can do this with Group Policy, it can be found under Administrative Templates, Computer Configuration, Windows Defender Anti-Virus, Cards. When you return to the dashboard in the protection status view, you can monitor whether the devices are adequately protected.
For example, whether the signatures are up to date and whether real-time protection is activated. You can also do additional drill down to view devices with insufficient protection and take the necessary action in your management tool. Another view on the dashboard is the threat status view.
Here you can view the active viruses found and cleaned as well as the viruses that were found were not successfully fixed. You can do additional drill down to view the devices and troubleshooting status. This is where you can see the different threat errors as to why the troubleshooting failed.
Things like network problems, operation aborted, disk full, file too big. And again, you can use that data to take the necessary action in your management tools. That was a tour of some of the insights available to you with Update Compliance.
Getting started with Update Compliance is easy, if you already have Update as you can see in this workspace, you can go to the OMS Solutions Gallery, find the Update Compliance Solution and click 'Add'. Otherwise, you can go to the Windows Analytics website as I opened it here. You can register as a new customer or as an existing OMS customer.
When you sign up as a new customer, you must first create an OMS workspace. Give it a name. And select the region you want the workspace to be created in.
Since Windows Analytics solutions are either free or attached to a Windows license, your Azure subscription will not be billed for their use. As we can see here, you can now add the full Windows Analytics suite or 'update compliance 'as an individual solution. An important tip.
Once you have integrated the full Windows Analytics suite or added the update compliance solution, you will need to copy the commercial ID from your OMS Workspace. You can find the commercial ID in your workspace - Settings. Connected Sources.
Windows Telemetry. All you need to do is copy the Commercial ID from your workspace and then deploy it to your devices. Here is an example of how to deploy the Commercial ID with Group Policy.
You will see under Computer Configuration, Administrative Templates, Windows Components, Data Collection, and Preview Builds, and look for the 'Config urieren the commercial ID'.Sie can copy that you haben.Und get from your work area then click OK .The so it was an overview of the update compliance as part of the Windows-analyzing the commercial ID.
Expect seamless integration with Microsoft Intune soon. Deployment Optimization Insights. Update Compliance will be generally available later this year.
You can find out more and take part in this preview today at the links below. Thanks for watching. Microsoft Mechanics www .microsoft.com / mechanics
Where do I find the telemetry log file?
Find the log file’s name in the “Places” pane on the left. It should appear in a “Temporary Places” folder. Right click on an individual path and select “Properties” to open the Edit Path window. The area below the path can be removed (added) on the “Altitude” tab by un-checking (checking) “Extend path to ground”
How does saving a workbook affect the telemetry log?
However, saving the workbook does not damage the Telemetry Log. The Telemetry Log displays some simple information about the recorded events. Each record displayed in the Telemetry Log contains a title and lists the severity of the event displayed.
How does Microsoft telemetry work in Windows 7?
Next, the telemetry client uses that settings file to connect to the Microsoft Data Management Service at v10.vortex-win.data.microsoft.com and upload any data that is waiting to be sent. The transmission takes place over encrypted HTTPS connections. (That's a security change Microsoft made in the Windows 7 timeframe.
What kind of data does the telemetry agent collect?
The agent collects the following data about recently loaded add-ins and apps for Office. This data is sorted by the worksheet where it appears in Office Telemetry Dashboard. The agent collects the following user data. This data appears in the Agents worksheet. The agent collects the following data about hardware and software.