Remove From My Forums

How to Disable Windows Update Medic Service

Question
1

Sign in to vote

Hi,

I'm really desperate right now.
With Windows 1803 Microsoft has integrated a new service "WaaSMedicSvc" which serves as a watchdog for the WindowsUpdate service.

I have deactivated the Windows Update service in my environments for a good reason, because they are schools that only get updates during the holidays. In addition, all computers are equipped with a guard card - which means that after a restart of the computer, it is reset to its original state. (Only the administrator has the possibility to deactivate the protection of the card).
That's why it doesn't make sense to update Windows in this environment with guard protection enabled.

In the past I had two GPOs running, which I activated/deactivated on the maintenance day. One with "enable Windows Updates via WSUS" and another with "disable Windows Updates".
The latter simply stopped the service and set it to "disabled".

Now this service "Windows Update Medic Service" is spitting in my soup because my GPO is not working anymore. But I can't deactivate the Medic Service so easily -> access denied.
In the net there are now some solutions with scripts of third party providers, but these are always related to the individual computer - I simply need a solution for companies!

Other solutions I have considered, but which are not practical:
Disable WSUS service -> WSUS does not sync anymore (Notebooks and PCs without guard card don't get updates either) -> nonsense
Block WSUS port in firewall -> Clients get updates via DeliveryOptimization and play updates to each other - nonsense

Now I'd like to know what solution Microsoft is proposing.

I hate it when microsoft with updates takes any control away from the administrator and thinks to be the better one.

Thursday, November 8, 2018 7:59 AM

Answers

3

Sign in to vote
Hi,

Thank you for posting in our forum.

We could use registry value to disable it and push this registry to other computers by group policy preference.

Please navigate to: Computer Configuration \ Preferences \ Windows Settings \ Registry.

Here is the registry path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc.

The value name is Start and please set the value to 4.

We could refer to this following screenshot.

And here is the screenshot about this services. We could see its name and Disable in startup type is the fourth one.

Hope above information could help.

Best Regards,

Kallen
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Marked as answer by ---Martin--- Friday, November 9, 2018 1:50 PM
Friday, November 9, 2018 5:51 AM

All replies

3

Sign in to vote
Hi,

Thank you for posting in our forum.

We could use registry value to disable it and push this registry to other computers by group policy preference.

Please navigate to: Computer Configuration \ Preferences \ Windows Settings \ Registry.

Here is the registry path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc.

The value name is Start and please set the value to 4.

We could refer to this following screenshot.

And here is the screenshot about this services. We could see its name and Disable in startup type is the fourth one.

Hope above information could help.

Best Regards,

Kallen
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Marked as answer by ---Martin--- Friday, November 9, 2018 1:50 PM
Friday, November 9, 2018 5:51 AM
0

Sign in to vote

hi Kallen,

the WaaSMedicSvc is already set to service start "Manual", I don't understand how this should help. Manual means that the service can still be started by the system if required.
The only solution I found so far is a script, which is recognized by many virus scanners as Gen:Trojan.WUDisable.aaW@aaaaa and will be deleted.

Best regards

Friday, November 9, 2018 7:20 AM
0

Sign in to vote
Hi,

I am sorry for my misrepresentation.

The screenshot shows manual, but we need to set it to disable.

And disable is the 4th choice in the list so we set the registry to 4. We also could see the registry name from the screenshot.

Hope above information could help.

Best Regards,

Kallen
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Marked as answer by ---Martin--- Friday, November 9, 2018 1:42 PM
- Unmarked as answer by ---Martin--- Friday, November 9, 2018 1:50 PM
Friday, November 9, 2018 7:43 AM
1

Sign in to vote

Hi Kallen,

Thank you so much for the information.
does it make a difference if I deactivate the service via registry (as specified above) or directly via service control?
I mean: Computer Configuration -> Settings -> Control Panel -> Services

The result should be the same, or iam wrong?

Is there any way that you can be made aware of such "great changes" without reading the long changelogs? Maybe a webinar?

Friday, November 9, 2018 1:42 PM
0

Sign in to vote

Hi,

According to my understanding, it should be likely same.

However, I did not find this service in Services preferences.

About using this preference, we may read this article for a reference.

http://www.grouppolicy.biz/2010/08/how-to-use-group-policy-to-control-services/

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Hope above information could help.

Best Regards,

Kallen
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Tuesday, November 13, 2018 6:03 AM
0

Sign in to vote

I have made the registry change many times. The Medic service will show disabled after that. But the next day the registry entry is changed back to 3 and the Medic service shows manual instead of disabled. Anyone know what keeps changing the registry entry?

Wednesday, March 13, 2019 2:28 PM
2

Sign in to vote

Take an image backup with CloneZilla prior to making this change please ...

Set the permissions on the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc key to "SYSTEM Deny".

I actually set it to "EVERYONE Deny" but I believe "SYSTEM Deny" would work because SYSTEM logs the error:

"The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID ..."

If you set to EVERYONE DENY you can't get back to it without using Component Services Admin Tool.

Once you do that, the service should no longer be in the list after restart.

I update my machines regularly. After I take an image backup, I turn Windows Update On and then turn it back off. I just want to mitigate the risk of the update with a Clonezilla image on my own schedule. Windows update has broken my machines twice and Windows built-in recovery did not work. Clonezilla recovery worked perfectly. Security Updates are important but Microsoft is imposing in its approach and I believe violate CM policies by installing patches without allowing the user to take an image backup. Windows 7 allowed you to control when the patches were installed. That was better. I have complained to Microsoft and received no response.

Wednesday, March 20, 2019 2:40 AM
0

Sign in to vote

The registry key "Start" for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc , only takes Hexadecimal numbers, so what is the number for "System Deny"???

Sunday, March 31, 2019 3:35 PM
0

Sign in to vote

Please backup your system with CloneZilla or another reliable imaging tool prior to performing this change.

To set permissions you right click on the key name in the left pane explorer bar, then select SYSTEM, then check the box for Full Control "Deny". "Everyone" will not be in the list, you would have to add that using the Add button - I did not test SYSTEM Deny but believe that would work and it would be easier to undo if you wanted the service back.

Friday, April 12, 2019 12:02 PM
1

Sign in to vote

Just delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc completely and reboot pc. It's safe.

Tuesday, May 28, 2019 8:11 AM
0

Sign in to vote

That's right, Master 256, I just did that and it's completly safe! Thank you!

Thursday, October 3, 2019 1:23 PM
0

Sign in to vote

Perfect so far Master256! Not only is the Update Medic disabled, it has vanished from Services altogether! WaaSMedic folder is still found in Task Scheduler and I can't delete any of the tasks in the folder so I can't delete the WaaSMedic folder itself.

"The user account does not have permission to delete this task."

Any suggestions?

Thursday, November 21, 2019 10:19 PM
0

Sign in to vote

That's right, Master 256, I just did that and it's completly safe! Thank you!

I wouldn't classify it as "completly safe" to edit permissions of a system process in the registry or delete systemfiles.

Maybe you haven't noticed any problems yet, but that doesn't mean that there won't be problems later.

At the latest with the Windows 10 upgrade you could get something like this back on your feet or your change will be overwritten during the next upgrade-process.

@TCSW: why do you recommend to modify the security-options in the registry?
The reg-key from 'Kallen Wang' is working fine - so whats the problem?

Friday, November 22, 2019 2:42 PM
0

Sign in to vote

Well, with Microsoft messing up our computers with updates and not wanting to take full responsibility for bricking the machines, we the consumer need to he knowledgeable in how to prevent the chaos that updates can have.

Fore example for me,my.lap top comes with a wireless driver that allows it to he a hot spot, thenupdate removed said feature with out my permission , With out my knowledge And with out my choice.

so I am making the choice to protect my computer and data .

and as for me, I do not care to upgrade I have all the features I need.

Video editing , Graphics card settings, I can get from the cards manufacturers .

I do not need windows asserting What it thinks is best for me.

There has always been controversy With Microsoft Forced Updates, but they wouldn't Listen the beta testers and they are not listening To the consumers , 2d Updates Have caused serious Damage to software .

I also know that Microsoft Will implement A way around to circumvent this method . .

They always will try.

Thursday, January 30, 2020 3:33 PM
0

Sign in to vote

This solutions appears not to work anymore.

When I run regedit as Administrator, I am denied access to take control of this key.

Does anyone know how to work around this?

Thanks

Monday, March 16, 2020 8:27 AM
0

Sign in to vote

This solution also does not appear to work anymore. Even when running regedit as Administrator, i am denied access to modify this key or take control of it.

Does anyone know how to work around this?

How is it even allowed that i can't control what's being read-from, or sent-to my work computer?

thanks

Monday, March 16, 2020 8:30 AM
0

Sign in to vote

This still works with the latest version:

Set the permission "Full Control" on the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc key to "SYSTEM Deny". Right Click on the WaaSMedicSvc on the left pane once you navigate to it and then select the user "SYSTEM" and then check the "Deny" Box for "Full Control" which automatically Checks the Deny Box for "Read".

You can easily undo the above at any time - that is why I do not delete the key as suggested above. Someone asked why I did not just change the value to 0004. The answer is because that does not work. Like someone else posted, the Service automatically re-enables itself and changes the registry setting back. The above method is permanent. It has never been changed back, is very easy to do and undo.

Also, Microsoft added "Pause" Updates for 35 days which allows you to take an image backup once per month. I still prefer the registry method, when I am ready to update, I simply re-enable the Windows Update Service which I have disabled. The Windows Medic Service does not start due to the permissions setting. I apply updates every 30 days so I could use the Pause feature but I was worried I might go over the 35 days at some point.

Applying patches with out a backup violates CM principles. I am not sure why Microsoft took this control away and strongly disagree with the approach, but I am happy to see the Pause at least. BUT PLEASE KNOW THAT I FULLY SUPPORT PATCHING AND UPDATEs. DO NOT DISABLE and never go back, use this to take backups prior to patching.

The other thing you can do is use your own Windows Update Server which is also not that difficult if you have a spare machine lying around. There are probably other solutions but I don't like deleting the key and the other suggestion in this thread does not work.

Sunday, March 22, 2020 3:09 AM
0

Sign in to vote

Hey NumNuts as soon as you hit disable on this thing it says ACCESS DENIED! DO you even try your own advice?

Friday, July 3, 2020 6:56 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

How to Disable Windows Update Medic Service

Question

Answers

All replies