locked
Windows Server 2016. Not able to disable WSUS updates fully. RRS feed

  • Question

  • I have a Windows Server 2016 (latest KB). I am tying to disable Windows Updates since it is in a Dark side and updates will be done manually.

    I have tried to disable Windows Updates using Registry Keys and GPOs (all as per Microsoft documentation). 

    I can still see Windows Update errors in the application log.

    Fault bucket , type 0
    Event Name: WindowsUpdateFailure3
    Response: Not available
    Cab Id: 0

    Problem signature:
    P1: 10.0.14393.0
    P2: 8024002e
    P3: 00000000-0000-0000-0000-000000000000
    P4: Scan
    P5: 0
    P6: 0
    P7: 8024500b
    P8: TrustedInstaller FOD
    P9: {7971F918-A847-4430-9279-4A52D1EFE18D}
    P10: 0

    Attached files:

    These files may be available here:
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.14393.0_e1a94b64746f8477c9e884dfb3727d686928da6_00000000_0c5eb189

    Analysis symbol: 
    Rechecking for solution: 0
    Report Id: a55534d1-a25f-11e9-8435-00155d71bc7c
    Report Status: 2
    Hashed bucket: 

    I have also Fully disabled Windows defender since I can see the errors coming from TrustedInstaller FOD & Windows Defender Mainly. They all seem to be scans.

    How can I stop this "Scans" or attempts from happening? 

     

    Wednesday, July 10, 2019 12:12 PM

All replies

  • Hi,
      

    I have tried to disable Windows Updates using Registry Keys and GPOs (all as per Microsoft documentation). 

    Please try the following methods to disable the Windows Update service:
      

    1. Run "services.msc", then find WindowsUpdate and bring up its properties menu.
        
    2. Under the General tab, change Startup type to "Manual".
        

        
    3. Under the Recovery tab, change First Failure to "Take No Action".
        

        

    I have also Fully disabled Windows defender since I can see the errors coming from TrustedInstaller FOD & Windows Defender Mainly. They all seem to be scans.

    How can I stop this "Scans" or attempts from happening? 

    Windows Defender AntiVirus can be disabled by adding a group policy. Please target a group policy in the following locations:
      

    • [Computer Configuration - Policies - Administrative Templates - Windows Components - Windows Defender Anti-Virus] Adjust the "Windows Defender Antivirus" setting to Enabled. 
        

    Forced to update Group Policy, the server's Windows Defender Antivirus will be disabled.
      

      

    Reply back with the results would be happy to help.
      

    Regards,
    Yic


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 11, 2019 3:30 AM
  • @YIC

    Thank you for your replay.

    The service was already configured is that way. 

    I have also disabled Windows Defender ans some of the Update Signature features.

    The messages are still pupping up.

    I thank you in advance for your assistance.

    At the moment I can not post the screenshot until my account has been verified (points).

    

    Thursday, July 11, 2019 3:44 PM