Home » Tags

windows10

通过注册表禁用windows10自动更新

缘起 近期项目上设备会自动更新windows10为windows11,通过搜索,搜索到第三方工具windows-update-blocker ,因为改工具支持命令行参数,故也很方便于集成。批处理大致如下 @echo off pushd %~dp0 echo 开始禁用windows更新服务 %~dp0Wub_x64.exe /D /P timeout 3 背后的操作 作为技术人,还是需要知道软件做了什么背后的操作,通过TotalUninstaller监控,获取到软件写入的注册表如下,实现的手段就是镜像劫持windows更新的进程,并且更新windows的组策略选项: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoWindowsUpdate"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] "WubBlockLists"=hex(7):57,00,61,00,61,00,53,00,4D,00,65,00,64,00,69,00,63,00,\ 2E,00,65,00,78,00,65,00,00,00,57,00,61,00,61,00,73,00,4D,00,65,00,64,00,69,\ 00,63,00,41,00,67,00,65,00,6E,00,74,00,2E,00,65,00,78,00,65,00,00,00,57,00,\ 69,00,6E,00,64,00,6F,00,77,00,73,00,31,00,30,00,55,00,70,00,67,00,72,00,61,\ 00,64,00,65,00,2E,00,65,00,78,00,65,00,00,00,57,00,69,00,6E,00,64,00,6F,00,\ 77,00,73,00,31,00,30,00,55,00,70,00,67,00,72,00,61,00,64,00,65,00,72,00,41,\ 00,70,00,70,00,2E,00,65,00,78,00,65,00,00,00,55,00,70,00,64,00,61,00,74,00,\ 65,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6E,00,74,00,2E,00,65,00,78,\ 00,65,00,00,00,55,00,73,00,6F,00,43,00,6C,00,69,00,65,00,6E,00,74,00,2E,00,\ 65,00,78,00,65,00,00,00,72,00,65,00,6D,00,73,00,68,00,2E,00,65,00,78,00,65,\ 00,00,00,45,00,4F,00,53,00,6E,00,6F,00,74,00,69,00,66,00,79,00,2E,00,65,00,\ 78,00,65,00,00,00,53,00,69,00,68,00,43,00,6C,00,69,00,65,00,6E,00,74,00,2E,\ 00,65,00,78,00,65,00,00,00,75,00,70,00,66,00,63,00,2E,00,65,00,78,00,65,00,\ 00,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,41,00,67,00,65,00,6E,00,74,\ 00,2E,00,65,00,78,00,65,00,00,00,4D,00,75,00,73,00,4E,00,6F,00,74,00,69,00,\ 66,00,69,00,63,00,61,00,74,00,69,00,6F,00,6E,00,2E,00,65,00,78,00,65,00,00,\ 00,4D,00,75,00,73,00,4E,00,6F,00,74,00,69,00,66,00,69,00,63,00,61,00,74,00,\ 69,00,6F,00,6E,00,55,00,78,00,2E,00,65,00,78,00,65,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EOSnotify.exe] "Debugger"="/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\InstallAgent.exe] "Debugger"="/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MusNotification.exe] "Debugger"="/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MusNotificationUx.exe] "Debugger"="/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\remsh....

May 19, 2022 · 2 min · czyt