Block forced Windows 10 updates using a metered connection

The oddly constructed Win10 patch KB 3081436 confirms that the hack works

Block forced Windows 10 updates using a metered connection

For the past couple of weeks, various sites have suggested using a trick to turn off Windows 10’s forced updates. If you are using a Wi-Fi connection, the theory goes, you can turn off forced updates by identifying your Wi-Fi connection as a “metered” connection, thus restricting communications (ostensibly to save on connection charges) and, as a result, turning off automatic updating.

I’m very happy to report that, at least on the latest forced patches, the trick works. If your connection is marked as “metered,” Windows 10 fails to install the new KB 3081436 patch roll-up. In fact, Windows Update won’t even list the patch as available until you turn off metering.

I’ve been skeptical of the approach. Here’s why.

Microsoft doesn’t seem to have any online description of metered connections for Windows 10, but it does have a FAQ for Windows 8.1. In general, it suggests that Win 8.1 customers use metered connections when you get charged by the bit:

  • Wi‑Fi networks -- Windows sets Wi‑Fi networks to nonmetered by default. But if your Internet service provider charges you by the amount of data you use, setting your network connection to metered can help you limit your data usage.
  • Mobile broadband networks -- Windows sets mobile broadband networks to metered by default. But if your mobile broadband service is actually unlimited, then you might want to change the network setting to nonmetered.

The effects of metered connections are listed as the following:

  • Windows Update will only download priority updates.
  • Apps downloading from the Windows Store might be paused.
  • Start screen tiles might stop updating.
  • Offline files might not sync automatically.

The first side effect is the one that’s of interest, but it immediately poses the question, “what is a priority update?” Microsoft’s definition of that term runs all over the place. I hesitated to recommend using metered connections to block forced patches specifically because of the ambiguity of “priority updates.”

As of early this morning, I can confirm that every system I’ve heard about has blocked yesterday’s security update rollup, KB 3081436, from appearing over a metered connection. Thus, apparently, KB 3081436 isn’t a “priority update” (or some other magic is at work), and it’s held back over connections marked as metered.

For those of you who want to notch down Microsoft’s rollout pace -- presumably to avoid debacles like last week’s KB 3081424 crash, reboot cycle -- metered connections may provide a way to tread water for a few days and spare the pain, while you wait and see what problems other folks are encountering.

While Microsoft’s official Windows Update list shows KB 3081436 as an Important security update, with a security severity rating of Critical, the patch still gets blocked on a metered connection.

If your Win10 machine is connected to a mobile network, that connection is already marked as metered by default. If it’s connected to Wi-Fi, click Start > Settings > Network & Internet > Wi-Fi > Advanced Options, then slide the Metered Connection slider to On.

If your machine is wired to an Ethernet connection, you might want to consider pulling the plug and using a Wi-Fi USB dongle. Believe me, that’s much easier than the other solutions to the Win10 forced update problem that are circulating.

As mentioned, KB 3081436 is an odd, topsy-turvy patch. Where most security bulletins list the KB numbers of the patches in a specific problem area, KB 3081436 lists security bulletins associated with the patch. The Windows Update list shows KB 3081424 as part of MS15-080, which is yet another kernel vulnerability associated with bad TrueType or OpenType fonts. Yet the KB article itself lists six MS15- security bulletins. One of the security bulletins, MS15-091, only deals with Microsoft Edge running on Windows 10. Something of a circular reference is at work.

What we know is that KB 3081436, like its predecessor KB 3081424, is cumulative: If you’ve had trouble installing KB 3081424, forget it and install KB 3081436 instead. Better yet, wait a day or two and see if any problems crop up.

To date, the only problem with KB 3081436 that I can find is a vague reference in Venkat Eswarlu’s post on Techdows, saying that the patch fails to install on some systems, with error codes 0x8e5e03fa and 0x80200056. I can’t confirm either error code -- although dawn is now breaking in the United States, Win10 systems are rebooting, and it’s still much too early to draw any definitive conclusions.

Microsoft, in its usual Windows 10 way, hasn’t given us a changelog or much of a description at all, so it’s very hard to tell what this patch is supposed to do and whether it’s accomplished the goals. I think it’s likely that KB 3081436 is designed to work around the bad-profile endless reboot problem we saw in KB 3081424. It remains to be seen if this is the patch that Mary Jo Foley at ZDNet reports is coming soon to fix problems people are having with the Windows Store in general, and Mail in particular.

Time will tell.

Copyright © 2015 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon