Pamela wrote:[...] but should I add the spyware KB's to both lists or is there a diff between them?
The first file takes care of the download part and the latter file is parsed when installing updates. Furthermore, as I indirectly already said, the first file is specific to a Windows version and architecture, the latter is the exclude list for any Windows/Office version/architecture.
I don't have any ExcludeList.txt files in the two mentioned folders. Should I create them?
Yes, but keep in mind that the name ExcludeList.txt is only correct for the client exclude list. You can use the names of the non-custom lists (one level above) as a template.
Yes, I see the point, but a red flashing warning sign would be very welcome.
Well, you can either wait for users to report it here or on other sites (askwoody.com, various forums and so on). Or you can consult the
Windows Update history sites provided by MS, download the file information for the respective update, e.g.
2019-09 SecOnly (
direct link to file information) and search for "diagtrack", "compattel" in these CSV files. If you find anything, the update contains telemetry.
What KB is infected this month?
Monthly Rollups always contain telemetry. So far there are "only" two SecOnly updates for Win7 that contain telemetry, too: 2019-07 and 2019-09. For the corresponding KB numbers, either consult the Windows Update history site linked above, or take a look at
my site.
Regards
Dalai