forums.wsusoffline.net

[wade7575]

I want to use WSUS Offline to update my PC after I do a reformat but I also need to avoid putting in update KB3133977.

My problem is this update affect's ASUS PC's and can lock you out of your PC if this update is installed,it has something to do with affecting the secure boot in the Bios I learned this the hard way as I just did a reformat for a friend of mine that has the same Motherboard as me and I did not know about this update and it froze his PC and I had to do another reformat.

What I was wondering if there is a way when using WSUS Offline to stop certain updates from going into your PC and if so how do you choose to not install that update with WSUS Offline.

To read more about the problems that update KB3133977 cause's take a look at this link.

http://www.infoworld.com/article/306548 ... reeze.html

[aker]

Just write the update KB to .\client\exclude\custom\ExcludeList.txt.
I'm not sure, if wsusou even attempts to install that update as it just parses security-relevant ones.

Q: Can I exclude patches from download and/or installation?
A: Yes, that's possible through customizing the download- and update scripts according to your requirements. You may add new patches or exclude existing ones. Please follow this guide:

1. Exclude patches from download
[...]

2. Excluding updates from installation
Once again you have to make a difference between statically defined and dynamically determined updates.
a) Statically defined updates
The statically defined updates (latest version each) are:
- Service Pack (SP)
- Windows Update Agent (WUA)
- Microsoft Installer (MSI)
- Windows Script Host (WSH)
- Internet Explorer (IE)
These updates will be installed only if the version installed on the target system is lower than the versions defined in the file "SetTargetEnvVars.cmd" (directory .\client\cmd). If you generally want to prevent installation of one of those updates, you have to modify the expected values in the "SetTargetEnvVars.cmd" or insert jump marks into the "DoUpdate.cmd" (which controls the installation process). You should do this in very special cases only, as with SP, WUA, MSI and WSH, certain versions are required as preconditions.
b) Dynamically determined updates
To exclude dynamically determined updates from installation, insert their knowledge base ID (KBxxxxxx or simply xxxxxx) into the file "ExcludeList.txt" (directory .\client\exclude). These updates will now be ignored; and you'll receive a warning in the log.

The following updates are already excluded:
- kb816093 (Security update for Microsoft VM)
- kb951847 (.NET Framework 3.5 SP1 Family Update (will be explicitly installed if selected))
- kb890830 (Windows Malicious Software Removal Tool (MSRT))
- kb931125 (Trusted Root Certificates (will be explicitly updated if selected))
- kb2917500 (Revoked Root Certificates (will be explicitly updated if selected))
- kb926874 (Internet Explorer 7 (will be explicitly installed if selected))
- kb940767 (Internet Explorer 7 (will be explicitly installed if selected))
- kb944036 (Internet Explorer 8 (will be explicitly installed if selected))
- kb982861 (Internet Explorer 9 (will be explicitly installed if selected))
- kb2718695 (Internet Explorer 10 (will be explicitly installed if selected))
- kb2841134 (Internet Explorer 11 (will be explicitly installed if selected))
- kb976002 (Browser Choice)
- kb923618 (Office 2003 Service Pack 3 (will be implicitly installed if required))
- kb2526086 (Office 2007 Service Pack 3 (will be implicitly installed if required))
- kb2687455 (Office 2010 Service Pack 2 (will be implicitly installed if required))
- kb2817430 (Office 2013 Service Pack 1 (will be implicitly installed if required))
- kb936929 (Windows XP Service Pack 3 (will be implicitly installed if required))
- kb914961 (Windows Server 2003 Service Pack 2 (will be implicitly installed if required))
- kb936330 (Windows Vista Service Pack 1 (will be implicitly installed if required))
- kb948465 (Windows Vista Service Pack 2 (will be implicitly installed if required))
- kb976932 (Windows 7 Service Pack 1 (will be implicitly installed if required))

Please be aware that excluding updates may have an impact on the security of your PC.

[boco]

If you have Windows 7, switch SecureBoot OFF in UEFI.

[wade7575]

Thanks for the help I will try that,I was wondering one thing is it just as simple as adding kb3133977 to the list and that is it,I'm just wondering because all of the other updates on that list have text after them such as the ones I copied and pasted below.

kb914961,Windows Server 2003 Service Pack 2
kb936330,Windows Vista / Server 2008 Service Pack 1
kb948465,Windows Vista / Server 2008 Service Pack 2
kb976932,Windows 7 / Server 2008 R2 Service Pack 1
kb3081444,August 2015 cumulative update for Windows 10
kb3081448,August 2015 cumulative update for Windows 10


The other thing I was wondering is that I can see from what it looks like kb2841134 is on that list and does that mean it will not be installed as well,I'm talking about Internet Explorer 11,if I remove the kb from that list for Internet Explorer 11 will WSUS Offline include Internet Explorer with the downloads it installs because I would preffer if it installed it as well not that I can't mind you.

Down below is what I copied and pasted about Internet Explorer from the Exclude list you told me about.

kb2841134,Internet Explorer 11

Just write the update KB to .\client\exclude\custom\ExcludeList.txt.
I'm not sure, if wsusou even attempts to install that update as it just parses security-relevant ones.

Q: Can I exclude patches from download and/or installation?
A: Yes, that's possible through customizing the download- and update scripts according to your requirements. You may add new patches or exclude existing ones. Please follow this guide:

1. Exclude patches from download
[...]

2. Excluding updates from installation
Once again you have to make a difference between statically defined and dynamically determined updates.
a) Statically defined updates
The statically defined updates (latest version each) are:
- Service Pack (SP)
- Windows Update Agent (WUA)
- Microsoft Installer (MSI)
- Windows Script Host (WSH)
- Internet Explorer (IE)
These updates will be installed only if the version installed on the target system is lower than the versions defined in the file "SetTargetEnvVars.cmd" (directory .\client\cmd). If you generally want to prevent installation of one of those updates, you have to modify the expected values in the "SetTargetEnvVars.cmd" or insert jump marks into the "DoUpdate.cmd" (which controls the installation process). You should do this in very special cases only, as with SP, WUA, MSI and WSH, certain versions are required as preconditions.
b) Dynamically determined updates
To exclude dynamically determined updates from installation, insert their knowledge base ID (KBxxxxxx or simply xxxxxx) into the file "ExcludeList.txt" (directory .\client\exclude). These updates will now be ignored; and you'll receive a warning in the log.

The following updates are already excluded:
- kb816093 (Security update for Microsoft VM)
- kb951847 (.NET Framework 3.5 SP1 Family Update (will be explicitly installed if selected))
- kb890830 (Windows Malicious Software Removal Tool (MSRT))
- kb931125 (Trusted Root Certificates (will be explicitly updated if selected))
- kb2917500 (Revoked Root Certificates (will be explicitly updated if selected))
- kb926874 (Internet Explorer 7 (will be explicitly installed if selected))
- kb940767 (Internet Explorer 7 (will be explicitly installed if selected))
- kb944036 (Internet Explorer 8 (will be explicitly installed if selected))
- kb982861 (Internet Explorer 9 (will be explicitly installed if selected))
- kb2718695 (Internet Explorer 10 (will be explicitly installed if selected))
- kb2841134 (Internet Explorer 11 (will be explicitly installed if selected))
- kb976002 (Browser Choice)
- kb923618 (Office 2003 Service Pack 3 (will be implicitly installed if required))
- kb2526086 (Office 2007 Service Pack 3 (will be implicitly installed if required))
- kb2687455 (Office 2010 Service Pack 2 (will be implicitly installed if required))
- kb2817430 (Office 2013 Service Pack 1 (will be implicitly installed if required))
- kb936929 (Windows XP Service Pack 3 (will be implicitly installed if required))
- kb914961 (Windows Server 2003 Service Pack 2 (will be implicitly installed if required))
- kb936330 (Windows Vista Service Pack 1 (will be implicitly installed if required))
- kb948465 (Windows Vista Service Pack 2 (will be implicitly installed if required))
- kb976932 (Windows 7 Service Pack 1 (will be implicitly installed if required))

Please be aware that excluding updates may have an impact on the security of your PC.

[wade7575]

One other thing I forgot to ask is can I put all of the updates for Windows 7 32 Bit and 64 Bit and Office 2007 on the same USB stick if that's where I choose to store the updates.

The reason I ask this is because I also work on PC's in my spare time and I would like to be able to store all of the update's on the same USB stick if this is possible without causing any problems.

[aker]

Be sure not to use .\client\exclude\ExcludeList.txt, instead create a .\client\exclude\custom\ExcludeList.txt
The not-custom one will reset itself after each wsusou update.

Service Packs, IE and so on are blacklisted as wsusou treats them individually and we don't want Windows Update to intercept that.

Yes, you may store as many products as you want on the same USB device (as long as its capacity allows you to add more ), wsusou itself has no restriction.

[wade7575]

aker can you give me more of a step by step on how to create this new file.

Do I just go into the custom folder and create a file in Notepad and call it ExcludeList then just ad kb3133977 to the list.

Thanks for your help so far.

[wade7575]

I forgot to ask this question twice now LOL I don't why I keep forgetting.

Does WSUS Offline update only Security Updates for your installed OS or does it do the platform updates like kb2908783 as well.

If it does not is there a way to include the platform updates.

[aker]

Just create the file using the Windows Notepad, that's correct.

Which updates does wsusou install?
wsusou will just install security-relevant updates and a few selected optional ones (IE11, .NET 4.6.1 and those listed inside .\client\static\StaticUpdateIds-xxx.txt).
viewtopic.php?f=7&t=172