Which settings in the update & security category control anti-malware functionality?

View Other Properties

Using Kolide, you can easily view and query Windows Update Settings across your fleet.

Introduction

Windows Update has a variety of advanced options which can be configured to customize its behavior. This inventory details the configuration of the Windows Update feature, such as when it last scanned, what hours of the day Windows Update should run, and whether Updates should be paused.

What Windows Update Setting Data Can Kolide Collect?

Kolide's endpoint agent bundles in osquery to efficiently collect Windows Update Settings from Windows devices in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.

Kolide meticulously documents every piece of data returned so you can understand the results.

Windows Update Settings Schema

Why Should I Collect Windows Update Settings?

Information about the configuration of Windows Update can be used by an administrator to verify a device is able to properly set to receive updates and install them when available, as well as troubleshoot devices which are not running the latest version of Windows.

End-User Privacy Consideration

Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.

No personally identifiable or sensitive data is collected or transmitted as part of this Inventory.

When you use Kolide to list Windows Update Setting data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed by employees through Slack or Google Workspace account.

What to Know

• Windows 11: Go to Settings > Windows Update > Advanced Options.
• Windows 10: Go to Settings > Update & Security > Windows Update > Advanced options.
• We recommend turning on updates for other Microsoft products, and enabling metered connection downloads.

Windows Update exists to help make it easy to keep Windows up to date with the latest patches, service packs, and other updates. How easy depends on how Windows Update is configured to download and apply updates.

When you first turned on your new computer or were finishing your Windows operating system install, you told Windows Update how you wanted it to act—a little more automatic or a little more manual.

If your original decision isn't working out, or you need to change how it works to avoid repeating an auto-update issue, like what happens on some Patch Tuesdays, you can simply adjust how Windows receives and installs updates.

Depending on your version of Windows, this could mean downloading but not installing the updates, notifying you but not downloading them, or even disabling Windows Update completely.

Time Required: Changing how Windows updates are downloaded and installed should only take you a few minutes at most.

Microsoft made changes to the location and wording of Windows Update and its settings almost every time a new version of Windows was released. Below are three sets of instructions for changing/disabling Windows Update: one for Windows 11, one for Windows 10, one for Windows 8, Windows 7 or Windows Vista, and one for Windows XP.

Not sure what version of Windows you're running? Use the Lifewire System Info Tool to find out:

If you're changing Windows Update settings on another device and not sure what version it's running, see What Version of Windows Do I Have? for help.

How to Change Windows Update Settings in Windows 11

The Windows Update settings in Windows 11 didn't change much from Windows 10, aside from small things like different names for the options and the method you take to get to the settings.

1. Right-click the Start button, and choose Settings. You can also left-click the Start button and search for Settings.
   

2. Choose Windows Update from the menu on the left.
   

3. Select Advanced Options.
   

4. The options here control how Windows 11 will download and install updates for the operating system and, if selected, other software from Microsoft.
   

   We highly recommend that you do the following: turn on Receive updates for other Microsoft products and turn on Download updates over metered connections. All things considered, this is the safest way to go.

5. Changes you make to Windows 11's Windows Update settings are saved automatically. You can close the Settings window when you're finished customizing the settings.

Here are more details on all these settings that are available to you in Windows Update for Windows 11:

Receive updates for other Microsoft products: Just as it sounds, you can have Windows Update deliver updates for other Microsoft programs that you have installed, such as Microsoft Office.

Get me up to date: Your PC will restart ASAP so that updates will finish installing as quickly as possible. You'll get a restart prompt 15 minutes before it happens so that you can save your work.

Download updates over metered connections: You'll receive automatic updates even if you're connected to a data-limited network. Most people, especially home users, are on unlimited data plans, so this is only relevant for people on a limited network, like through a mobile data plan.

Notify me when a restart is required to finish updating: A restart prompt will appear when Windows Update is ready to reboot your computer.

Active hours: Change this if Windows is rebooting your computer while you're using it. Telling Windows that your active hours are, say 9 AM to 5 PM, will force it to not reboot for updates during that time frame. The automatic option will choose the active hours based on your activity.

Delivery Optimization: Set download and upload speed limits to ensure that not all of your network bandwidth is used for updates. You can also allow or deny letting your PC send already-downloaded Windows updates to other devices on your local network.

On the main Windows Update screen are some other options:

Pause updates: If updates are getting in the way of your computer usage, you can pause them for anywhere from 1 week to 5 weeks. Windows will resume updates after the pause period is up.

Windows Insider Program: This lets you receive early versions of major updates to Windows 11. This is the fastest way to get the newest features as they become available, before everyone else. However, depending on the option you choose after enabling this, you might end up using an unstable version that isn't fit for public use just yet. This is accessible from the main Windows Update screen.

How to Change Windows Update Settings in Windows 10

Beginning in Windows 10, Microsoft simplified the options available to you regarding the Windows Update process, but also removed some of the finer control you may have enjoyed in earlier versions.

1. Select Start and then choose the settings icon.

2. Choose Update & Security.

3. Choose Windows Update from the menu on the left, assuming it's not already selected.

4. Select Advanced options.

5. The various settings on this page control how Windows 10 will download and install updates for the operating system, and perhaps other software, from Microsoft.

   We highly recommend that you do the following: turn on Receive updates for other Microsoft products when you update Windows, turn on Download updates over metered connections (extra charges may apply), and don't enable any deferred/pause updates options (if you see them).

6. Changes to Windows Update settings in Windows 10 are saved automatically once you make them. Once you're done selecting or deselecting things, you can close the Advanced options window that's open.

Here are more details on all the "advanced" Windows Update settings that are available to you in Windows 10:

Update notifications: Choose this option to automatically download updates of all kind—security and non-security. You'll be told when Windows needs to restart to apply them, so that you can prepare by saving work, etc.

There is no official way to turn off automatic updating in Windows 10, nor is there a straightforward way to disable Windows Update altogether.

Here's what some of that other stuff on the Advanced options screen is for:

Receive updates for other Microsoft products when you update Windows: This is pretty self-explanatory. We recommend checking this option so other Microsoft programs you have installed will get automatic updates, too, like Microsoft Office. (Updates for your Windows Store apps are handled in the Store. Open Settings from the Store and then toggle on or off the Update apps automatically option.)

Pause Updates: Choosing one of these options will stop Windows from updating your computer for several days, up to 35. When that time period is over, Windows Update will be forced to install the newest updates before you can pause them again.

Defer upgrades: There are two deferred update options in Windows 10, letting you delay feature updates and/or quality updates. Doing so lets you wait several days or months before these updates will automatically install. Deferring upgrades isn't supported in Windows 10 Home.

On the primary Windows Update screen is another option:

Change active hours: If Windows is restarting for updates when you're using your computer, you can adjust this setting to tell Windows when you're on your computer, to make sure that updates don't force-restart during that time. Pick the automatic option and Windows will choose the active hours based on your activity.

Depending on the version of Windows 10 you're running, you might also see the options listed below.

Choose the branch readiness level: Windows Update lets you choose when to install updates. You can pick Semi-Annual Channel (Targeted) which means the update is ready for most people, or Semi-Annual Channel which refers to updates that are ready for widespread use in organizations.

Choose how updates are delivered: These options, if you see them, allow you to enable or disable the downloading, as well as the uploading, of Windows Update related files around your local network or even the entire internet. Participating in the Updates from more than one place program helps speed up the Windows Update process in Windows 10.

Get insider builds: If you see it, it allows you to sign up to get early versions of major updates to Windows 10. When enabled, you'll have Fast or Slow options, indicating how soon after these Windows 10 test versions are made available that you'll get them.

How to Change Windows Update Settings in Windows 8, 7, & Vista

Microsoft ended support for Windows 7 in January of 2020. That means no more updates. Windows 8 support ended in 2016 and Vista ended many years before that. If you are still running one of those versions of Windows you have nothing to worry about because there won't be any updates.
Windows 8.1 will still get updates until January 10, 2023.

These three versions of Windows have very similar Windows Update settings but we'll call out any differences as we walk through the process.

1. Open Control Panel. In Windows 8, the WIN+X Menu is the quickest way, and in Windows 7 & Vista, check the Start menu for the link.

2. Select System and Security, or just Security in Windows Vista.

   If you're viewing the Classic View, Large icons, or Small icons view of Control Panel, choose Windows Update instead and then skip to Step 4.

3. Choose Windows Update from the System and Security window.

4. Select Change settings on the left.

5. The settings you see on the screen right now control how Windows Update will look for, receive, and install updates from Microsoft.

   We recommend that you choose to Install updates automatically (recommended) from the drop-down and then check all the other items on the page. This will make sure your computer receives and installs all the updates it needs.

   You can also customize the time that downloaded updates are installed. In Windows 8, this is behind the Updates will be automatically installed during the maintenance window link, and in Windows 7 & Vista, it's right there on the Windows Update screen.

6. Choose OK to save the changes. Feel free to close any open windows related to Windows Update.

Here's a bit more on all of those options you have:

Install updates automatically (recommended): Choose this option to have Windows Update automatically check for, download, and install important security patches.

Download updates but let me choose whether to install them: Choose this to have Windows Update automatically check for and download important updates but not install them. You'll have to explicitly choose to install the updates either from Windows Update or during the next shutdown process.

Check for updates but let me choose whether to download and install them: With this option, Windows Update will check for and notify you of available updates but you'll need to manually approve the download and installation of them.

Never check for updates (not recommended): This option disables Windows Update completely in Windows 8, 7, or Vista. When you choose this, Windows Update won't even check with Microsoft to see if important security patches are available.

Here are what some of those other checkboxes mean, not all of which you'll see, depending on your version of Windows and how your computer is configured:

Give me recommended updates the same way I receive important updates: This option gives Windows Update permission to treat patches that Microsoft "recommends" the same way as patches thought to be "critical" or "important," and download and install them as you've selected in the drop-down box.

Allow all users to install updates on this computer: Check this if you have other, non-administrator accounts on your computer that actually get used. This will let those users install updates, too. However, even when unchecked, updates installed by an administrator will still get applied to those user accounts, they just won't be able to install them.

Give me updates for other Microsoft products when I update Windows: Check this option, which is a bit wordier in Windows 7 & Vista, if you own other Microsoft software and you want Windows Update to handle updating those as well.

Show me detailed notifications when new Microsoft software is available: This is pretty self-explanatory—check it if you want to get notifications, via Windows Update, when Microsoft software you don't have installed is available for your computer.

How to Change Windows Update Settings in Windows XP

Microsoft ended support for Windows XP many years ago. There will be no more updates. For your archives, here's how it worked back when they did still send updates.

Windows Update is more an online service than an integrated part of Windows XP, but the update settings can be set from within the operating system.

1. Open Control Panel, usually via Start, and then its link on the right.

2. Click Security Center.

   If you're viewing Control Panel in the Classic View, you won't see this link. Instead, double-click Automatic Updates and then skip to Step 4.

3. Click the Automatic Updates link near the bottom of the window.

4. These four options you see in the Automatic Updates window control how Windows XP gets updated.

   We highly recommend that you choose the Automatic (recommended) option and the everyday choice from the drop-down that appears underneath, along with a time you're not using your computer.

   Windows XP is no longer supported by Microsoft and so they no longer push updates to Windows XP. However, considering that exceptions could be made in the future and that you still might not have the most up to date patches and features, we recommended keeping the "automatic" settings enabled.

5. Click OK to save your changes.

Here are more details on what those four choices actually mean for your Windows Update experience in Windows XP:

Automatic (recommended): Windows Update will automatically check for, download, and install updates, with no input from you needed.

Download updates for me, but let me choose when to install them: Updates will be checked for, and downloaded, from Microsoft's servers, but they won't be installed until you manually approve them.

Notify me but don't automatically download or install them: Windows Update will check for new updates from Microsoft, and let you know about them, but they won't be downloaded and installed until you say so.

Turn off Automatic Updates: This option completely disables Windows Update in Windows XP. You won't even be told that updates are available. You can, of course, still visit the Windows Update website yourself and check for any new patches.

Disabling Windows Update & Turning off Automatic Updates

While it is possible, at least prior to Windows 10, we do not recommend completely disabling Windows Update. At the very least, choose an option where you're notified of new updates, even if you choose not to have them automatically download or install.

And on that thought...we also do not recommend turning off automatic updating. Letting Windows Update check, download, and automatically install updates is a very good way to make sure you're protected from being exploited by security issues after they're discovered. Yes, at least in Windows 8, 7, and Vista, you could compromise by making that critical "install" part up to you, but that's just one more thing you have to remember to do.

Bottom line: we say keep it simple by keeping it automatic.

How to Fix Problems Caused by Windows Updates

Where are my update settings?

What is the latest Android update?

What is this software update?

Where is settings update & Security?