HP Touchpoint Analytics Spyware and the need to categorize drivers as functional or bloatware

[duaneking]

So HP decided to move what I personally consider spyware into its drivers and did a forced install of what I would consider malware into a lot of installs without users prior consent and they are signed and legitimate looking system components...

But I wanted to look into this deeper.

I found this DriverStoreExplorer project while looking into this to try to remove HP Touchpoint Analytics and looking through pnputil and other resources to try to hunt down how to reverse engineer the services and where they are installed from, how they got installed, etc.

Also for the network traffic part in case anybody reading this needs hostnames: https://github.com/StevenBlack/hosts/issues/1381

What is interesting about this is that the HP Drivers are mostly "extensions" and end up in paths like the following:

C:\Windows\System32\DriverStore\FileRepository\hpanalyticsext.inf_amd64_3a6ff2db7adb4d06 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c C:\Windows\System32\DriverStore\FileRepository\boaudiocontrolhsa.inf_amd64_b91e2516aa863b91 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_86d9ab8950580d2e C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_82b4ea84f6cb4b64

...So if anybody wants to remove this stuff..

cd C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_a6e24179070178de\
pnputil /delete-driver hpanalyticscomp.inf /uninstall

But this entire thing opens up the idea that some drivers are just malware, and I'm wondering what this projects stance is on being able to in an automated way, detect and remove such things?

Maybe this project could work with another?

[sylveon]

I don't think this project should start doing that because:

• It's a power user management tool, not a bloatware removal tool.
• What is considered bloatware is subjective. For you it might be bloatware/spyware, for others it might be useful (or even necessary for their laptop to work as intended).
• Most removed drivers will just come right back from WU, and now RAPR would need to also deal with making sure they don't come back, and this is wildly out of scope (no, silently disabling WU driver updates as a whole is not an acceptable way of doing that).

Bloatware removal tools are free to call pnputil on their own to remove such things.

[duaneking]

Also: Would this project be against supporting a simple json blob that can be consumed via the command line option in order to assist with automated uninstalling of components, as part of a CLI interface that allows external projects to issue these remove requests in an automated way via scripting, based on a power users input?

[duaneking]

Nevermind, I see that a CLI was requested, and I think that's the most fair request that would also enable the flexibility for people to collect data like this, so I going to to to support that other bug band request.