search

undergroundwires / privacy.sexy

Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
https://privacy.sexy
GNU Affero General Public License v3.0
3.68k stars 159 forks source link

[BUG]: Microsoft Edge still alive after removal #309

Open d3cim opened 5 months ago

d3cim commented 5 months ago

Description

Microsoft Edge still trying to ping Microsoft after uninstalling it.

OS

Microsoft Windows 10 IoT Enterprise 10.0.19045 Build 19045

Reproduction steps

Install a generic traffic monitor like Wireshark or any good firewall like simplewall and see these pings coming from microsoftedgeupdate.exe happen time to time during a normal session.

The file is stored in C:\Program Files (x86)\Microsoft\EdgeUpdate folder.

Scripts

A custom version between Strict and All. privacy-script-hard.txt

Screenshots

Additional information

I can also notice msedgewebview2.exe do some requests coming from C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.121 folder.

I don't know if it is something strictly related to MS Edge but blocking them doesn't seem to affect the system usability.

I would like to thank you for your work and your tool.. it is simply amazing..

d3cim commented 5 months ago

Here a capture:

"‎12/‎01/‎2024 ‏‎21:41:24","DESKTOP\admin","C:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe","20.7.47.135","443 (https)","tcp"
"‎12/‎01/‎2024 ‏‎21:41:24","DESKTOP\admin","C:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe","13.107.42.16","443 (https)","tcp"
undergroundwires commented 5 months ago

Could you test uninstalling the updates in an elevated cmd.exe like this and see if it works:

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall

It would be also nice to test it that it can be reinstalled using:

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /install

I then wonder if these services edgeupdate and edgeupdatem would be left after running the official uninstaller. You can check their existing with following PowerShell:

(Get-Service -Name edgeupdate).StartType
(Get-Service -Name edgeupdatem).StartType

Other option would be to stop updates according to Microsoft docs, but this probably won't work is only designed for enterprises as usual:

reg add "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate" /v "UpdateDefault" /t "REG_DWORD" /d "0" /f

Removal of web view would break any third party or Microsoft application that tries to render native Windows browser inside. msedgewebview2.exe is most likely being used by another application in your case, so that one would break if we get rid of web view.

d3cim commented 5 months ago

Could you test uninstalling the updates in an elevated cmd.exe like this and see if it works:

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall

This results in nothing, the file still present in directory.

It would be also nice to test it that it can be reinstalled using:

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /install

This results in an error message:

sefg

I then wonder if these services edgeupdate and edgeupdatem would be left after running the official uninstaller. You can check their existing with following PowerShell:

(Get-Service -Name edgeupdate).StartType
(Get-Service -Name edgeupdatem).StartType

This is the PS results:

fdgdfh

Other option would be to stop updates according to Microsoft docs, but this probably won't work is only designed for enterprises as usual:

reg add "HKLM\SOFTWARE\Policies\Microsoft\EdgeUpdate" /v "UpdateDefault" /t "REG_DWORD" /d "0" /f

I'm on an Enterprise version and I tried to add these reg value but I can notice the service running again.