• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Windows 10 PCs Being used as Endpoint Update Servers

Joined
Oct 17, 2012
Messages
9,781 (2.34/day)
Location
Massachusetts
System Name Americas cure is the death of Social Justice & Political Correctness
Processor i7-11700K
Motherboard Asrock Z590 Extreme wifi 6E
Cooling Noctua NH-U12A
Memory 32GB Corsair RGB fancy boi 5000
Video Card(s) RTX 3090 Reference
Storage Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s) Dell - 27" LED QHD G-SYNC x2
Case Fractal Design Meshify-C
Audio Device(s) on board
Power Supply Seasonic Focus+ Gold 1000 Watt
Mouse Logitech G502 spectrum
Keyboard AZIO MGK-1 RGB (Kaith Blue)
Software Win 10 Professional 64 bit
Benchmark Scores the MLGeesiest
i think it is enabled, but is a check box iirc. i turned it off, as i specifically recall not liking the "sound of this function" it screams bad news for some reason......im sure its fine, and im just likely being paranoid, but its off for Me.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,472 (4.25/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
Overall, Comcast now has 22.3 million video customers, 23.3 million Internet customers, and 11.5 million phone customers. The phone business added 139,000 subscribers in the quarter and 282,000 during the full year. Many of the additions came from existing customers adding a service.3 Feb 2016

And if you cost those figures ( lets be Generous and say 11million customers allow Comcast to sip power)
is that small change over a year ????

To each individual customer, the amount of power means nothing. Unless you are saying that one person is paying for all that power, then you point doesn't matter. No one has any reason to complain about the power used by the extra hardware in the Comcast gateway. It is maybe $10 a year in cost to a person. There are bigger things to complain about.

you don't think Microsoft will use a common Port that is open do you on a Nat

You say "will" like this is something new that is just coming out. It has been in Windows 10 for a long while. And, no, they aren't using a common port. It uses something in the 8000 range IIRC.

It seems to have been set to off by default in my case.

I believe it depends on the settings you pick when Windows is first set up. I'm pretty sure it is one of those options when you first setup Windows that are all on by default but give the user the option to turn them off when setting up Windows for the first time. Basically, the let the user decide, if they don't bother reading, it isn't really Microsoft's fault.
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
isnt this the option? if so it can be disabled from within windows ,after installation.personally i uncheck ALL boxes when intalling Win, but this somehow got turned back on, maybe in the recent FCU


notice the 2nd option has "internet" added , i dont want ANYONE DL'ing updates from My PC/PC's or network.

this function/option has "vulnerability" written all over it IMO...i cant say how, but if there was a way for a hacker to exploit a system/systems, this seems like it would eb a likely starting point.


Just confirmed that default with a fresh install today:

Default.png
 
Joined
Mar 11, 2009
Messages
1,777 (0.32/day)
Location
Little Rock, AR
System Name Gamer
Processor AMD Ryzen 3700x
Motherboard AsRock B550 Phantom Gaming ITX/AX
Memory 32GB
Video Card(s) ASRock Radeon RX 6800 XT Phantom Gaming D
Case Phanteks Eclipse P200A D-RGB
Power Supply 800w CM
Mouse Corsair M65 Pro
Software Windows 10 Pro
Nah numerous reasons I haven't switched, besides why fix what is not broken?

@Papayooie I wonder if there is a Administrator regedit or gpedit tweak to turn this option off indefinitely.

I'm sure there is an registry setting for it (as pretty much all windows settings do) but it isn't likely to be any more permanent than flipping the switch in the GUI, as they probably reenable it through the registry anyway.


Like I said, if your machine is behind a NAT firewall(and it should be) then no one will be downloading anything from you or using any of your bandwidth.

I'm curious as to how you got that information. Because the setting in the GUI clearly has an option to allow users over the internet to download from you. A NAT will do nothing to stop it if your own machine reaches out and makes itself available.
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
I'm curious as to how you got that information. Because the setting in the GUI clearly has an option to allow users over the internet to download from you. A NAT will do nothing to stop it if your own machine reaches out and makes itself available.

There are ways to prevent it with a good firewall, but those are proactive measures. Any home router with Upnp is gonna let it right through.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,472 (4.25/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
I'm curious as to how you got that information. Because the setting in the GUI clearly has an option to allow users over the internet to download from you. A NAT will do nothing to stop it if your own machine reaches out and makes itself available.

It is the way the handshake works. It was discussed in several network security articles back when the feature first came to light back when Windows 10 came out(yes, this feature has been in Win10 from the beginning).

First, it communicates on the standard WSUS ports. It basically works very similarly to how torrents work. Microsoft has several "trackers" that track computers that have the option enabled to share updates. When the option to share over the internet is enabled, your computer announces to the trackers that it is enabled. The problem comes when a computer actually tries to connect to your computer to download the updates. Because the ports aren't forwarded on the router, the outside computers can't initiate the download.

It is exactly the same way torrents work. You can set a torrent to see, but no one will actually connect to you and download anything from you, because they can't connect to you because of the NAT translation. NAT translation is why we have to forward ports.

I mean, this isn't a new thing, it has been in Windows 10 since the beginning. There have been lots of articles about it, and lots of people far knowledgeable than you or I researching how it works.

Any home router with Upnp is gonna let it right through.

Yes, it could use the IGD Protocol to add a port mapping, but last I heard it doesn't do that.
 
Last edited:

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
It is the way the handshake works. It was discussed in several network security articles back when the feature first came to light back when Windows 10 came out(yes, this feature has been in Win10 from the beginning).

First, it communicates on the standard WSUS ports. It basically works very similarly to how torrents work. Microsoft has several "trackers" that track computers that have the option enabled to share updates. When the option to share over the internet is enabled, your computer announces to the trackers that it is enabled. The problem comes when a computer actually tries to connect to your computer to download the updates. Because the ports aren't forwarded on the router, the outside computers can't initiate the download.

It is exactly the same way torrents work. You can set a torrent to see, but no one will actually connect to you and download anything from you, because they can't connect to you because of the NAT translation. NAT translation is why we have to forward ports.

I mean, this isn't a new thing, it has been in Windows 10 since the beginning. There have been lots of articles about it, and lots of people far knowledgeable than you or I researching how it works.



Yes, it could use the IGD Protocol to add a port mapping, but last I heard it doesn't do that.

@R-T-B, @newtekie1, @Papahyooie, good to know.

Upnp can be disabled too
 
Joined
May 4, 2012
Messages
985 (0.23/day)
Location
Ireland
Comcast still does it in the US. It really isn't a big deal, it doesn't affect the customer in any way.
Well, i tried to connect to my own "WiFree" hotspot and i was given same [public] IP address as my other machines. So basically anyone can connect to your router, do some funny things on the internet and then best of luck for you on trying to prove it wasn't you. Another problem - torrents.
 
Joined
Oct 17, 2012
Messages
9,781 (2.34/day)
Location
Massachusetts
System Name Americas cure is the death of Social Justice & Political Correctness
Processor i7-11700K
Motherboard Asrock Z590 Extreme wifi 6E
Cooling Noctua NH-U12A
Memory 32GB Corsair RGB fancy boi 5000
Video Card(s) RTX 3090 Reference
Storage Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s) Dell - 27" LED QHD G-SYNC x2
Case Fractal Design Meshify-C
Audio Device(s) on board
Power Supply Seasonic Focus+ Gold 1000 Watt
Mouse Logitech G502 spectrum
Keyboard AZIO MGK-1 RGB (Kaith Blue)
Software Win 10 Professional 64 bit
Benchmark Scores the MLGeesiest

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,105 (1.31/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
If you do disable uPNP ,it will cause issues with consoles like Xbox and PlayStation(Atleast it used ti) It won't do it immediately but it will eventually. If you have those, fwiw

Lots of ISP Supplied (cheap as chicken Sh*t ) modem/Routers don't have the Facility to port Froward for other Devices
They Try to (and Succeed) lock them Down in firmware to prevent User interaction
Its uPnP Because they :) Know Best about your Security:roll::roll: and you should not interfere with their Setting
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,472 (4.25/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
Well, i tried to connect to my own "WiFree" hotspot and i was given same [public] IP address as my other machines. So basically anyone can connect to your router, do some funny things on the internet and then best of luck for you on trying to prove it wasn't you. Another problem - torrents.

With comcast you get a different public IP. Plus, in the US, you can't be sued or blamed for anything based just on your IP. The legal precedent has been set that an IP does not equal an identity because of the reasons you stated.
 
Joined
Mar 11, 2009
Messages
1,777 (0.32/day)
Location
Little Rock, AR
System Name Gamer
Processor AMD Ryzen 3700x
Motherboard AsRock B550 Phantom Gaming ITX/AX
Memory 32GB
Video Card(s) ASRock Radeon RX 6800 XT Phantom Gaming D
Case Phanteks Eclipse P200A D-RGB
Power Supply 800w CM
Mouse Corsair M65 Pro
Software Windows 10 Pro
It is the way the handshake works. It was discussed in several network security articles back when the feature first came to light back when Windows 10 came out(yes, this feature has been in Win10 from the beginning).

First, it communicates on the standard WSUS ports. It basically works very similarly to how torrents work. Microsoft has several "trackers" that track computers that have the option enabled to share updates. When the option to share over the internet is enabled, your computer announces to the trackers that it is enabled. The problem comes when a computer actually tries to connect to your computer to download the updates. Because the ports aren't forwarded on the router, the outside computers can't initiate the download.
It is exactly the same way torrents work. You can set a torrent to see, but no one will actually connect to you and download anything from you, because they can't connect to you because of the NAT translation. NAT translation is why we have to forward ports.
I mean, this isn't a new thing, it has been in Windows 10 since the beginning. There have been lots of articles about it, and lots of people far knowledgeable than you or I researching how it works.
Yes, it could use the IGD Protocol to add a port mapping, but last I heard it doesn't do that.

I see. I mean, that totally makes sense, technically speaking. I know it was there since the beginning, but as I said earlier in the thread, I have personally had it turn itself back on several times on multiple machines.

My next question then, is this: If it doesn't have functionality to use IGD, then the entire feature is a non-starter. So why create it in the first place? (the "online" part I mean, not the internal network sharing) It seems to me that it HAS to have some way of getting out without forwarding ports. And I don't think Microsoft would just put it out there if there was no way it could ever work, unless the user had no security whatsoever. I think I'll turn it on on one of my machines and see if I can't capture it doing whatever it does, because this doesn't make any sense to me.

With comcast you get a different public IP. Plus, in the US, you can't be sued or blamed for anything based just on your IP. The legal precedent has been set that an IP does not equal an identity because of the reasons you stated.

Not necessarily true. I tested mine as well, and it has the same public IP as my "home" one. Definitely disabled that as soon as I found it... But you are correct about legal precedent. If anything, it would work in your defense if you were to do something shady online.
 
Top