Suspicious New Folder: "%WINDIR%\System32\GWX"

Yesterday, my firewall blocked "GWXConfigManager.exe" from accessing the internet. As with any program I don't recognize, I attempted to look it up, but I found only one English result: "https://support.microsoft.com/en-us/kb/3035583". However, that page doesn't actually contain any references to "GWXConfigManager.exe". Next, I scanned it with Avira and uploaded it to VirusTotal, and there were no detections. Finally, I checked out the folder where the file is located: "C:\Windows\System32\GWX". It was created on March 28. There's a "config.xml" which has a few potentially useful clues, including two URLs: "https://go.microsoft.com/fwlink/?LinkID=526874" and "http://g.bing.com/GWX/". Since they're both in Microsoft-owned domains, I didn't see any harm in opening them, but they both redirect to the nonsensical URL "https://invalid.html/".

Here's the full text of "config.xml":

<?xml version="1.0" encoding="utf-16"?>
<CONFIG>
  <!--inbox config-->
  <VERSION>1</VERSION>
  <AuTargetSetting>2</AuTargetSetting>
  <CompatExpiryTime>45</CompatExpiryTime>
  <GlobalAdTimeOut>30</GlobalAdTimeOut>
  <OnlineAdUrl>https://go.microsoft.com/fwlink/?LinkID=526874&amp;</OnlineAdUrl>
  <!--Relative path to download folder for main html file-->
  <OfflineAppUrl>index.html</OfflineAppUrl>
  <MinAppraiserUpgradeExperience>Green</MinAppraiserUpgradeExperience>
  <!--pre-req temp disabled-->
  <AppraiserPrereq>true</AppraiserPrereq>
  <DownloadPrereq>true</DownloadPrereq>
  <EnableDomainJoined>false</EnableDomainJoined>
  <EnableEnterpriseSku>false</EnableEnterpriseSku>
  <Telemetry BaseURL="http://g.bing.com/GWX/">
    <linkid>GWX</linkid>
    <xmlLocation>TelemetryStore.xml</xmlLocation>
    <honorCeip>true</honorCeip>
  </Telemetry>
  <NonCeipSetting>GwxMarkersOnly</NonCeipSetting>
  <AdWindowSizes>
    <S>
      <x>350</x>
      <y>160</y>
    </S>
    <M>
      <x>320</x>
      <y>210</y>
    </M>
    <L>
      <x>480</x>
      <y>320</y>
    </L>
  </AdWindowSizes>
  <AppWindowSize>
    <x>800</x>
    <y>492</y>
  </AppWindowSize>
  <Filters>
    <Filter>
      <Phase>None</Phase>
      <triggers>
      </triggers>
    </Filter>
  </Filters>
  <Phases>
    <Phase name="None">
      <AntUXProcess>false</AntUXProcess>
      <TrayIcon>false</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>false</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="AnticipationUX">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>true</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>false</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="Reservation">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>true</Advertisement>
      <ReservationPage>true</ReservationPage>
      <Upgrading>false</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="Reserved">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>true</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>false</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="RTM">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>true</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>false</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="GA">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="UpgradeDetected">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="UpgradeDownloadInProgress">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>true</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="UpgradeDownloaded">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>true</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="UpgradeReadyToInstall">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>true</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="UpgradeReadySetupInProgress">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>true</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="UpgradeSetupCompatBlock">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="UpgradeSetupRolledBack">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="UPgradeSetupFailed">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>false</SetupComplete>
    </Phase>
    <Phase name="UpgradeSetupComplete">
      <AntUXProcess>true</AntUXProcess>
      <TrayIcon>true</TrayIcon>
      <Advertisement>false</Advertisement>
      <ReservationPage>false</ReservationPage>
      <Upgrading>true</Upgrading>
      <DownloadInProgress>false</DownloadInProgress>
      <DownloadComplete>false</DownloadComplete>
      <ReadyForSetup>false</ReadyForSetup>
      <SetupInProgress>false</SetupInProgress>
      <SetupComplete>true</SetupComplete>
    </Phase>
 </Phases>
 <Triggers>
 </Triggers>
</CONFIG>

Since I suspect that this might be a legitimate program added by a recent Windows Update, I wanted to ask about it here first.

Thank you!

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

https://www.microsoft.com/en-us/windows/windows-10-faq

Get Windows 10 is an app that’s designed to make the upgrade process easy. It checks to make sure your device is compatible, and it reserves your free upgrade; it also has information to help you learn about the features in Windows 10.

For devices running Windows 7 SP1 or Windows 8.1 Update with Windows Update enabled, the app shows up automatically as a Windows icon in your system tray at the bottom right-hand side of your screen.

No warranties or guarantees.
MVP 1st July 2005- 30th June 2016
WIMVP 1st July 2016- 30th June 2017

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Ok. I uninstalled the update. I still have 4Meg of trash on my hard drive I can't just delete and registry entries. Not a very clean uninstall!

I will need to uninstall and scrub all the desktops I support.

35 years at this computer thing. I can not believe this has been done!!! Marketing in Windows Update. Pollute my Desktop build??? Give me a break.

Below is my open letter to all of you Microsoft folks.

_______________________________________________________________________

Open letter to Microsoft (Bill) regarding GWX:

How dare you (Microsoft) use my hard drive, purchased operating system, and your (Microsoft) software distribution system to market to me, as well as effect my computers configurations. I own the hardware, software, and the configurations. Remove it now!!!

I never gave you (Microsoft) permission to load your (Microsoft) advertisement. Placing an icon in my task bars is over the top. And... Not including a hide selection for that advertisement icon is really over the top. Not to mention the task manager intrusions! Remove it now!!!

After 35 years in this industry I know better than to believe your (Microsoft) FREE upgrade. Must be a big catch. Services???

We at the end of your (Microsoft) poop chute really work hard to keep up. The last thing we need is you (Microsoft) adding needless / marketing task bar icons and directories to the INFASTRUCTURE WE OWN.

Here I am wasting even more time on GWX. You (Microsoft) have gone way over the top!!!

How about you (Microsoft) worry about the tools we need to lock these hackers out???

Timothy C Morris, MCNE

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

GWX MEANS :- GET WINDOWS X (10) ONCE ITS INSTALLED IT'S INSTALLED ON WINDOWS 7-8 SILENTLY WINDOWS 10 (IT'S ASK YOU FIRST BY AGREE ON FREE WINDOWS X).

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

    Yeah, I'm seeing this on machines everywhere now, even on machines in workplace, library, and kiosk locations.  All these computers are now vulnerable to any user activating the upgrade, potentially wreaking havoc for the admins.  I bet most admins aren't aware that this is happening yet (or what it could mean for them), and many of them don't even know how to remove or disable it and are helpless to ensure that their users don't activate it.

    Apart from the numerous little bugs and annoyances, I am actually finding some of the improvements to be quite delightful in Windows 10 (coming from Windows 7).  However, the big problem is that the UI looks terribly ugly everywhere and is quite clumsy in spots.  Rather than make something that looks nice that the vast majority of their customers would like, Microsoft is trying to shove their new decrepit visual style at us, willing to give their OS away for free and market it so aggressively as to offend or cause trouble for people—trying so hard to get Windows 10 the majority market share—all because they steadfastly refuse to make what most of their customers want in the first place!  Way to go, Microsoft!  (NOT!!!)

Dear Microsoft, please make Windows 10 functional, pretty & intuitive, not boring, clumsy & buggy!

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Interesting............ i have accept to update my Windows 7 to Windows 10 but now i need to maintain this stupid icon on system tray ??

It's no possibly to close it and re-enable in july ??

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I am currently making a tutorial showing how to remove this update and keep it from updating until you wish.

Standby until I release it... should be tomorrow.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

This is ridiculous, again! Yet another mass attack from Microsoft. I do NOT have automatic update in any PC, but again some MS update changed option to automatic, without asking me anything! First thing from where I can notice this is settings on Task Manager (update speed changed, always on top, etc.). After latest MS updates I have serious performance problems with our companys older PCs running Win7 or Vista. This morning there were several PCs blocked because GWXUX tries to connect internet to the address 207.46.194.14 (belongs to "MICROSOFT-GLOBAL-NET"). We are a small three men company, developing software (with MS tools for MS environment), having thousands customers - we really need our test PCs to stay Win7, Vista and even XP. During last weeks I have wasted so f..king many days to solve problems caused by MS updates - AGAIN! This is really frustrating. (Just my two cents)

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

<Dj Diabolik replied>

Interesting............ i have accept to update my Windows 7 to Windows 10 but now i need to maintain this stupid icon on system tray ??

It's no possibly to close it and re-enable in july ??

    I don't have access to Windows 7 machine with the update installed right now (I'm currently running Windows 10 on my machines), but I believe that GWX shouldn't be that hard to temporarily disable.  Last I looked, GWX created several scheduled tasks, so I suggest looking there first and disabling any enabled tasks related to GWX.  If it still runs, it may have created a service or startup entry, either of which can easily be disabled with Sysinternals Autoruns.

    I see no reason to mess with uninstalling and reinstalling the update—especially considering that Windows Update may automatically reinstall it.  Let Windows think it has the update installed, while you "put it on the back burner" by temporarily disabling its auto-start entries.

Dear Microsoft, please make Windows 10 functional, pretty & intuitive, not boring, clumsy & buggy!

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hola,

¿Como puedo desinstalar la Actualización?

Gracias.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I've made and edited the tutorial video. If you need to find out how to remove the update and stop it from coming back, feel free to check it out.

http://youtu.be/a4kiv6OL3L0

The video should be up by 1:00PM EST today.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info


Last updated February 6, 2020 Views 154,909 Applies to: