Hacked

Samsung Quietly Disabling Windows Update, Risking Systems Open to Hackers


You are using your laptop and it has a software updater tool – what do you expect it to do? You expect it to update your system software and keep your system secure. But, Samsung’s “software updater” tool is doing just the opposite.

The Samsung software updater is disabling the official Windows Update on some computers and thus leaving the users exposed to vulnerabilities and security threats- according to a Microsoft support engineer.

Patrick, a Microsoft MVP was assisting a Windows Update issue and he figured out that system’s Windows Update was getting disabled automatically. On analyzing further, he figured out that the program responsible for disabling Windows Update was Disable_Windowsupdate.exe. This software came as a part of Samsung’s software update software.

Samsung Software Update is a bloatware that comes pre-installed with the system to update the Samsung drivers. Such software is shipped with all typical OEMs but Samsung intends to do something ‘extraordinary’ by disabling the Windows Update.

Take a look at it below as shared by Patrick:

HKLMSOFTWARESamsungCurrentPath20000: ""C:Program FilesSamsungSW UpdatesManager.exe""  
 HKLMSOFTWARESamsungSW UpdateAgentPath: "C:ProgramDataSamsungSW Update ServiceSWMAgent.exe"  
 HKLMSOFTWARESamsungSW UpdateInstallPath: "C:Program FilesSamsungSW UpdatesManager.exe"  
 HKLMSOFTWARESamsungSW UpdateTrafficDecentralize: "Y"  
 HKLMSOFTWARESamsungSW UpdateLastORCAServerUpdateDateTime: "2015-06-22T02:28:42"  
 HKLMSOFTWARESamsungSW UpdateAgentSleepSec: "300"  
 HKLMSOFTWARESamsungSWMCommonFirstAgentExecDateTime: "2015-06-23T01:47:42"  
 HKLMSYSTEMControlSet001ServicesSWUpdateServiceType: 0x00000110  
 HKLMSYSTEMControlSet001ServicesSWUpdateServiceStart: 0x00000002  
 HKLMSYSTEMControlSet001ServicesSWUpdateServiceErrorControl: 0x00000001  
 HKLMSYSTEMControlSet001ServicesSWUpdateServiceImagePath: "C:ProgramDataSamsungSW Update ServiceSWMAgent.exe /SERVICE"  
 HKLMSYSTEMControlSet001ServicesSWUpdateServiceDisplayName: "SW Update Service"  
 HKLMSYSTEMControlSet001ServicesSWUpdateServiceObjectName: "LocalSystem"  
 HKLMSYSTEMCurrentControlSetServicesSWUpdateServiceType: 0x00000110  
 HKLMSYSTEMCurrentControlSetServicesSWUpdateServiceStart: 0x00000002  
 HKLMSYSTEMCurrentControlSetServicesSWUpdateServiceErrorControl: 0x00000001  
 HKLMSYSTEMCurrentControlSetServicesSWUpdateServiceImagePath: "C:ProgramDataSamsungSW Update ServiceSWMAgent.exe /SERVICE"  
 HKLMSYSTEMCurrentControlSetServicesSWUpdateServiceDisplayName: "SW Update Service"  
 HKLMSYSTEMCurrentControlSetServicesSWUpdateServiceObjectName: "LocalSystem"  

Actually this functionality doesn’t ship with the systems- it quietly downloads it in the background at a later time and installs without user’s permission.


This Disable_Windowsupdate.exe is signed by Samsung, leaving no doubts that it was the tech company who did this.

Patrick mentions: “When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.”

How to check if your Samsung Computer is having this bloatware?

Open the ‘run’ dialog (Windows key + R) and paste this below:

%ALLUSERPROFILE%ProgramDataSamsung

Did you find this post helpful? Tell us in comments below.

Also read: How Attacker Can Hack Your Email Account Just With Your Phone Number

To Top

Pin It on Pinterest

Share This