Samsung Quietly Disabling Windows Update, Risking Systems Open to Hackers



You are using your laptop and it has a software updater tool – what do you expect it to do? You expect it to update your system software and keep your system secure. But, Samsung’s “software updater” tool is doing just the opposite.

The Samsung software updater is disabling the official Windows Update on some computers and thus leaving the users exposed to vulnerabilities and security threats- according to a Microsoft support engineer.

Patrick, a Microsoft MVP was assisting a Windows Update issue and he figured out that system’s Windows Update was getting disabled automatically. On analyzing further, he figured out that the program responsible for disabling Windows Update was Disable_Windowsupdate.exe. This software came as a part of Samsung’s software update software.

Samsung Software Update is a bloatware that comes pre-installed with the system to update the Samsung drivers. Such software is shipped with all typical OEMs but Samsung intends to do something ‘extraordinary’ by disabling the Windows Update.

Take a look at it below as shared by Patrick:

HKLM\SOFTWARE\Samsung\CurrentPath\20000: ""C:\Program Files\Samsung\SW Update\sManager.exe""  
 HKLM\SOFTWARE\Samsung\SW Update\AgentPath: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe"  
 HKLM\SOFTWARE\Samsung\SW Update\InstallPath: "C:\Program Files\Samsung\SW Update\sManager.exe"  
 HKLM\SOFTWARE\Samsung\SW Update\TrafficDecentralize: "Y"  
 HKLM\SOFTWARE\Samsung\SW Update\LastORCAServerUpdateDateTime: "2015-06-22T02:28:42"  
 HKLM\SOFTWARE\Samsung\SW Update\AgentSleepSec: "300"  
 HKLM\SOFTWARE\Samsung\SWMCommon\FirstAgentExecDateTime: "2015-06-23T01:47:42"  
 HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\Type: 0x00000110  
 HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\Start: 0x00000002  
 HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\ErrorControl: 0x00000001  
 HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\ImagePath: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE"  
 HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\DisplayName: "SW Update Service"  
 HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\ObjectName: "LocalSystem"  
 HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\Type: 0x00000110  
 HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\Start: 0x00000002  
 HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\ErrorControl: 0x00000001  
 HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\ImagePath: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE"  
 HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\DisplayName: "SW Update Service"  
 HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\ObjectName: "LocalSystem"  

Actually this functionality doesn’t ship with the systems- it quietly downloads it in the background at a later time and installs without user’s permission.


This Disable_Windowsupdate.exe is signed by Samsung, leaving no doubts that it was the tech company who did this.

Patrick mentions: “When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.”

How to check if your Samsung Computer is having this bloatware?

Open the ‘run’ dialog (Windows key + R) and paste this below:


Did you find this post helpful? Tell us in comments below.

Also read: How Attacker Can Hack Your Email Account Just With Your Phone Number

Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes