Enhance "disable Windows Update" mechanism by configuring upfc.exe

[TheAndr0id]

Description

As detailed in issue #272 Windows Update is basically behaving like malware. In order to disable the service, multiple services and background tasks need to be disabled, including an undocumented service/program upfc.exe.

The only information found about upfc.exe is detailed here: What the bleep is UPFC.exe?

upfc.exe uses XML files under Windows\Waas to reset and restart various services (and scheduled tasks) to re-enable Windows Update, Update Orchestrator and the Windows Update Medic Service.

Proposed solution

If Windows Update is to be disabled, these XML files should be edited in place to tell upfc.exe that disabled is the correct state of these services. The files involved are listed under the above issue (found here: https://github.com/undergroundwires/privacy.sexy/issues/272#issuecomment-1843739166).

The changes are simple, it involves setting the start="demand" to start="disabled" for the above services and setting the <enabled>true</enabled> to <enabled>false</enabled> for various tasks (see above comment in issue #272 for more details).

Additional information

These files are all owned by TrustedInstaller and the the upfc.exe only runs every 5 days or so. It's progress/status can be seen via the registry at HKLM\SYSTEM\WaaS\Upfc. Success/failure can be tracked by the RemediationFailureCounter registry value.

upfc.exe seems to be a single run process spawned by Windows\System32\services.exe at startup time. It seems to use a registry value NextHealthCheckTime to determine if it should do anything. Of course all the registry is owned and secured by TrustedInstaller...