Главная » Linux

Windows update file locations

Содержание
  1. Windows Update log files
  2. Generating WindowsUpdate.log
  3. Windows Update log components
  4. Windows Update log structure
  5. Time stamps
  6. Process ID and thread ID
  7. Component name
  8. Update identifiers
  9. Windows Setup log files analysis using SetupDiag tool
  10. Windows update file locations
  11. Answered by:
  12. Question
  13. Answers
  14. All replies
  15. Delete Downloaded Windows Update Files in Windows 10
  16. Run the built-in Windows Update troubleshooter.
  17. To Delete Downloaded Windows Update Files in Windows 10,
  18. Delete Downloaded Windows Update Files with a Batch File
  19. Here’s how does it work
  20. About Sergey Tkachenko
  21. 5 thoughts on “ Delete Downloaded Windows Update Files in Windows 10 ”

Windows Update log files

The following table describes the log files created by Windows Update.

Log file Location Description When to use
windowsupdate.log C:\Windows\Logs\WindowsUpdate Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs. If you receive an error message when you run Windows Update, you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.
UpdateSessionOrchestration.etl C:\ProgramData\USOShared\Logs Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these .etl files. When you see that the updates are available but download is not getting triggered.
When Updates are downloaded but installation is not triggered.
When Updates are installed but reboot is not triggered.
NotificationUxBroker.etl C:\ProgramData\USOShared\Logs Starting Windows 10, the notification toast or the banner is triggered by NotificationUxBroker.exe. When you want to check whether the notification was triggered or not.
CBS.log %systemroot%\Logs\CBS This log provides insight on the update installation part in the servicing stack. To troubleshoot the issues related to Windows Update installation.

Generating WindowsUpdate.log

To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see Get-WindowsUpdateLog.

When you run the Get-WindowsUpdateLog cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpdate.log unless you run Get-WindowsUpdateLog again.

Windows Update log components

The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file:

  • AGENT- Windows Update agent
  • AU — Automatic Updates is performing this task
  • AUCLNT- Interaction between AU and the logged-on user
  • CDM- Device Manager
  • CMPRESS- Compression agent
  • COMAPI- Windows Update API
  • DRIVER- Device driver information
  • DTASTOR- Handles database transactions
  • EEHNDLER- Expression handler that’s used to evaluate update applicability
  • HANDLER- Manages the update installers
  • MISC- General service information
  • OFFLSNC- Detects available updates without network connection
  • PARSER- Parses expression information
  • PT- Synchronizes updates information to the local datastore
  • REPORT- Collects reporting information
  • SERVICE- Startup/shutdown of the Automatic Updates service
  • SETUP- Installs new versions of the Windows Update client when it is available
  • SHUTDWN- Install at shutdown feature
  • WUREDIR- The Windows Update redirector files
  • WUWEB- The Windows Update ActiveX control
  • ProtocolTalker — Client-server sync
  • DownloadManager — Creates and monitors payload downloads
  • Handler, Setup — Installer handlers (CBS, and so on)
  • EEHandler — Evaluating update applicability rules
  • DataStore — Caching update data locally
  • IdleTimer — Tracking active calls, stopping a service

Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don’t filter to exclude irrelevant components so that you can focus on what’s important.

Windows Update log structure

The Windows update log structure is separated into four main identities:

  • Time Stamps
  • Process ID and Thread ID
  • Component Name
  • Update Identifiers
    • Update ID and Revision Number
    • Revision ID
    • Local ID
    • Inconsistent terminology

The WindowsUpdate.log structure is discussed in the following sections.

Time stamps

The time stamp indicates the time at which the logging occurs.

  • Messages are usually in chronological order, but there may be exceptions.
  • A pause during a sync can indicate a network problem, even if the scan succeeds.
  • A long pause near the end of a scan can indicate a supersedence chain issue.

Process ID and thread ID

The Process IDs and Thread IDs are random, and they can vary from log to log and even from service session to service session within the same log.

  • The first four hex digits are the process ID.
  • The next four hex digits are the thread ID.
  • Each component, such as the USO, Windows Update engine, COM API callers, and Windows Update installer handlers, has its own process ID.

Component name

Search for and identify the components that are associated with the IDs. Different parts of the Windows Update engine have different component names. Some of them are as follows:

  • ProtocolTalker — Client-server sync
  • DownloadManager — Creates and monitors payload downloads
  • Handler, Setup — Installer handlers (CBS, etc.)
  • EEHandler — Evaluating update applicability rules
  • DataStore — Caching update data locally
  • IdleTimer — Tracking active calls, stopping service

Update identifiers

Update ID and revision number

There are different identifiers for the same update in different contexts. It’s important to know the identifier schemes.

  • Update ID: A GUID (indicated in the previous screenshot) that’s assigned to a given update at publication time
  • Revision number: A number incremented every time that a given update (that has a given update ID) is modified and republished on a service
  • Revision numbers are reused from one update to another (not a unique identifier).
  • The update ID and revision number are often shown together as «.revision.»
Revision ID
  • A Revision ID (don’t confuse this value with «revision number») is a serial number that’s issued when an update is initially published or revised on a given service.
  • An existing update that’s revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that is not related to the previous ID.
  • Revision IDs are unique on a given update source, but not across multiple sources.
  • The same update revision might have different revision IDs on Windows Update and WSUS.
  • The same revision ID might represent different updates on Windows Update and WSUS.
Local ID
  • Local ID is a serial number issued when an update is received from a service by a given Windows Update client
  • Typically seen in debug logs, especially involving the local cache for update info (Datastore)
  • Different client PCs will assign different Local IDs to the same update
  • You can find the local IDs that a client is using by getting the client’s %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file
Inconsistent terminology

Sometimes the logs use terms inconsistently. For example, the InstalledNonLeafUpdateIDs list actually contains revision IDs, not update IDs.

Recognize IDs by form and context:

  • GUIDs are update IDs
  • Small integers that appear alongside an update ID are revision numbers
  • Large integers are typically revision IDs
  • Small integers (especially in Datastore) can be local IDs

Windows Setup log files analysis using SetupDiag tool

SetupDiag is a diagnostic tool that can be used for analysis of logs related to installation of Windows Updates. For detailed information, see SetupDiag.

Windows update file locations

This forum is closed. Thank you for your contributions.

Answered by:

Question

Apologies if this isn’t posted in the correct forum.

I was wondering if anyone knew where the Windows Update files are located in Vista?

They seem to be hidden away pretty good compared to XP/2003 which simply sat in the «Windows» dir.

Answers

Windows Update files are located in windows\SoftwareDistribution\Download folder

while updates are installing their file attributes is set hidden and system you must show hidden and protected files

some updates is removed from this folder

All replies

Windows Vista hides update files so that offline updates can’t be re-used for non genuine copies of Windows Vista.

I think you may have misunderstood.

In previous versions of Windows, when you ran windows update, it backed up files created hidden dir’s in the Windows dir such as » $ NtUninstallKB12345$ » etc. These folders contained rollback information and files incase you wanted to undo the changes that the hotfix applied.

So I need the Vista equivalent location of these rollback files simply so I can delete them and recover some space on the system partition.

Infuriated_Germ wrote:

I think you may have misunderstood.

I told you they hide it. So I know it does exist some where!

Delete Downloaded Windows Update Files in Windows 10

How to Delete Downloaded Windows Update Files in Windows 10

If you are running into issues with Updates, you can try to delete downloaded Windows Update files. When an update package is damaged or fails to install, Windows 10 may keep the corrupted file on the drive, so it will further cause issues with updates. Here is how to delete the downloaded Windows Update files that Windows 10 doesn’t delete itself.

Windows 10 checks for updates automatically unless you disable this feature manually. The operating system comes with the Windows Update service, which automatically downloads and installs the updates from Microsoft. The downloaded update files are stored on your system drive in the C:\Windows folder.

There are certain reasons for having corrupted Windows Update files. It can be an improper shutdown, OS crash, power failure, or something gone wrong with your Registry. After that, Windows Update may fail to do its job properly. The OS may fail to check for updates, or fail to install them. Sometimes, the Windows Update page in Settings cannot be opened!

To fix most of the Windows Update issues in Windows 10, usually it is enough to run the built-in Windows Update troubleshooter.

Run the built-in Windows Update troubleshooter.

  1. Open the Start menu and type: troubleshooting and press Enter.
  2. Click «Windows Update».
  3. Click «Run as administrator» in the Troubleshooter’s dialog and complete the Windows Update troubleshooter. See if Windows Update works properly.

When you run into issues though with updates, you may spend hours or even days figuring out what is going wrong. In such case, you can try to delete downloaded Windows Update files to start over. The SoftwareDistribution folder contains files related to updates obtained via Windows Update, it is present on all versions of Windows. It could have a couple of hundreds megabytes of size. But if this folder is much larger, this indicates that some updates are corrupted.

To Delete Downloaded Windows Update Files in Windows 10,

  1. Press Win + R on the keyboard and type services.msc in the Run box.
  2. Stop the service named Windows Update.
  3. Open File Explorer .
  4. Go to C:\WINDOWS\SoftwareDistribution\Download. Copy-paste this path to the explorer’s address bar.
  5. Select all files of the folder(press the Ctrl-A keys).
  6. Press the Delete key on the keyboard.
  7. Windows may request for administrator privileges to delete those files. Turn on the option «Do this for all current items» in the dialog and click on Continue.

Restart Windows 10 and check for updates. See if this fixed your issues.

Alternatively, you can create a batch file to automate the process.

Delete Downloaded Windows Update Files with a Batch File

  1. Open Notepad.
  2. Paste the following text:
    net stop wuauserv
    cd /d %SystemRoot%\SoftwareDistribution
    del /s /q /f Download
    net start wuauserv
  3. Save it to a file with a *.cmd extension. You can place it on the Desktop.
  4. Right-click the file you have created and start it as Administrator from the context menu.

You are done. Now restart the PC and check for available updates.

Here’s how does it work

The command net stop wuauserv stops the Windows Update service. Next, the cd command switches the current folder to C:\Windows\SoftwareDistribution. The del command erases the contents of the Download folder and its subfolders. Finally, the last command, net start wuauserv , starts the Windows Update service again.

To save your time, you can download this ready-to-use batch file.

Articles of interest:

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

Share this post

About Sergey Tkachenko

Sergey Tkachenko is a software developer from Russia who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

5 thoughts on “ Delete Downloaded Windows Update Files in Windows 10 ”

i haven’t noticed this before but Also disk clean-up has an option to delete update files also,

AFAIK it cleans up WinSxS instead.

Hi Sergey, Is any chance to fix loop booting PC after Windows OS updates without reinstalling OS ?

Читайте также:  Как соединить два компьютера между собой через сетевой кабель linux
Оцените статью
© 2024 Советы по настройке компьютера