Microsoft Now Lets You Bypass Windows 10 Update Blocks

Microsoft has added a new Windows 10 group policy that allows users to bypass safeguard holds placed on devices due to conflicts with hardware or software.

A safeguard hold (also known as a compatibility hold or update block) is when Microsoft prevents devices from being offered a new Windows 10 feature update if there are known compatibility issues with hardware, software, or settings.

Microsoft places these holds to prevent severe problems in Windows 10, such as BSOD crashes, performance issues, devices not working, or general system instability.

When placing devices in a safeguard hold, it can be very frustrating for users as there is usually little information on how to resolve the issue, and users have to wait for Microsoft or a third-party developer to resolve the issue.

In some cases, users can find more detailed information in the Windows 10 Health Dashboard, but there is usually not much a user can do.

In the past, Microsoft has placed safeguard holds on devices with older Intel IGPU and older NVIDIA drivers, Realtek Bluetooth radios, Surface devices, and even older versions of antivirus software.

To determine what safeguard holds are in place on devices, an enterprise admin can use the Update Compliance feature in Azure to see a list of devices under a safeguard hold.

Also Read: How To Secure Your WiFi Camera? 4 Points To Consider

Microsoft adds group policy to bypass holds

With the release of the Windows 10 October 2020 Patch Tuesday updates, Microsoft has added a new Group Policy titled “Disable safeguards for Feature Updates” that allows you to bypass any safeguard holds placed on your device.

This new policy is found under Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business, and when enabled, will bypass safeguard holds.

“Enable this setting when Feature Updates should be deployed to devices without blocking on any safeguard holds. Safeguard holds are known compatibility issues that block the upgrade from being deployed to affected devices until the issue is resolved. Enabling this policy can allow an organization to deploy the Feature Update to devices for testing, or to deploy the Feature Update without blocking on safeguard holds.”

When this policy is enabled, a Registry value will be created under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate called “DisableWUfBSafeguards.” When set to 1, safeguard holds will be bypassed by Windows Update.

For those who wish to enable this feature manually via the Registry, you can use the following Registry file to do so:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
“DisableWUfBSafeguards”=dword:00000001

It should be noted that Windows users and admins should not bypass safeguard holds unless they have thoroughly tested that their device will work with the new feature update.

Also Read: How Singapore Cybersecurity Masterplan 2020 Is Formidable

“Opting out of a safeguard hold can put devices at risk from known performance issues. We strongly recommend that you complete robust testing to ensure the impact is acceptable before opting out,” Microsoft warns in a soon-to-be-published support bulletin seen by BleepingComputer.