Comments (22)
undergroundwires
commented on June 11, 2024
1
Something like this:
However, I'm not sure if this will require higher privileges, I'd be happy know if you could test it @marcello-pietrobon and see if it can delete the data. If it works I will add the fix for the permission issue and this script.
The code (run in elevated cmd.exe):
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%PROGRAMDATA%\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
1
About
telemetry_switch.ini, we could keep it instead of deleting it, or even configure it but there is zero documentation online.
Separately, as you seem to suggest, the obvious thing would be to analyze if any packet transmissions would change by setting the values to 0:
{"GDPRUser":{},"GDPRDevice":{"873483749870174":0,"47535922458901271":0}}
unfortunately I'm overwhelmed with things to do, so I prefer to leave the question open, hoping too for someone to research this in the future.
from privacy.sexy.
undergroundwires
commented on June 11, 2024
Hi, thank you for the report and context.
I added logic to take ownership of the files temporarily, rename them, then set original ownership.
If you can confirm that this works (run in elevated cmd.exe), I will share it as part of a patch release:
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\DriverStore\FileRepository\NvTelemetry*.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n internal struct TokPriv1Luid {`r`n public int Count;`r`n public long Luid;`r`n public int Attr;`r`n }`r`n internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n internal const int TOKEN_QUERY = 0x00000008;`r`n internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n public static bool AddPrivilege(string privilege) {`r`n try {`r`n bool retVal;`r`n TokPriv1Luid tp;`r`n IntPtr hproc = GetCurrentProcess();`r`n IntPtr htok = IntPtr.Zero;`r`n retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n tp.Count = 1;`r`n tp.Luid = 0;`r`n tp.Attr = SE_PRIVILEGE_ENABLED;`r`n retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n return retVal;`r`n } catch (Exception ex) {`r`n throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n }`r`n }`r`n public static bool RemovePrivilege(string privilege) {`r`n try {`r`n bool retVal;`r`n TokPriv1Luid tp;`r`n IntPtr hproc = GetCurrentProcess();`r`n IntPtr htok = IntPtr.Zero;`r`n retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n tp.Count = 1;`r`n tp.Luid = 0;`r`n tp.Attr = 0; // This line is changed to revoke the privilege`r`n retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n return retVal;`r`n } catch (Exception ex) {`r`n throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n }`r`n }`r`n [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try {; $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch {; Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) {; try {; Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch {; Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) {; try {; Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch {; Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
It definitely works, I've checked and the file has been successfully renamed
Here's the log
Searching for items matching pattern: "C:\WINDOWS\System32\DriverStore\FileRepository\NvTelemetry*.dll".
Iterating files and directories recursively.
Initiating processing of 1 items from "C:\WINDOWS\System32\DriverStore\FileRepository\NvTelemetry*.dll".
Processing file: "C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\NvTelemetry64.dll".
Successfully processed "C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\NvTelemetry64.dll".
Successfully processed 1 items and skipped 0 items.
Press any key to continue . . .
Thanks!
from privacy.sexy.
undergroundwires
commented on June 11, 2024
Meanwhile you have the drivers, would you be willing to see if this file exists on other places? You can go to C:\ on file explorer and search for NvTelemetry.
Based on research on internet I see that this file may exist at:
- Somewhere in
C:\Program Files\WindowsApps - At
C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvTelemetry\ - At
C:\ProgramData\chocolatey\lib\nvidia-geforce-now\tools\GeforceNOW\CEF\NvTelemetry C:\Windows\NvTelemetryContainerRecovery.batC:\ProgramData\NVIDIA Corporation\NvTelemetry(may contain log files such asnvtelemetry.logandtelemetry_switch.ini)C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry(may containtelemetry_switch.iniand telemetry logs)C:\Users\%username%\AppData\Local\NVIDIA Corporation\C:\Program Files\NVIDIA Corporation\NvTelemetry\C:\Program Files (x86)\NVIDIA Corporation\NvTelemetryC:\DRIVERS\ONLINE\NV_GFE\NvTelemetryC:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem
It would be interesting to see if you have these folders and what files they contain. Or just results from search in C:\.
I think the bug is resolved, and I can understand if you do not have time for this, but it would be highly valuable for community to this research so we can make the script more effective.
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
Sure. I searched a bit.
Many of the directories listed do not exist on my PC. Also I am not upgrading NVidia drivers since many many years.
The only instance of NvTelemetry on my PC is
C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\NvTelemetry64.dll.OLD
I looked a bit into what could I find related to telemetry. There's a 'C:\Program Files\NVIDIA Corporation\Installer2' with some 'juicy' :) stuff
C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3E138742-922F-4D54-9B9B-68388AD0136D}\
03/24/2018 02:13 AM 6,012 NvTelemetry.nvi
04/06/2018 12:16 AM 3,410 NvTelemetry.NVX
03/24/2018 02:13 AM 829,376 NvTelemetryExt.dll
"c:\Program Files\NVIDIA Corporation\Installer2\NvTelemetryContainer.{E4BFAF5E-3CE2-4BEE-AFE9-DE6FC850FF03}"
03/24/2018 02:13 AM 5,378 NvTelemetryContainer.nvi
04/06/2018 12:16 AM 3,020 NvTelemetryContainer.NVX
"c:\Program Files\NVIDIA Corporation\Installer2\NvContainer.ContainerTelemetryApiHelper.{8A223F34-5FDD-441E-B78E-BCBBE4AA25C3}"
03/24/2018 02:13 AM 2,716 NvContainerTelemetryApi.nvi
04/06/2018 12:16 AM 2,207 NvContainerTelemetryApi.NVX
"c:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{50B1E447-BF91-42EC-8BE5-FA7BCACCC5E7}"
03/24/2018 02:13 AM 105,814 GFExperience.nvi
04/06/2018 12:17 AM 47,261 GFExperience.NVX
03/24/2018 02:13 AM 1,229,760 GFExperienceExt.dll
"c:\Program Files\NVIDIA Corporation\Installer2\GFExperience.NvStreamSrv.{B40EF9E3-E461-41EA-91F7-842254ED44EA}"
03/24/2018 02:13 AM 60,190 GFExperience.NvStreamSrv.nvi
04/06/2018 12:16 AM 27,919 GFExperience.NvStreamSrv.NVX
03/24/2018 02:13 AM 875,968 NvStreamSrvExt.dll
then we have
"c:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj"
08/08/2023 12:55 AM 50,196 AppxBlockMap.xml
08/08/2023 12:55 AM 2,999 AppxManifest.xml
08/08/2023 12:55 AM <DIR> AppxMetadata
08/08/2023 12:55 AM 11,991 AppxSignature.p7x
08/08/2023 12:55 AM <DIR> Assets
08/08/2023 12:55 AM 8,398 EULA.txt
08/08/2023 12:55 AM 14,122,024 nvcplui.exe
08/08/2023 12:55 AM 10,979,896 nvcpluir.dll
08/08/2023 12:55 AM 3,660,328 NvGpuUtilization.exe
08/08/2023 12:55 AM 1,020,728 nvImage.dll
08/08/2023 12:55 AM 1,104,240 NvStereoUtilityOGL.exe
08/08/2023 12:55 AM 2,751,288 NvStTest.exe
08/08/2023 12:55 AM 4,401,464 NvStView.exe
08/08/2023 12:55 AM 442,680 NvStWiz.exe
08/08/2023 12:55 AM 5,000 resources.pri
and other dirs, but the only maybe interesting one is:
"c:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry"
08/08/2023 11:13 AM <DIR> feedbacks
01/10/2024 02:39 AM 77,824 events.dat
01/10/2024 12:34 PM 32,768 events.dat-shm
01/10/2024 12:34 PM 4,152 events.dat-wal
01/10/2024 12:34 PM 2,458 NvTelemetry.log
01/10/2024 02:39 AM 3,248 NvTelemetry.log.bak
01/10/2024 12:34 PM 72 telemetry_switch.ini
Here's the content of NvTelemetry.log
2024-01-10T12:34:32.518+0100 00000414 [I]: Running NvTelemetry version 14.3.60.0
2024-01-10T12:34:32.518+0100 00000414 [I]: Creating TelemetryManager
2024-01-10T12:34:32.518+0100 00000414 [I]: Initializing database
2024-01-10T12:34:32.521+0100 00000414 [I]: Creating NvTelemetry persistency for events.dat
2024-01-10T12:34:32.521+0100 00000414 [I]: Creating/checking database schema
2024-01-10T12:34:32.526+0100 00000414 [I]: Creating TelemetryFilter
2024-01-10T12:34:32.526+0100 00000414 [I]: Loading Telemetry filter state
2024-01-10T12:34:32.531+0100 00000414 [I]: Set device telemetry consent for clientId=873483749870174, levelFlags=0x1
2024-01-10T12:34:32.535+0100 00000414 [I]: Saving Telemetry filter state
2024-01-10T12:34:32.535+0100 00000414 [I]: Telemetry consent for clientId=873483749870174 is 1
2024-01-10T12:34:32.536+0100 00000414 [I]: Telemetry consent for clientId=47535922458901271 is 1
2024-01-10T12:34:32.536+0100 00000414 [I]: Creating ExperimentManager
2024-01-10T12:34:32.536+0100 00000414 [I]: Generating deviceId
2024-01-10T12:34:32.976+0100 00000414 [I]: Creating NvTelemetryEventManager
2024-01-10T12:34:32.976+0100 00000414 [I]: Creating FeedbackSender
2024-01-10T12:34:32.993+0100 00000414 [I]: Creating FeedbackManager
2024-01-10T12:34:32.993+0100 00000414 [I]: Picking up old feedbacks
2024-01-10T12:34:32.993+0100 00000414 [I]: Removing orphaned feedbacks
2024-01-10T12:34:32.994+0100 00000414 [I]: Queueing completed feedbacks
2024-01-10T12:34:32.994+0100 00000414 [I]: Creating StatisticsSender
2024-01-10T12:34:32.994+0100 00000414 [I]: TelemetryManager created.
2024-01-10T12:34:32.994+0100 00000414 [I]: DeviceId: 7571963dcbdef4bf9c72adf5092f4ca43bfd427cac5e4be3c0e6cb4d68c77a13
2024-01-10T12:34:33.018+0100 00000414 [I]: Log level: 3
2024-01-10T12:34:33.018+0100 00000414 [I]: Events endpoint: https://events.gfe.nvidia.com/v1.0/events/json
2024-01-10T12:34:33.018+0100 00000414 [I]: GPU activation endpoint: https://activation.gfe.nvidia.com/v1.0/events/json
2024-01-10T12:34:33.018+0100 00000414 [I]: Feedbacks endpoint: https://telemetry.gfe.nvidia.com/gfc/v2.0/head
2024-01-10T12:34:33.019+0100 00000414 [I]: Feedback attachments endpoint: https://telemetry.gfe.nvidia.com/gfc/v2.0/attachment
2024-01-10T12:34:33.019+0100 00000414 [I]: Set device telemetry consent for clientId=47535922458901271, levelFlags=0x1
2024-01-10T12:34:33.019+0100 00000414 [I]: Saving Telemetry filter state
and the content of telemetry_switch.ini
{"GDPRUser":{},"GDPRDevice":{"873483749870174":1,"47535922458901271":1}}
but I don't know if this may be useful. Please let me know if you need more info,
from privacy.sexy.
undergroundwires
commented on June 11, 2024
I do not have windows machine at this moment, so thank you for the results, very useful. I will add the fix for this in a patch, and we should probably add cleaning C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\ directory as well, I'm open to feedback.
Keep:
C:\Program Files\NVIDIA Corporation\Installer2directory. Cleaning seems to cause issues.C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel*\: No telemetry related stuff found based on our current knowledge.
Delete:
Delete local telemetry logs: Delete contents of directory C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\* as you highlighted. We can add this on Privacy clean-up and recommend it on Standard.
About telemetry_switch.ini, we could keep it instead of deleting it, or even configure it but there is zero documentation online. No one researched this before, maybe someone in our community can one day. We don't know yet what we should add in GDPRUser and where these GDPRDevice IDs are coming from.
It seems to be safe to delete it. Based on the logs shared here this file is called "telemetry filter state" and recreated when its missing. And NVIDIA is forced to follow local regulations so it would create the data properly. Logs:
Loading Telemetry filter state 2019-04-23T19:39:40.424+0300 000009c8 [E]: Loading telemetry filter state failed: Failed to open json file C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\telemetry_switch.ini at [c:\dvs\p4\build\sw\gcomp\rel\src\nvtelemetry\common\rapidjson.cpp:81]
2019-04-23T19:39:40.425+0300 000009c8 : Loading Telemetry filter state (legacy format)
2019-04-23T19:39:40.425+0300 000009c8 : Saving Telemetry filter state
2019-04-23T19:39:40.431+0300 000009c8 : Set device telemetry consent for clientId=128903745644320, levelFlags=0x1
2019-04-23T19:39:40.431+0300 000009c8 : Saving Telemetry filter state
2019-04-23T19:39:40.436+0300 000009c8 : Telemetry consent for clientId=128903745644320 is 1TLDR; Add deleting contents of directory C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\* in "Privacy Cleanup" and recommend it on standard. Would you agree?
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
Add deleting contents of directory
C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\*in "Privacy Cleanup" and recommend it on standard. Would you agree?
I cannot tell as usually I'm quite careful before deleting stuff, but in this case, as you are probably very used to analyze this sort of things, I would trust your judgement more than mine. Sorry for not being useful on this.
However, I'm not sure if this will require higher privileges, I'd be happy know if you could test it @marcello-pietrobon and see if it can delete the data. If it works I will add the fix for the permission issue and this script.
The code (run in elevated
cmd.exe):
I tried the code as is, it worked and didn't require elevation, here's the output:
Searching for items matching pattern: "C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\*".
Iterating files and directories recursively.
Initiating processing of 5 items from "C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\*".
Successfully deleted: C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\telemetry_switch.ini
Successfully deleted: C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\NvTelemetry.log.bak
Successfully deleted: C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\NvTelemetry.log
Successfully deleted: C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\events.dat
Successfully deleted: C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\feedbacks
Successfully deleted 5 items.
Press any key to continue . . .
and in fact the directory now appears perfectly empty. :)
I think I'll run this script every 10 minutes or so. I'll let you know if I'll experience any problem, but for the moment all is good.
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
I'm going to add info about nvidia drivers if it happens to find something new.
I hope not to get unnecessary attention with this.
With SimpleWall (installed today) just warned me that NVDisplay.Container.exe wants to connect to internet.
C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe
Microsoft Windows Hardware Compatibility Publisher
tcp://152.199.20.80
443 (https)
Here's the instances I've found on my PC of this program or related
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Program Files (x86)\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-1765A257.pf
C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe
Looking around I found this
EIS Firewall keeps asking for permission for Nvidia Display Container - ESET Internet Security & ESET Smart Security Premium - ESET Security Forum
where they state:
"
The only complete way to disable all nVidia telemetry is given in this article: Disable Nvidia Telemetry tracking on Windows - gHacks Tech News and it doesn't work anymore.
The only way to disable nvidia telemetry now is to delete the nvtelemetry.dll
"
I don't have nvtelemetry.dll on my PC.
I'm attaching a txt file with the list of nvidia files in the c:\Windows\System32\DriverStore\FileRepository\ directory (easily readable by the total commander's plugin 'DiskDirExtended')
DriverStore-FileRepository-nv.dskdir.txt
I don't know it it helps.
from privacy.sexy.
d3cim
commented on June 11, 2024
Solved just like this, deleting the .dll files prevent running and connecting to the internet. Also I noticed that the files doesn't reappear after days.
Didn't tested after a driver update yet.
from privacy.sexy.
undergroundwires
commented on June 11, 2024
Deleting NVDisplay.Container would break some driver functionality.
Fortunately it calls bunch of DLLs to do handle telemetry, so we target the DLLs.
@marcello-pietrobon verifies that deleting NvTelemetry64.dll is not solving this compeltely.
One new DLL that community reports (u/m_w_h/ on reddit) is NvGSTPlugin DLLs.
You do not seem to have them though. @d3cim do you have it?
%WINDIR%\System32\DriverStore\FileRepository\nv[INFNAMEHERE].inf_amd64_[UNIQUEVALUEHERE]\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll
from privacy.sexy.
d3cim
commented on June 11, 2024
You do not seem to have them though. @d3cim do you have it?
%WINDIR%\System32\DriverStore\FileRepository\nv[INFNAMEHERE].inf_amd64_[UNIQUEVALUEHERE]\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll
I have it, just checked, it would be nice target all of these bad .dll and delete them I think
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
You do not seem to have them though. @d3cim do you have it?
%WINDIR%\System32\DriverStore\FileRepository\nv[INFNAMEHERE].inf_amd64_[UNIQUEVALUEHERE]\Display.NvContainer\plugins\Session\_NvGSTPlugin.dllI have it, just checked, it would be nice target all of these bad .dll and delete them I think
Same with me, I have it. It would nice to remove it.
from privacy.sexy.
undergroundwires
commented on June 11, 2024
Thank you @marcello-pietrobon and @d3cim. I added the script and I'd be happy if you can verify if they work as they have limited permissions now. I also did some extensive research, I share the docs/finding at the end of this post.
I added scripts without adding extra privileges. I wonder if they require more privileges to do the job fine or not? I think it's good that the scripts do not use extra privileges when not needed as security best-practice. Could you test this and see if it reports any permission errors? (Any red/Yellow text output)
@echo off
:: https://privacy.sexy — v0.12.9 — Sat, 20 Jan 2024 12:45:07 GMT
:: Ensure admin privileges
fltmc >nul 2>&1 || (
echo Administrator privileges are required.
PowerShell Start -Verb RunAs '%0' 2> nul || (
echo Right-click on the script and select "Run as administrator".
pause & exit 1
)
exit 0
)
:: Initialize environment
setlocal EnableExtensions DisableDelayedExpansion
:: ----------------------------------------------------------
:: ------------------Clear NVIDIA telemetry------------------
:: ----------------------------------------------------------
echo --- Clear NVIDIA telemetry
:: Clear directory contents : "%PROGRAMDATA%\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%PROGRAMDATA%\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Clear directory contents : "%PROGRAMDATA%\NVIDIA Corporation\NvTelemetry"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%PROGRAMDATA%\NVIDIA Corporation\NvTelemetry'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: ----------------------------------------------------------
:: ----------------------------------------------------------
:: -----------Clear NVIDIA GeForce Experience logs-----------
:: ----------------------------------------------------------
echo --- Clear NVIDIA GeForce Experience logs
:: Delete NVIDIA GeForce Experience logs in: "%LOCALAPPDATA%\NVIDIA Corporation\NVIDIA GeForce Experience"
:: Delete files matching pattern: "%LOCALAPPDATA%\NVIDIA Corporation\NVIDIA GeForce Experience\*.log"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\NVIDIA Corporation\NVIDIA GeForce Experience\*.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Delete files matching pattern: "%LOCALAPPDATA%\NVIDIA Corporation\NVIDIA GeForce Experience\*.bak"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\NVIDIA Corporation\NVIDIA GeForce Experience\*.bak"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Delete NVIDIA GeForce Experience logs in: "%LOCALAPPDATA%\NVIDIA Corporation\NvNode"
:: Delete files matching pattern: "%LOCALAPPDATA%\NVIDIA Corporation\NvNode\*.log"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\NVIDIA Corporation\NvNode\*.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Delete files matching pattern: "%LOCALAPPDATA%\NVIDIA Corporation\NvNode\*.bak"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\NVIDIA Corporation\NvNode\*.bak"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Delete NVIDIA GeForce Experience logs in: "%LOCALAPPDATA%\NVIDIA\NvBackend"
:: Delete files matching pattern: "%LOCALAPPDATA%\NVIDIA\NvBackend\*.log"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\NVIDIA\NvBackend\*.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Delete files matching pattern: "%LOCALAPPDATA%\NVIDIA\NvBackend\*.bak"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%LOCALAPPDATA%\NVIDIA\NvBackend\*.bak"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Delete NVIDIA GeForce Experience logs in: "%PROGRAMDATA%\NVIDIA Corporation\NvTelemetry"
:: Delete files matching pattern: "%PROGRAMDATA%\NVIDIA Corporation\NvTelemetry\*.log"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMDATA%\NVIDIA Corporation\NvTelemetry\*.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Delete files matching pattern: "%PROGRAMDATA%\NVIDIA Corporation\NvTelemetry\*.bak"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMDATA%\NVIDIA Corporation\NvTelemetry\*.bak"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Delete NVIDIA GeForce Experience logs in: "%PROGRAMDATA%\NVIDIA"
:: Delete files matching pattern: "%PROGRAMDATA%\NVIDIA\*.log"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMDATA%\NVIDIA\*.log"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: Delete files matching pattern: "%PROGRAMDATA%\NVIDIA\*.bak"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMDATA%\NVIDIA\*.bak"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $skippedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping, the path is not a file but a folder: $($path)."^""; $skippedCount++; continue; }; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; if ($skippedCount -gt 0) {; Write-Host "^""Skipped $($skippedCount) items."^""; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
:: ----------------------------------------------------------
:: ----------------------------------------------------------
:: --------Disable NVIDIA monitoring data collection---------
:: ----------------------------------------------------------
echo --- Disable NVIDIA monitoring data collection
:: Soft delete files matching pattern : "%PROGRAMFILES%\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_DisplayDriverRAS"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMFILES%\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_DisplayDriverRAS"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }"
:: Soft delete files matching pattern : "%PROGRAMFILES%\Program Files\NVIDIA Corporation\DisplayDriverRAS\_DisplayDriverRAS"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%PROGRAMFILES%\Program Files\NVIDIA Corporation\DisplayDriverRAS\_DisplayDriverRAS"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }"
:: ----------------------------------------------------------
:: ----------------------------------------------------------
:: ----------Disable NVIDIA game session telemetry-----------
:: ----------------------------------------------------------
echo --- Disable NVIDIA game session telemetry
:: Soft delete files matching pattern : "%WINDIR%\System32\DriverStore\FileRepository\*\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%WINDIR%\System32\DriverStore\FileRepository\*\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }"
:: ----------------------------------------------------------
:: Pause the script to view the final state
pause
:: Restore previous environment settings
endlocal
:: Exit the script successfully
exit /b 0These operations are safe and does not affect driver functionality, the last two are reversible, see documentation for below.
Documentation (work in progress)
(Btw I've also renamed Nvidia to NVIDIA which seems to be the official brand casing)
from privacy.sexy.
d3cim
commented on June 11, 2024
The output is this, splitted in two captures:
The WARNING says it can't delete the files because they are used in another process or it can't access to them.
The last "red" script ends in access denied instead.
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
I could finally test this
I didn't run it as admin, but it asked for admin elevation,
then it automatically opens a command window where the output is the same, and with the same colors, as for d3cim ( I didn't know he was Italian too :) ):
--- Clear NVIDIA telemetry
Searching for items matching pattern: "C:\ProgramData\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry\*".
Iterating files and directories recursively.
Skipping, no items available.
Searching for items matching pattern: "C:\ProgramData\NVIDIA Corporation\NvTelemetry\*".
Iterating files and directories recursively.
Skipping, no items available.
--- Clear NVIDIA GeForce Experience logs
Searching for items matching pattern: "C:\Users\giogio\AppData\Local\NVIDIA Corporation\NVIDIA GeForce Experience\*.log".
Skipping, no items available.
Searching for items matching pattern: "C:\Users\giogio\AppData\Local\NVIDIA Corporation\NVIDIA GeForce Experience\*.bak".
Skipping, no items available.
Searching for items matching pattern: "C:\Users\giogio\AppData\Local\NVIDIA Corporation\NvNode\*.log".
Initiating processing of 1 items from "C:\Users\giogio\AppData\Local\NVIDIA Corporation\NvNode\*.log".
Successfully deleted: C:\Users\giogio\AppData\Local\NVIDIA Corporation\NvNode\launcher.log
Successfully deleted 1 items.
Searching for items matching pattern: "C:\Users\giogio\AppData\Local\NVIDIA Corporation\NvNode\*.bak".
Initiating processing of 1 items from "C:\Users\giogio\AppData\Local\NVIDIA Corporation\NvNode\*.bak".
Successfully deleted: C:\Users\giogio\AppData\Local\NVIDIA Corporation\NvNode\launcher.log.bak
Successfully deleted 1 items.
Searching for items matching pattern: "C:\Users\giogio\AppData\Local\NVIDIA\NvBackend\*.log".
Skipping, no items available.
Searching for items matching pattern: "C:\Users\giogio\AppData\Local\NVIDIA\NvBackend\*.bak".
Skipping, no items available.
Searching for items matching pattern: "C:\ProgramData\NVIDIA Corporation\NvTelemetry\*.log".
Skipping, no items available.
Searching for items matching pattern: "C:\ProgramData\NVIDIA Corporation\NvTelemetry\*.bak".
Skipping, no items available.
Searching for items matching pattern: "C:\ProgramData\NVIDIA\*.log".
Initiating processing of 7 items from "C:\ProgramData\NVIDIA\*.log".
WARNING: Unable to delete C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log: Cannot remove item
C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log: The process cannot access the file
'C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log' because it is being used by another process.
WARNING: Unable to delete C:\ProgramData\NVIDIA\NVDisplayContainerWatchdog.log: Cannot remove item
C:\ProgramData\NVIDIA\NVDisplayContainerWatchdog.log: The process cannot access the file
'C:\ProgramData\NVIDIA\NVDisplayContainerWatchdog.log' because it is being used by another process.
WARNING: Unable to delete C:\ProgramData\NVIDIA\DisplaySessionContainer1.log: Cannot remove item
C:\ProgramData\NVIDIA\DisplaySessionContainer1.log: The process cannot access the file
'C:\ProgramData\NVIDIA\DisplaySessionContainer1.log' because it is being used by another process.
Successfully deleted: C:\ProgramData\NVIDIA\DisplaySessionContainer4.log
Successfully deleted: C:\ProgramData\NVIDIA\DisplaySessionContainer2.log
Successfully deleted: C:\ProgramData\NVIDIA\DisplaySessionContainer3.log
Successfully deleted: C:\ProgramData\NVIDIA\NvcDispCorePlugin.log
Successfully deleted 4 items.
WARNING: Failed to delete 3 items.
Searching for items matching pattern: "C:\ProgramData\NVIDIA\*.bak".
Skipping, no items available.
--- Disable NVIDIA monitoring data collection
Searching for items matching pattern: "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_DisplayDriverRAS".
Skipping, no items available.
Searching for items matching pattern: "C:\Program Files\Program Files\NVIDIA Corporation\DisplayDriverRAS\_DisplayDriverRAS".
Skipping, no items available.
--- Disable NVIDIA game session telemetry
Searching for items matching pattern: "C:\WINDOWS\System32\DriverStore\FileRepository\*\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll".
Initiating processing of 1 items from "C:\WINDOWS\System32\DriverStore\FileRepository\*\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll".
Processing file: "C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll".
$pathGlobPattern = "C:\WINDOWS\System32\DriverStore\FileRepository\*\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll"; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "Searching
for items matching pattern: `"$($expandedPath)`"."; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop |
Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; };
$foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "Initiating
processing of $($foundAbsolutePaths.Count) items from `"$expandedPath`"."; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "Skipping folder (not its contents): `"$path`".";
$skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "Skipping non-backup file: `"$path`"."; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host
"Skipping backup file: `"$path`"."; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "Processing file: `"$originalFilePath`"."; if (-Not (Test-Path $originalFilePath)) {; Write-Host "Skipping, file
`"$originalFilePath`" not found."; $skippedCount++; exit 0; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "$($originalFilePath).OLD"; }; try {;
Move-Item -LiteralPath "$($originalFilePath)" -Destination "$newFilePath" -Force -ErrorAction Stop; Write-Host "Successfully processed `"$originalFilePath`"."; $renamedCount++; } catch {; Write-Error "Failed to rename
`"$originalFilePath`" to `"$newFilePath`": $($_.Exception.Message)"; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "Successfully processed $renamedCount items and skipped $skippedCount
items."; }; if ($failedCount -gt 0) {; Write-Warning "Failed to processed $($failedCount) items."; } : Failed to rename
"C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll" to
"C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\Session\_NvGSTPlugin.dll.OLD": Access to the path is denied.
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException
WARNING: Failed to processed 1 items.
Press any key to continue . . .
Here if I run it again as admin, maybe it's more clear
Is this script trying to stop the NVDisplay.Container service as deemed necessary in the link you gave us (u/m_w_h/ on reddit) ?
from privacy.sexy.
undergroundwires
commented on June 11, 2024
Thank you for the reports ❤️
No its not touching NVDisplay.Container. It's just getting rid of _NvGSTPlugin.dll which is called Display Driver NvTelemetry Plugin for NVIDIA Container. These do not touch anything that may break functionality such as NVDisplay.Container but just target telemetry parts, non-intrusive to driver functionality. They're safe to delete. This is easy to fix, same problem as you initially reported @marcello-pietrobon, we just need to change file permissions temporarily, I'll fix it.
But we cannot seem to get rid of the local telemetry data and logs (the first yellow errors). One of the NVIDIA processes is blocking it. One option to try killing NVDisplay.Container deleting the files and restarting it (if it was initially running). Other other option to make these files "unwriteable" i.e. removing write access so no more future data can be written. I'll prioritize some other stuff for now, but if someone is interested in experimenting, I can add log deletion if you figure this out.
You both are missing files regarding DisplayDriverRAS so maybe this is excluded from the newer driver installations. I'll keep the code as it is.
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
But we cannot seem to get rid of the local telemetry data and logs (the first yellow errors). One of the NVIDIA processes is blocking it. One option to try killing
NVDisplay.Containerdeleting
I was referring to the post m_w_h (u_m_w_h/ on reddit) at 2023- 03-02 12:52:30 PM, but I don't know how to get the link to that exact place. So only temporarily stopping the NVDisplay.Container service in order to remove the _NvGSTPlugin.dll
I take a picture of it
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
You both are missing files regarding
DisplayDriverRASso maybe this is excluded from the newer driver installations. I'll keep the code as it is.
I had DisplayDriverRAS before it got deleted by the previous Privacy.sexy script you suggested me, this one (2024-01-11 1:40 PM GMT):
The code (run in elevated
cmd.exe):PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%PROGRAMDATA%\NVIDIA Corporation\DisplayDriverRAS\NvTelemetry'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch {; $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) {; Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
That directory is now empty on my side, it wasn't at all before, as it can be seen in the lists two posts above that.
Instead the file
c:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\LocalSystem\_DisplayDriverRAS.dll
is still there... but maybe we decided not to remove it... I'm getting a little lost here between what needs to be removed and what not.
from privacy.sexy.
undergroundwires
commented on June 11, 2024
I have local list of files to delete. I push the code here so you can see follow we have the in the list and follow the latest progress.
Disabling RAS:
RAS, we want to get rid of. I did know about existence of C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\LocalSystem\_DisplayDriverRAS.dll, thank you for searching for it. I believe this file requires additional permission for moving it around too as it's located at Windows\System32.
Can you report if this works? Both requires elevated (running as admin) cmd.exe.
- Getting rid of (renaming)
_DisplayDriverRAS.dllwithout additional permissions (if this works, we do not need second try):
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\DriverStore\FileRepository\*\Display.NvContainer\plugins\LocalSystem\_DisplayDriverRAS.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }"- Second try (only try if the above does not work, this does same thing with higher privileges):
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\DriverStore\FileRepository\*\Display.NvContainer\plugins\LocalSystem\_DisplayDriverRAS.dll"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount = 0; $skippedCount = 0; $failedCount = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n internal struct TokPriv1Luid {`r`n public int Count;`r`n public long Luid;`r`n public int Attr;`r`n }`r`n internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n internal const int TOKEN_QUERY = 0x00000008;`r`n internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n public static bool AddPrivilege(string privilege) {`r`n try {`r`n bool retVal;`r`n TokPriv1Luid tp;`r`n IntPtr hproc = GetCurrentProcess();`r`n IntPtr htok = IntPtr.Zero;`r`n retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n tp.Count = 1;`r`n tp.Luid = 0;`r`n tp.Attr = SE_PRIVILEGE_ENABLED;`r`n retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n return retVal;`r`n } catch (Exception ex) {`r`n throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n }`r`n }`r`n public static bool RemovePrivilege(string privilege) {`r`n try {`r`n bool retVal;`r`n TokPriv1Luid tp;`r`n IntPtr hproc = GetCurrentProcess();`r`n IntPtr htok = IntPtr.Zero;`r`n retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n tp.Count = 1;`r`n tp.Luid = 0;`r`n tp.Attr = 0; // This line is changed to revoke the privilege`r`n retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n return retVal;`r`n } catch (Exception ex) {`r`n throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n }`r`n }`r`n [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) {; if (Test-Path -Path $path -PathType Container) {; Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) {; if (-not $path.EndsWith('.OLD')) {; Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else {; if ($path.EndsWith('.OLD')) {; Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) {; Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try {; $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch {; Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) {; $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else {; $newFilePath = "^""$($originalFilePath).OLD"^""; }; try {; Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) {; try {; Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch {; Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch {; Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) {; try {; Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch {; Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) {; Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) {; Write-Warning "^""Failed to processed $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"- If none of the above works, I will share code for what reddit user is saying (an improved/reliable version of it, privacy.sexy already does "stop service -> do stuff -> start service" pattern in a good way).
New finding: NvContainerTelemetryApi.dll
Btw I heard existence of NvContainerTelemetryApi.dll . Do you have this file somewhere? People report C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll folder but it's unsure what the latest drivers are doing.
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
Great. I ran both as administrator
the first doesn't work
the second does:
from privacy.sexy.
marcello-pietrobon
commented on June 11, 2024
New finding: NvContainerTelemetryApi.dll
Btw I heard existence of
NvContainerTelemetryApi.dll. Do you have this file somewhere? People reportC:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dllfolder but it's unsure what the latest drivers are doing.
I searched, I don't have it. I found it only in a backup drive of an old NVIDIA installation of 2018, version 1.10.2366.3209, with that dll file precisely located in:
GEForce GTX 750ti\NVIDIA_setup_dir\DisplayDriver\391.35\Win8_Win7_64\International\NvContainer\x86\NvContainerTelemetryApi.dll
GEForce GTX 750ti\NVIDIA_setup_dir\DisplayDriver\391.35\Win8_Win7_64\International\NvContainer\x86_64\NvContainerTelemetryApi.dll
I don't know the NVIDIA version I currently have installed (many NVIDIA installed components seems to have a different version). It seems of 2018-03, but the NVIDIA control panel (now disabled) is of version 8.1.940.0 of the 2023-08-08.
Installed and working but not updated since an year I guess.
I still have the two files NvContainerTelemetryApi.nvi and NvContainerTelemetryApi.NVX initially reported in the list above.
from privacy.sexy.
Related Issues (20)
- Am I free to use codes in my projects? HOT 2
- [BUG]: MpTamperPShell.HD marked as trojans with multiple antiviruses. Its in your code... HOT 1
- [BUG]: Wallpaper is no longer cached, and disappears when the original file is deleted HOT 2
- Add Dark Mode to privacy.sexy website HOT 1
- Add an web version install guide HOT 1
- Script suggestion: Block Razer installs HOT 4
- Looking for community feedback: Addressing antivirus false positives for script files on Windows HOT 7
- "Quick access" pins
- AirDrop macOS Sonoma 14.2.1 HOT 3
- To be able to know the enabled state of a feature on the OS HOT 5
- [BUG]: Microsoft Edge still alive after removal HOT 3
- [BUG]: Obsessive notification after disable Windows Defender Firewall HOT 2
- Additional scrtoll bar in window with DPI <> 100% HOT 1
- [BUG]: Just a small bug when you want to change automatic updates to manual updates HOT 4
- Win11: SAC = Smart App Control HOT 6
- [BUG]: Script that breaks calendar in taskbar HOT 1
- [BUG]: XBOX/MICROSOFT LOGIN HOT 5
- Can't open start menu HOT 4
- Remove Ads Article HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privacy.sexy.