How to Stop Windows Update from Installing Driver Updates

Windows Update has the habit of pushing driver updates silently into your system. Sometimes, the drivers offered by Microsoft for your devices may cause problems. It’s always the best idea to only update the drivers directly from the device manufacturer’s site.

Sometimes, we may have to roll back the drivers auto-installed by Windows Update. For example, Realtek drivers pushed out by Windows Update caused problems for some users. So let’s see how to prevent Windows Update from automatically installing device drivers.

Contents

Stop Windows Update from Installing Driver Updates

Method 1: Using the WUShowHide Tool

Step 1: Rollback the Device Driver via Device Manager

First, roll back the driver installed via the Windows Update channel. To roll back the device driver, you have two options. One is to open Device Manager and use the Rollback… option in the device’s properties.

Another option is to perform a System Restore rollback. If Windows doesn’t boot after installing a device driver, see how to perform a System Restore rollback offline via Recovery Options.

To rollback a driver using Device Manager, use these steps:

  1. Right-click Start, click Device Manager
  2. Right-click on the device (Intel or Realtek network adapter), and choose Properties
    device manager driver rollback
    device manager driver rollback
  3. Choose one of the reasons listed under “Why are you rolling back?” and choose Yes to continue.
    device manager driver rollback

If a driver you were offered (and automatically installed) is causing system crashes or instability, you could use the driver rollback method.

Step 2: Block the driver(s) from installing automatically

Should the Windows Update channel repeatedly offer you or install a problematic driver automatically, use the WUShowHide.diagcab tool from Microsoft. This tool blocks a particular driver update from being installed. For more information, check out the Microsoft article How to temporarily prevent a driver update from reinstalling.

You can directly download the WUShowHide.diagcab tool from the following link:

https://download.microsoft.com/download/f/2/2/f22d5fdb-59cd-4275-8c95-1be17bf70b21/wushowhide.diagcab

As a side note, the wushowhide.diagcab tool can also be used for temporarily blocking Windows 10/11 Feature Updates, not just device drivers. This tool works on all editions of Windows, including Home Edition.

wushowhide.diagcab block driver updates
Block undesired driver updates using WUShowHide Diagnostics Tool from Microsoft.

Pros & Cons of this method:

  • Advantage: This method works on any edition of Windows 10/11, including Home Edition.
  • Disadvantage: If Microsoft releases a different driver version (supersede), you may need to redo the above steps to hide/block it for future driver versions. However, setting your internet connection to metered allows you to prevent updates from being installed automatically, giving you ample time to block specific drivers.

Method 2: Using the ExcludeWUDriversInQualityUpdate Policy/GPO

There is a group policy setting named “Do not include drivers with Windows Updates” (registry value “ExcludeWUDriversInQualityUpdate“) that’s supposed to prevent Windows Update from installing driver updates in Windows Professional edition and higher.

To configure this setting in Group Policy, open the following branch in the Group Policy Editor (gpedit.msc):

Computer Configuration → Administrative Templates → Windows Components → Windows Update

On Windows 11, you’ll find the GPO setting in this branch instead:

Computer Configuration → Administrative Templates → Windows Components → Windows Update → Manage updates offered from Windows Update

ExcludeWUDriversInQualityUpdate in windows 11 GPO

Enable the policy “Do not include drivers with Windows Updates” to not include drivers with Windows quality updates. If you disable or do not configure this policy, Windows Update will include updates that have a Driver classification.

Equivalent registry setting:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

Value Name: ExcludeWUDriversInQualityUpdate
Value Type: REG_DWORD
Value Data: 1 (Exclude Windows Update drivers) | Other value or absent: offer Windows Update drivers

Editor’s note: I’ve tested this policy setting on Windows 11 Pro 21H2 (OS Build 22000.194), and it worked perfectly. This should also work on Windows 10 Pro editions (and higher). Note that the registry-based policy had no effect on Windows 11/10 Home Edition.

ExcludeWUDriversInQualityUpdate in windows 11 GPO
BEFORE:: Driver updates listed on WU page in Windows 11

The following screenshot shows that the four driver update packages (Intel, Qualcomm, and Realtek drivers) are now hidden on the Windows Update page.

ExcludeWUDriversInQualityUpdate in windows 11 GPO
AFTER:: Driver updates NOT listed on WU page in Windows 11

The GPO works perfectly!

tips bulb iconHint: If Windows Update doesn’t refresh the listing even after applying the policy setting, press “Pause updates for 1 week” or “Pause updates for 7 days” button. Then, press the “Resume updates” button (this button will show up on the screen after you pause WU). This force refreshes the Windows Update page.

Pros & Cons of this method:

  • Advantage: This method is a one-time procedure to stop WU from serving/installing driver updates. You don’t need to repeat the process for each driver update.
  • Disadvantages: This method requires Windows 10/11 Professional edition or higher. Also, this policy may be ignored when you install a feature update. Feature updates are essentially major upgrades that increment the version of Windows — e.g., 20H2 to 21H2.

You can now install driver updates manually by downloading them from the manufacturer’s website. HP/Dell and OEM computer manufacturers usually include a free bios/driver updater tool.

dell pc-doctor module 100% cpu and memory usage

Installing drivers from the device manufacturer (rather than via WU) is a safer option.


Method 3: Prevent driver installation for a specific device

A group policy setting named “Prevent installation of devices that match these device IDs” specifies a list of Plug and Play hardware IDs and compatible IDs for devices that users can’t install. If you enable this policy setting, users can’t install or update the driver for a device if its hardware ID or compatible ID matches one in this list.

Note: Before proceeding, first, install your preferred version of the driver for the device. Once done, set up an update block/restriction using the method below:

  1. Launch Device Manager.
  2. Double-click on the hardware (e.g., Intel Graphics) in Device Manager.
  3. Select the Details tab, and select “Hardware Ids” in the Property dropdown box.
  4. Select all the hardware Ids and click Copy. (You actually need the 2nd item only.)
    device manager hardware IDs
  5. Let’s say the following are the Hardware Ids listed on that page:
    PCI\VEN_8086&DEV_0412&SUBSYS_05A41028&REV_06
    PCI\VEN_8086&DEV_0412&SUBSYS_05A41028
    PCI\VEN_8086&DEV_0412&CC_030000
    PCI\VEN_8086&DEV_0412&CC_0300

    Pick the 2nd item from the list and copy it to the clipboard.

For instance, the hardware ID of your video card is PCI\VEN_8086&DEV_0412&SUBSYS_05A41028, as determined via Device Manager. You can block driver updates for this card using the GPO or registry.

  1. Next, load the Group Policy Editor (gpedit.msc).
  2. Go to the following branch:
    Computer configuration → Administrative Templates → System → Device Installation → Device Installation Restrictions
  3. Double-click “Prevent installation of devices that match any of these device IDs.”
  4. Select “Enabled”
  5. Click “Show” and paste the hardware ID you copied to the clipboard earlier.
    block device update installation - gpo
  6. Click OK, and click Apply.
  7. Click OK.

That’s it. Driver updates for this hardware are now blocked.



With the restriction in effect, any attempts to install a driver update for this particular hardware will result in the following error:

The installation of this device is forbidden by system policy.

block device update installation - gpo

Important: If the hardware vendor (e.g., Intel) releases a driver update for this hardware and you want to apply it, first, you need to set the above group policy setting to “Not configured.”

Windows 10/11 Home Edition

On Windows 10/11 Home Edition, the group policy editor is unavailable. However, you can apply the equivalent registry edit to get the same results.

Option 1: Edit the Registry or use a REG file

Here’s the REG file for the above GPO setting.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions]
"DenyDeviceIDs"=dword:00000001
"DenyDeviceIDsRetroactive"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs]
"1"="PCI\VEN_8086&DEV_0412&SUBSYS_05A41028"

Be sure to replace the hardware ID in the above REG file with the actual hardware ID for your device.

Option 2: Use “Policy Plus”

Alternatively, you can use Policy Plus on Windows Home Edition. Policy Plus is a freeware alternative to the Local Group Policy Editor. This tool is intended to make the power of Group Policy settings available to every version/edition of Windows.

policyplus - device ids block driver update gpo

Other Methods to Prevent Automatic Driver Updates

Using the SearchOrderConfig Registry setting

When you add new hardware to your computer, you can stop Windows from searching Windows Update for the drivers. There is a registry setting named SearchOrderConfig. For more information, check out the article “Windows Update Configured to never install drivers” Detected by Troubleshooter.

Setting the SearchOrderConfig registry value to 0 means Windows will be instructed to “Never install driver software from Windows Update” during new hardware installation.


Deny Write Access to Realtek Folder by SYSTEM

Apart from using wushowhide.diagcab method, here is another permanent method to avoid Realtek drivers from being auto-updated. This, of course, applies only if you have a Realtek network adapter.

A Redditor says: After WU installed the Realtek HD audio driver, he uninstalled it and restarted the computer. Windows installed the standard version of the driver after the reboot. However, as Windows Update updated the drivers automatically, the Realtek device malfunctioned and this cycle repeated again and again. Here are some ways to prevent a device driver (e.g., Realtek High Definition Audio drivers) from being updated automatically.

  1. First, roll back the Realtek drivers via Device Managers, as instructed earlier in the article.
  2. After restarting Windows, open the folder C:\Program Files\Realtek
  3. Right-click the Realtek folder, and click Properties.
  4. Go to the Security tab, and click Advanced
  5. Change all permissions for SYSTEM to “Deny.”
  6. Click OK. Click OK once more.
  7. Restart Windows.

You’re set. And note that you cannot manually install future Realtek drivers unless you revert the permissions back to how they were.


Set your internet connection to Metered

Setting your internet connection to metered will automatically prevent Windows Update from downloading updates (both driver and non-drivers).

WU Pending download on Metered connection
WU Pending download on Metered connection

However, you can see the list of available updates for your device. This will allow you to hide any updates (using the WUShowHide.diagcab tool) you don’t want before they get installed. Note that Windows Spotlight won’t download new wallpapers on metered connections.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

Leave a Comment