Integrated CleanUnwantedUpdates

[KOLANICH]

Replaces builtin script with CleanUnwantedUpdates

[AnrDaemon]

And how is this overengineered byproduct of brain activity any better than a straightforward batch file?

[KOLANICH]

And how is this overengineered byproduct of brain activity any better than a straightforward batch file?

It does more :)

[AnrDaemon]

Does it NEED to do more, to begin with?
If you really need to "do more", how about

@ECHO OFF
openfiles.exe 1>nul 2>&1
IF ERRORLEVEL 1 (
    echo You are not administrator! Right Click file select run as admin
    pause
    EXIT 1
)

SETLOCAL ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION

REM --- uninstall updates
echo Uninstalling updates, be patient...
FOR %%f IN ( %~dp0*.list ) DO (
  FOR /F "tokens=1,2,*" %%k IN (%%~f) DO (
    IF "%%~l" GTR "%~1" (
      SET _LIST=!_LIST! %%~k
      < NUL: SET /P _=Removing KB%%~k "%%~m"
      START "%%~k" /WAIT wusa.exe /kb:%%~k /uninstall /quiet /norestart
      IF ERRORLEVEL 1 (
        ECHO  - not found.
      ) ELSE (
        ECHO  - done.
      )
    )
  )
)

?

[KOLANICH]

Does it NEED to do more, to begin with?

For now - no (the additional functionality detecting suspicious updates (the ones having keywords for now, you can plug an additional heuristics into it) is not activated by default, to activate it you need to either edit config every time you need it (it deactivates itself to prevent abuse (when it is fully enabled, it downloads and parses the pages with updates descriptions)), or edit the source to remove self-deactivation).

how about

Bad. In order to hide an update you have to use WSH script. Why not to move entire functionality into WSH then?

Again, the purpose of that tool was not only to delete the updates, but also to detect the suspicious ones and ask the user to examine them manually.

[AnrDaemon]

Any heuristic is fail-prone. Which means, it is essentially unsafe. I'm not going to place my system at risk.

[KOLANICH]

Don't make such a statements without examining the code. It DOESN'T remove updates based on heuristics, it just advises the updates to be checked manually. The main source of unsafety in my script is the possibility to exploit the vulns in ActiveX components used.

[AnrDaemon]

Then again, if you make an application, that ONLY checking for possible suspicious updates (and then again, Microsoft rarely gives any meaningful info to such updates, largely only reposting the list of binaries included), I see the reason to refer to your application as a potentially useful additional tool.
But as is, completely replacing current rather obvious functionality with your less than readable code - my vote is against it.
I can read and understand, what the "HideWindowsUpdates.vbs" does even having near zero knowledge of VBScript, and assert its safety, but digging through the pile of foreign code to see, which is relevant, and which is not, to the given task - god save me from such a chore.