Stop Windows 10 Anniversary Update from installing Candy Crush and other unwanted apps

Many users have spotted that Windows 10 Anniversary Update downloads and installs some games and apps automatically. Without the user even opening the Store, or asking for his or her permission, the operating system installs some apps like Candy Crush Soda Saga, Minecraft: Windows 10 edition, Flipboard, Twitter and some other apps. Earlier, you could prevent Windows 10 from installing them using a Registry Tweak, but it does not work any more in version 1607 "Anniversary Update". Here is the alternative way to prevent these apps from installing.

The Windows 10 version 1607 Anniversary Updates includes a feature that automatically installs apps from the Windows Store because it wants to promote some of them. These apps are installed for the currently signed-in user. When you are connected to the internet, Windows 10 will download and install a number of Store apps automatically. The Tiles for these Metro apps or Universal apps suddenly show up in the Windows 10 Start Menu with a progress bar indicating that they're being downloaded. After they finish installing they show up in the Recently installed section of the Start menu:

soda To Block Soda Saga and other unwanted apps in Windows 10 Anniversary Update, do the following.

  1. Press Win + R shortcut keys together on the keyboard to open the Run dialog.
  2. In the Run box, type the following: Windows 10 open local security policy
    secpol.msc
  3. The Local Security Policy app will appear on the screen. Windows 10 local security policy
  4. Select Application Control Policies in the left, then click Applocker.
  5. Click Packaged app Rules: Click packages and rules
  6. Right click  the right pane and select Create new rule: packages and rules create new rules
  7. The Create new rule wizard will be opened. Click Next to open its next page: wizard
  8. On the Permissions page, set Action to Deny, leave User or Group as Everyone: deny everyone
  9. Click Next, then click Use an installed packaged app as a reference -> Select: select button
  10. In the app list, select Windows Spotlight(Microsoft.Windows.ContentDeliveryManager) and click OK: select spotlight
  11. Move the slider to the Package Name option as shown below, then click Create: package name slider

That's it! Note that already downloaded content in the tiles wont go away after this Applocker rule, however, there will not be any new content after this. You can remove existing unwanted apps. All you need to do is right click their tiles and remove them, they won't coming back. Credits: dobbelina@MDL.

To restore the default behavior,  you need to remove the rule in Local Security Policy you created.

A side effect of this AppLocker rule restriction might be that the Windows Spotlight feature which shows random images on the Lockscreen will not work. But this issue is very minor, since you can still change your Lock screen background to a custom image or to a slideshow.

Update: if the trick described above has no effect for you, please try another method mentioned in the following article:

Fix: Windows 10 installs apps like Candy Crush Soda Saga automatically

37 thoughts on “Stop Windows 10 Anniversary Update from installing Candy Crush and other unwanted apps

  1. Just a Concerned User

    It’s kind of shame that is has come down to having to go to such lengths to try and retain some control.

    Putting aside all the tales of the telemetry and privacy woes, I have been trying to like Windows 10 for the last 8 months. But for every one thing that I do like about Windows 10, there are two things that I don’t like.

    I am glad there are people like you to offer us novice PC users a place we can visit and better educate ourselves.

    Well-loved. Like or Dislike: Thumb up 30 Thumb down 0

    Reply
    1. Bob

      It’s a shame because people use Windows 10 anyway. Nobody is forcing them to use such a crap OS. If everyone stays with Windows 7, Microsoft will be forced to comply just like they had to with Windows 8 and 8.1.

      Hot debate. What do you think? Thumb up 15 Thumb down 12

      Reply
      1. Jason

        Sticking with Windows 7 isn’t necessarily feasible anymore. Apart from the fact that new installs are a complete pain due to the hours it takes to find update (let alone download and install them), it lacks support for a lot of new hardware and is a dead-end system as updates will be completely unavailable when support ends in 2020. Moving to something newer is just sensible future-proofing, and since Linux still has too many issues with software availability and support for a lot of people, Windows 10 is the only real option.

        Learning how to beat Windows 10 into submission via all these tweaks is the price one pays for not having to deal with the alternatives.

        Hot debate. What do you think? Thumb up 16 Thumb down 13

        Reply
        1. Bob

          Don’t get me wrong, I am not against tweaks. But I think it is perfectly feasible to continue using Windows 7 or 8.1. The need to move to Windows 10 is entirely self-created by you. All the changes in Windows 10 are bad. Winaero already showed you how to make update checking on Windows 7 fast: https://winaero.com/blog/fix-windows-update-stuck-on-checking-for-updates/. At present Windows 7 doesn’t lack support for new hardware except the DPI scaling sucks for high res displays and it lacks Bluetooth 4.0 support. Windows 8.1 has these two with an experience highly similar to Windows 7 once you do some third-party fixes. Moving to Windows 10 is like hurting yourself. :)

          Well-loved. Like or Dislike: Thumb up 13 Thumb down 5

          Reply
  2. Toshik

    What can i do if i don’t have secpol.msc in Windows 10 Home?

    Well-loved. Like or Dislike: Thumb up 4 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      I was waiting for this question.
      Let me see if I can repeat these steps without it.

      Well-loved. Like or Dislike: Thumb up 4 Thumb down 0

      Reply
      1. Sergey Tkachenko Post author

        Try this tweak (not tested yet)
        —-

        Windows Registry Editor Version 5.00

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\SystemCertificates]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx\32095775-5197-4f30-8cd8-990a7f2be3b7]
        "Value"="<FilePublisherRule Id=\"32095775-5197-4f30-8cd8-990a7f2be3b7\" Name=\"Microsoft.Windows.ContentDeliveryManager, from Microsoft Corporation\" Description=\"\" UserOrGroupSid=\"S-1-1-0\" Action=\"Deny\"><Conditions><FilePublisherCondition PublisherName=\"CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US\" ProductName=\"Microsoft.Windows.ContentDeliveryManager\" BinaryName=\"*\"><BinaryVersionRange LowSection=\"*\" HighSection=\"*\"/></FilePublisherCondition></Conditions></FilePublisherRule>"

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Dll]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Exe]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Msi]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Script]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}User]

        Well-loved. Like or Dislike: Thumb up 8 Thumb down 0

        Reply
        1. Andy Hook

          What do all those registry entries mean ?
          To me it’s just a list of entries, am I missing something ?

          Like or Dislike: Thumb up 1 Thumb down 0

          Reply
          1. Sergey Tkachenko Post author

            o_0
            It is a group policy object for the Local Policy rule described in the article.
            It is not “just list of entries”.
            You can save it as a *.reg file and apply, as Toshik requested.

            Well-loved. Like or Dislike: Thumb up 4 Thumb down 0

          2. Andy Hook

            I get it, I cut and paste into notepad, and name as a .reg file, and run ?

            Thanks for that:)

            Like or Dislike: Thumb up 1 Thumb down 0

          3. Sergey Tkachenko Post author

            Yep.

            Like or Dislike: Thumb up 1 Thumb down 0

        2. Aircrackng

          Wow thanks for this! I was just about to ask for it and what would you know some genius has already posted it. Good looks.

          Like or Dislike: Thumb up 1 Thumb down 1

          Reply
        3. Danbolder

          Unfortunately when I try to run the .reg file all I get is:

          The specified file is not a registry script.
          Your can only import binary registry files from within the registry editor.

          Like or Dislike: Thumb up 2 Thumb down 0

          Reply
        4. BOb BrIGGs

          The above .reg hack works. You must include the line “Windows Registry Editor Version 5.00, just as it is above”. The first time I tried this I wasn’t sure and left that line out, and got the error stated. But after I included it to let the registry know what I was importing, it worked fine. I guess this type of header statement is required to import registry data.

          Like or Dislike: Thumb up 2 Thumb down 0

          Reply
    2. Beejsterious

      Get a Mac or have zero privacy on virus riddled, annoying windows. MS-SUX!

      Poorly-rated. Like or Dislike: Thumb up 5 Thumb down 44

      Reply
      1. error

        even if so there are other alternatives than paying 2x the price for the logo.

        Like or Dislike: Thumb up 4 Thumb down 2

        Reply
      2. Angie

        Apple sucks for its own completely separate list of reasons, and I always have to point out to people that the ONLY reason why Apple computers do not get many viruses is because of their relatively small market share. It’s been shown time and time again that their actual infrastructure and technology for responding to threats is vastly inferior to Microsoft’s. The only reason for the perceived advantage is because so few people are using Apple laptops comparatively, and for that reason they are rarely targeted. Therefore if we all suddenly went out and bought Apple laptops, we’d be much worse off in three months when the malware industry caught up and started writing their crap to infect Apple OS rather than Windows.

        Well-loved. Like or Dislike: Thumb up 6 Thumb down 2

        Reply
  3. Michael

    Do you know where to find the executables for all of these unwanted applications? I have found some of them but I can’t find all of them, such as Minecraft and Candy Crush. Your workaround above, does not work on the systems that I have tried this on and I’m trying to see if I can go about this another way by finding the .exe files for them.

    Thank you!

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      They have no executables.
      They are appx packages, means Store apps.

      Like or Dislike: Thumb up 3 Thumb down 0

      Reply
  4. anon

    There’s a DWORD labeled SilentInstalledAppsEnabled in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager btw.

    Well-loved. Like or Dislike: Thumb up 4 Thumb down 0

    Reply
    1. Angie

      That value was already disabled for me and I’ve still been having Candy Crush soda Saga showing up every few hours anyway. I did however just find a subkey under that called SuggestedApps, which lists C andy Crush among others with a value of 1. I changed them all to zero and we’ll see what happens.

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
  5. Ricimer

    This would be more useful if Applocker was available on Windows 10 PRO, as it’s only available on Enterprise/Education you could just use the old policy setting…….

    Like or Dislike: Thumb up 2 Thumb down 0

    Reply
  6. Mark

    Isn’t it easier just to uninstall Windows Spotlight app?

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
  7. Mark

    Applocker is available in Windows 10 PRO, but blocking Windows Spotlight doesn’t help. Apps are still intalled…

    Like or Dislike: Thumb up 2 Thumb down 0

    Reply
  8. Mrvn

    @Mark
    Blocking Windows Spotlight is not for uninstalling Apps. You will recognize the effect of blocking Windows Spotlight by adding a new user. New users will not have those suggested apps like Candy Crush Soda Saga or Asphalt 8 in their startmenu. It will not work for existing users.

    @Sergey Tkachenko
    Blocking Windows Spotlight per secpol.msc works fine, thanks to you.
    Trying to block Windows Spotlight per registry does not work (tested with Win 10 Eval x64 Release 1607 and Win 10 Pro x64 Release 1607).
    So I took a look at the registry path and noticed that I got a different object-name than you’ve posted before.
    Your object-name: {250FEABB-7D5C-4556-8753-B62A66E5858B}
    Win10EntEval: {A4F95287-9F08-4E8D-8BD2-28A377DCD876}
    Win10Pro: {3D65B7C6-038C-40A1-9ECA-B6AA3D6CC686}

    I also got a different FilePuplisherRule ID:
    Yours: 32095775-5197-4f30-8cd8-990a7f2be3b7
    Win10EntEval: 28b5eca0-f05f-40a2-b690-242c99e5fd4e
    Win10Pro: c969e662-c40e-4dd1-9b5b-825589845c4e

    Any idea how to generalize the registry file?

    Well-loved. Like or Dislike: Thumb up 4 Thumb down 0

    Reply
  9. Carl

    I get a not found error when I try to run secpol.msc

    Can I do anything about this?

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      Which edition of Windows 10 do you have ?

      Like or Dislike: Thumb up 2 Thumb down 0

      Reply
      1. Carl

        Windows 10 home 1607. Ill try the fix above.

        Like or Dislike: Thumb up 1 Thumb down 0

        Reply
        1. Carl

          The registry patch applied. Now I guess I just wait to see if it works.

          Thanks!

          Like or Dislike: Thumb up 1 Thumb down 0

          Reply
  10. John

    Microsoft has no business including other apps and services in Windows update that I do not want. In fact Windows update should include nothing but the operating system updates and security patches. The fact that in the Anniversary update users got apps downloaded again they never wanted is something I would call bloatware not a Windows improvement update. So every time we get a major revision to Windows 10 users will have to uninstall the apps and Microsoft crap we don’t want??

    Like or Dislike: Thumb up 2 Thumb down 0

    Reply
  11. wez

    I remember back in the day on Windows 98, Microsoft with Internet Explorer 6 tried to bundle something called “Push” with “Active Desktop” where apps and ads would be pushed without consent to users’ desktops.

    It created such a stink it was abandoned by Microsoft. Right around this time the EU court hauled Microsoft into court for anti-trust for bundling its browser (and all this other stuff) into the OS…

    Two decades later and we have the same corporate culture at MS… Sad. We are not your advertising guinea pigs Microsoft! Capisce?

    ps. I love Windows 10 but detest the silent auto-app and advertising installs and not having the ability to truly disable all telemetry…

    Like or Dislike: Thumb up 2 Thumb down 0

    Reply
  12. Joe

    This NO LONGER WORKS. Windoews 10 of March, 2017 no longer respects this security policy. Candy crush comes to me every day and I have had this policy in place for weeks.

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
      1. snowylake

        This definitely don’t work on Windows 10 Pro 1703

        Like or Dislike: Thumb up 0 Thumb down 0

        Reply
  13. Mike

    My version of W10Pro version 1703 build 15063.296 they changed the name ‘Windows Spotlight’ to ‘Microsoft Content’.

    Like or Dislike: Thumb up 1 Thumb down 0

    Reply
  14. Random IT Guy

    To the latest replies saying it doesn’t work: I too found this to be the case. However, I created a separate Local Admin account, logged in with that, did the secpol.msc thing, logged back into my main account (which is also a local account, I am not using a Microsoft account and have not tested that) and Candy Crush hasn’t come back yet. It’s been a month (a full round of updates, basically)

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *