From c9b91f6d8f9bd16308b6beda119e7154a985b6cf Mon Sep 17 00:00:00 2001
From: undergroundwires <undergroundwires@users.noreply.github.com>
Date: Fri, 19 Feb 2021 10:54:42 +0100
Subject: [PATCH] add script to automatically kill devicecensus process

---
 src/application/collections/windows.yaml | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/src/application/collections/windows.yaml b/src/application/collections/windows.yaml
index fbf81450..5f69557b 100644
--- a/src/application/collections/windows.yaml
+++ b/src/application/collections/windows.yaml
@@ -476,11 +476,21 @@ actions:
                             schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /ENABLE
                             schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /ENABLE
                     -
-                        name: Disable Webcam Telemetry (devicecensus.exe)
-                        recommend: standard
-                        docs: https://www.ghacks.net/2019/09/23/what-is-devicecensus-exe-on-windows-10-and-why-does-it-need-internet-connectivity/
-                        code: schtasks /change /TN "Microsoft\Windows\Device Information\Device" /DISABLE
-                        revertCode: schtasks /change /TN "Microsoft\Windows\Device Information\Device" /ENABLE
+                        category: Disable Webcam Telemetry (devicecensus.exe)
+                        docs:
+                            - https://www.ghacks.net/2019/09/23/what-is-devicecensus-exe-on-windows-10-and-why-does-it-need-internet-connectivity/
+                            - https://answers.microsoft.com/en-us/windows/forum/windows_10-security/devicecensusexe-and-host-process-for-windows-task/520d42a2-45c1-402a-81de-e1116ecf2538
+                        children:
+                            -
+                                name: Disable devicecensus.exe (telemetry) task
+                                recommend: standard
+                                code: schtasks /change /TN "Microsoft\Windows\Device Information\Device" /disable
+                                revertCode: schtasks /change /TN "Microsoft\Windows\Device Information\Device" /enable
+                            -
+                                name: Disable devicecensus.exe (telemetry) process
+                                recommend: standard
+                                code: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DeviceCensus.exe" /v "Debugger" /t REG_SZ /d "%windir%\System32\taskkill.exe" /f
+                                revertCode: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DeviceCensus.exe" /v "Debugger" /f
                     -
                         name: Disable Application Experience (Compatibility Telemetry)
                         recommend: standard