How to Remove Third-Party Updates from WSUS and SCCM
To remove a third-party update from WSUS, you can either decline or delete the update completely. We will review how to delete or decline third-party updates in this article.
Topics covered in this article:
Option 1: Decline the Third-Party Updates from WSUS and SCCM
The first option to remove a third-party software update is to decline it. When you decline an update, clients will no longer scan against the update, and it will show expired in Configuration Manager.
To decline a third-party update, perform the following steps:
Open the Modify Published Updates Wizard from the Updates (tab) > Options (button) in the Publisher.
Check the updates to decline from WSUS, and click Decline
Click Close on the dialog box that list the status of the declining operation.
After the updates are declined in the Publisher, you can manually sync your software update point in SCCM for the changes to occur immediately.
After the software update point sync is complete, you should see the declined updates show as expired in SCCM and will no longer be deployed. In the example below, you can see the declined 7-Zip updates show expired.
Option 2: Delete the Third-Party Updates from WSUS and SCCM
The second option is to delete the update completely from WSUS. The delete option is not recommended in most scenarios as it can cause hash issues if the deleted updates are ever published again.
As a result, we don’t enable the Delete button by default. To enable the delete button, you need to set the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Patch My PC Publishing Service:EnableDeleteUpdates = 1 (REG_DWORD)
Note: The delete option may be a help if you need to delete updates to clean up the UpdateServicePackages folder: How to Clean Up Third-Party Updates from the WSUS UpdateServicesPackages Folder
Check the updates to delete from WSUS, and click Delete
After the updates are deleted in the Publisher, you can manually sync your software update point in SCCM for the changes to occur immediately.
After the software update point sync is complete, you should see the deleted updates show as expired in SCCM and will no longer be deployed. In the example below, you can see the deleted 7-Zip updates show expired.