how to prevent Windows Update from updating your bios

Also reportedly a BIOS update will reset some BIOS settings including the capsule update setting.  So if you do it, check afterwards, and reset to your preferences.

thank you for pointing this out. looks like the Dell bios capsule switch is overruled in those instances.

yet another Dell suggestion here (Win 10/11 Pro)

@redxps630 I believe it has been reported in this forum that turning off UEFI Capsule Firmware Updates does not always prevent BIOS updates via Windows Update. I don't know if the problem has been fixed. Here is an example: https://www.dell.com/community/XPS-Desktops/XPS-8930-disabling-UEFI-firmware-capsule-updates-didn-t-prevent/m-p/8068076

One of the problems is the different NAMING conventions between the BIOS if you install it and when Windows Update does. Windows Update has a '0.' in front of the version number...I've had WU install BIOS 0.2.7.0 over V2.7.0 I manually installed.. Saw that in the Reliability Viewer one time.

I also think that there is a bit in the header that WU reads... as I've seen it also sitting as an OPTIONAL UPDATE so I have to select it, but other times it comes in automatically. If this is the case, then whoever builds the delivery file either did it wrong, or Dell wanted to be sure 'everyone' got the update.

Bottom line, for whatever the reason is, that setting can not guarantee it will not happen it seems.

I'm another of those who had a BIOS update forcibly installed on a PC via Windows Update, even with UEFI Capsule Updates disabled in BIOS.

BIOS 0.1.1.18 for XPS 8930 was offered as an "optional" update by Windows Update for a couple of weeks and then it disappeared from that screen and was force-installed on top of the existing BIOS BIOS 1.1.18, and listed as "successful" in the WU Update History.. 

Forced BIOS updates haven't happened since BIOS 0.1.1.18.  I was offered BIOS 0.1.1.22 and currently being offered 0.1.1.23, both as "optional" updates via Windows Update. I already installed 1.1.23 so I've ignored the WU offer. And -so far- it hasn't force-installed it. So perhaps, maybe, possibly they fixed WU so "optional" BIOS updates aren't force-installed, regardless of the UEFI Capsule Update setting. But I am keeping an eye on it.

This is helpful advice from Dell. But it's all or nothing - I'd like an option to not include a BIOS update and allow all other driver updates to be inlcuded in Windows updates.

Is there a way?

It might help some people (including me) with the consequences of a BIOS auto-update by Windows Update on XPS 8930 desktops to prevent it in the future.

@Luke717,

There is no 'official' Dell response here.

I did 'locate' by accident another Windows settings.

I don't know HOW this works with the Capsule Update? You can reach it by opening your Settings, System, About and click any Related links on the top Device Specifications, and then the Hardware tab. You can also get to it this way. Press the Windows key + R together to bring up the Run box, type sysdm. cpl and press Enter to open the System Properties window. Switch to the Hardware tab,

Next click on Device Installation Settings:

It is not clear to me if this does anything or not, or who is in control, the BIOS or the OS? Does one overrule the other? Me, I think the BIOS would be the controller, but would that stop the OS from doing it? I'm thinking this would be the limiter for Support Assist, but I'm not sure about that either? I've not disabled it though.

I've searched the web for more info on this too... and can not find a definitive answer, however there are other ways to change this setting, this link, https://pureinfotech.com/stop-windows-10-installing-drivers-automatically/ has all the ways to reach that setting, Registry, Group Policy Editor, and the Control Panel.

On reading that link (and others) it still isn't clear what it controls? Sort of implies files in Windows Updates Optional category. That is where I found a BIOS update by the way that DID after a few days DID get installed. I have Windows Home and no Group Policy Editor, so I can stop it or allow it via a device list. One thing I noticed, the naming convention on Windows Update BIOS files. Normally Dell names them. x.exe, where x is the version number. However in Windows Update it is called 0.x.exe. Mismatched names could play into this, as Windows Update wouldn't see that file by name on a driver and assume it is new and install it?

I've Googled "windows setting device installation settings" and I can't locate a true definition of how it works compared to Windows Update?

This one link, https://www.groovypost.com/howto/disable-automatic-driver-installation-on-windows-11/ sort of is typical of the info I've found. For instance:

===========================

Disabling Automatic Driver Updates

Whether you use the Windows 11 interface or go through Group Policy, you’ll no longer receive any device driver automatically through Windows Update when you’ve completed the steps. Instead, you’ll need to install them manually.

===================

Not at all clear?

Reading that though sort of implies one wouldn't need the Capsule Update setting at all?

One thing IS clear to me, Capsule Update did not prevent at least ONE Windows Update of the BIOS on my 8940. Worse, when it was updated (and I have NO proof it did happen) I never saw it being updated on the Dell Boot Screen? It was according to the Windows Update Log installing the same one I had installed and was using? Possible during the install it recognized that it was already installed and aborted but it was already logged as being installed?

I have never had Windows Update either back-level or install a newer BIOS on me though?

FWIW, Windows Update force-installed a BIOS update (same version as was installed) on my XPS 8930 with UEFI Capsule Updates disabled in BIOS, only one time - and that was very first time a BIOS update was offered by Windows Update.

Since then, WU has only offered them to me as Optional Updates, and has never force-installed any of them, with Capsule Updates disabled, after that first time. 

Surprisingly, WU is still offering me (optional) BIOS 1.1.26 which I installed manually in mid-Oct'22, even though it has already installed 1.1.27 on some XPS 8930 PCs, which presumably had Capsule Updates enabled.

And, I manually installed BIOS 1.1.27 on my XPS 8930 last week with none of the terrible consequences most others have had.

@Anonymous  - BIOS 1.1.18 was the one and only BIOS update force-installed by Windows Update here too, on top of 1.1.18 already installed.

BIOS 1.1.18 was the first BIOS ever offered to me via WU. My PC came with BIOS 1.1.8 installed and there were 6 BIOS updates in after 1.1.8, before 1.1.18.

Makes me wonder if there was a bug in WU back then that didn't look at or care about the UEFI Capsule Update setting in BIOS setup on the recipient PC when it first started offering (Dell) BIOS updates.

Well, on my 8940 my experience is COMPLETELY different... for instance look at my WU Install log:

I also had another one before V2.4.0, but NOT V2.3.0:

I will also state:

• When I was booting I never saw on the first Dell Boot screen any bar running across for ANY of the above progress of the BIOS install.
• I know I did install MANUALLY or via Dell Update EVERY one of those BIOS versions.

My thoughts with this is that the logs ARE bogus. Normally, for many 'device drivers' or DLL's, Windows when installing them knows it can NOT overwrite and open or loaded file that would be written back to disk on Shutdown. So it will create a RUNONCE Registry Entry with the location of the file to be written or executed. It is QUITE possible once those Capsule Updates are executed, they DO check to see if the installed file is the same as the payload and if so aborts. However, by that time, WU is long gone as it wrote to the log well before the reboot to execute the RUNONCE has happened.

At least that is my thinking.

In the BIOS there is a SYSTEM LOG, and I checked those dates and they DO NOT match what I see in WU I recall.

In my WU log I also see this one:

Don't recall that one either as normally if I install it, I get asked where do I want it and when installing it blinks the screen a few times. Of course, this could have just written the Display Driver only over the OLD one (I did do the Standard Install so the location is known). In that case I'd never know it happened  as the next boot would use it.

Just my thoughts on this, but with an install date of the last one as 7/31/2022, if there was a packaging problem it continued until then. I've had the Capsule Update OFF and checked on every NEW BIOS I install (yes, possible WU did somehow install a BIOS without updating the Dell Boot screen and also not have Capsule Update disabled on install) and check it is still set to stop WU from doing that.