Looking for some sanity checking from people who deal with Windows internals more than I do. At this point I am pretty sure the answer is “this is by design” but I want to confirm I am not missing an obvious knob or supported workaround.
Scenario is a Windows 11 workstation build 22621 fairly locked down and not used for development work.
Every time Microsoft.NETCore.App 8 dot something is uninstalled it eventually gets reinstalled through Windows servicing or repair.
First pass I checked the normal causes.
PowerShell 7 is not installed only Windows PowerShell 5.1
No Visual Studio 2019 or 2022
No modern Visual Studio workloads
winget is not available from the command line
No user installed applications that target .NET 8
The only Visual Studio related entry is Visual Studio 2010 Tools for Office Runtime which is Framework based and clearly not related to .NET Core.
Digging further I checked Windows App Runtime provisioned packages and found the following.
Microsoft.WindowsAppRuntime.CBS
Microsoft.WindowsAppRuntime.CBS.1.6
So this is the CBS delivered Windows App Runtime maintained by Windows Update not a Store app.
From everything I am seeing Windows App Runtime CBS has a dependency on Microsoft.NETCore.App 8.x and Windows now treats .NET 8 as a platform runtime. Removing it just leads to a repair later.
Verification done so far.
No Windows services related to .NET or Windows App Runtime
No scheduled tasks
No startup registry entries
No listening network ports
Runtime binaries only appear loaded inside the process space of modern Windows components like Settings or Security UI and unload when the app closes
So there is no background runtime or service here just on demand loading.
My question for the group.
Is there any supported way to prevent .NET 8 from reinstalling while keeping Windows App Runtime CBS intact
Or is the real answer simply that on Windows 11 .NET 8 is effectively mandatory now and the correct action is to document it and move on
I am leaning toward the latter but wanted to ask before closing this out.
If anyone has official Microsoft documentation that explicitly states this behavior or experience explaining this to security or audit teams I would appreciate it.
Thanks and feel free to tell me I am fighting the OS.