Microsoft is now utilizing a Windows motorist to avoid users from altering the configured Windows 10 and Windows 11 default web browser through software application or by manually customizing the Registry.
Windows users can still alter their default web browser through the Windows settings. Those who made use of software application to make the modifications are now obstructed by a chauffeur silently presented to users worldwide as part of the February updates for Windows 10 (KB5034763) and Windows 11 (KB5034765).
IT specialist Christoph Kolbicz was the very first to observe the modification when his programs, SetUserFTA and SetDefaultBrowser, all of a sudden quit working.
SetUserFTA is a command line program that lets Windows admins alter file associations through login scripts and other approaches. SetDefaultBrowser works likewise however is just for altering the default web browser in Windows.
Beginning with Windows 8, Microsoft presented a brand-new system for associating file extensions and URL procedures with default programs to avoid them from being damaged by malware and harmful scripts.
This brand-new system associates a file extension or URL procedure to a specifically crafted hash saved under the UserChoice Registry secrets.
The default web internet browser designated to the HTTPS URL procedure is discovered under:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsShellAssociationsUrlAssociationshttpsUserChoice]
“ProgId”=”ChromeHTML”
“Hash”=”N3eikAB1HhI=”
If the proper hash is not utilized, Windows will disregard the Registry worths and utilize the default program for this URL procedure, which is Microsoft Edge.
Kolbicz reverse crafted this hashing algorithm to produce the SetUserFTA and SetDefaultBrowser programs to alter default programs.
With the Windows 10 and Windows 11 February updates set up, Kolbicz kept in mind that these Registry secrets have actually now been locked down, offering mistakes when customized outside the Windows Settings.
Utilizing the Windows Registry Editor to customize these settings provides a mistake mentioning, “Can not modify Hash: Error composing the worth’s brand-new contents.”
Locked down UserChoice Registry secrets
Source: BleepingComputer
After more research study, Kolbicz found that Microsoft presented a brand-new Windows filter motorist (c: windows system32 chauffeurs UCPD.sys) as part of the February updates.
User Choice Protect Driver (UCPD.sys)
Source: BleepingComputer
This motorist is referred to as a “User Choice Protection Driver,” and when packed, avoids direct modifying of the Registry secrets related to the HTTP and HTTPS URL associations and the.PDF file association.
The associated Registry secrets are:
HKCU Software Microsoft Windows Shell Associations UrlAssociations http UserChoice HKCU Software Microsoft Windows Shell Associations UrlAssociations https UserChoice HKCU Software Microsoft Windows CurrentVersion Explorer FileExts . pdf UserChoice
It needs to be kept in mind that in BleepingComputer’s tests, the chauffeur was presented to our Windows 11 and Windows 10 gadgets, however it just locked down the Registry secrets on our Windows 10 gadgets.
In a post, Kolbicz discusses that while you can not discharge the motorist, you can disable it in the Registry.
“We can not just dump this motorist, BUT we can naturally disable it! this can be done by this one-liner– in a raised PowerShell followed by a reboot.