Command Prompt Archives

Winsage

June 2, 2026

Microsoft outs new Windows 11 native command-line utility. Revolutionizes native app making.

Microsoft has announced the general availability of Coreutils for Windows, introducing a native suite of Linux-style command-line utilities designed to enhance cross-platform development workflows. Coreutils includes essential commands for file, shell, and text manipulation, such as ls, cp, mv, rm, cat, and pwd, and will function similarly to its GNU counterpart, allowing seamless use across Windows, Linux, macOS, containers, and the Windows Subsystem for Linux (WSL). Microsoft has excluded certain utilities that rely on POSIX-specific functionality to avoid disrupting Windows operations. Additionally, Microsoft introduced "Windows Development Skills," a set of AI-powered tools aimed at improving the development and maintenance of Windows applications, built on WinUI 3 and the Windows App SDK, and available through a dedicated GitHub repository.

Winsage

May 30, 2026

How to Disable Windows Defender in Windows 11 (GUI, PowerShell, CMD & Group Policy)

Disabling Windows Defender is common among users setting up virtual machines or optimizing build processes, but it can be frustrating due to Windows 11's resistance to such actions. Many guides suggest using outdated registry keys, which are often reverted by updates, leading to repeated attempts to disable the protections. Users may disable Defender for several reasons, including performance issues with virtual machines, conflicts with Android emulators, hindrances in development environments, troubleshooting disk performance, and security testing in isolated labs. However, disabling antivirus software increases exposure to threats. Microsoft Defender includes components such as Antivirus, Real-Time Protection, Cloud-Delivered Protection, Tamper Protection, and Defender for Endpoint. Tamper Protection is a significant barrier to disabling Defender, as it prevents unauthorized changes to security settings. Key considerations before disabling Defender include the need for administrator rights, the effect of Tamper Protection, potential resets from Windows Updates, temporary toggles for Real-Time Protection, and the option to install third-party antivirus software, which places Defender in passive mode. Methods to disable Defender include using the Windows Security GUI, PowerShell commands, Command Prompt, or Group Policy (available only for certain editions). Disabling Tamper Protection requires accessing the GUI or being managed by an organization. To check if Defender is disabled, users can use PowerShell to review specific fields. Common reasons for Defender reactivating include enabled Tamper Protection, system reboots, Windows Updates, lack of third-party antivirus, and security policy refreshes. Installing a legitimate third-party antivirus is often the best way to maintain a consistent state. Instead of disabling Defender, users can add exclusions for specific folders related to virtual machines or development tools, allowing them to maintain protection while avoiding conflicts. Troubleshooting common problems includes ensuring elevated sessions for PowerShell, checking Tamper Protection status, and understanding the limitations of the Group Policy editor based on the Windows edition. Disabling Defender may be appropriate in specific scenarios, but for regular use, especially on machines handling sensitive tasks, the risks generally outweigh the benefits. Using exclusions is recommended for performance improvements without compromising security.

Winsage

May 26, 2026

How to Remove Microsoft Edge (Windows 10 and 11)

Removing Microsoft Edge from Windows can be complex due to its integration as a system component, especially in Windows 10 and standard Windows 11 installations. Edge may not have a straightforward Uninstall button in the Settings page, but methods exist for uninstallation, including using Edge's own installer or command-line approaches. In the EU, users may find an easier uninstall option in Settings due to the Digital Markets Act (DMA). To uninstall Edge, users should check their Windows version and region, install a replacement browser beforehand, and be aware that updates might reinstall Edge. Elevated permissions are typically required for uninstallation methods. Method A involves using Edge's setup.exe in uninstall mode from its Installer directory, which is widely compatible. Method B allows for a Settings-based uninstall in certain EU Windows 11 builds influenced by DMA. Method C uses PowerShell to remove Edge partially but may not be effective on newer builds. Method D suggests disabling Edge instead of fully uninstalling it for better system stability. Advanced techniques exist but carry risks, including potential system integrity issues. Users should consider application dependencies and the likelihood of Windows updates restoring Edge. For enterprise environments, policy-based control is preferred over complete removal. The EU DMA is driving changes toward a more modular Windows architecture, allowing for greater user choice regarding browser components.

Winsage

May 26, 2026

Why Hyper-V Breaks Emulators on Windows 11 (And the Fix)

Enabling Hyper-V on Windows 11 can cause applications like BlueStacks or VirtualBox to lag or fail to launch due to conflicts with CPU virtualization extensions (VT-x/AMD-V). Hyper-V is a Type-1 hypervisor that monopolizes these resources, preventing Type-2 hypervisors from accessing them directly. Common issues include error messages from BlueStacks, LDPlayer, VirtualBox, VMware, and Android Studio related to virtualization availability. To check if Hyper-V is enabled, users can use Task Manager, System Information, Windows Features, Command Prompt, or PowerShell. Disabling Hyper-V can be done through various methods, including unchecking it in Windows Features, using PowerShell, the bcdedit command, or modifying BIOS settings. However, disabling Hyper-V also stops functionalities like WSL2 and Memory Integrity. Some modern emulators, such as BlueStacks and VMware Workstation Pro, have adapted to work alongside Hyper-V, while VirtualBox's compatibility remains experimental. For optimal emulator performance, users should allocate appropriate CPU cores and RAM, ensure virtualization is enabled in BIOS, enable GPU acceleration, and set the Windows power plan to "Best performance." If issues persist, users should confirm Hyper-V is off, check BIOS settings, and reset emulator configurations.

Winsage

May 23, 2026

My Windows 11 laptop was tanking my Wi-Fi even when closed, and this one hidden setting fixed it almost immediately

Users have reported that the Modern Standby feature in Windows 11 disrupts Wi-Fi connectivity, leading to inconsistent internet performance upon waking from sleep. Disabling Modern Standby significantly improves Wi-Fi speeds and device reliability. This feature, introduced in Windows 8, allows laptops to maintain a low-power state while keeping certain processes active, which can cause connectivity issues. Users can disable Modern Standby by accessing BIOS settings to switch from S0 Sleep to S3 Sleep mode, using Command Prompt to check available sleep states, or changing the action for closing the lid to Hibernate. After disabling Modern Standby, users have experienced improved network adapter performance, better ping, and more consistent Wi-Fi speeds, along with reduced concerns about battery drain and overheating. Many users prefer the stability of the traditional S3 Sleep mode over Modern Standby.

Winsage

May 20, 2026

Microsoft confirms Windows 11’s May 2026 update is failing to install with error 0x800f0922 and outlines a mitigation for affected PCs

Microsoft has acknowledged installation issues with the May 2026 Security Update for Windows 11, specifically error code 0x800f0922, affecting devices on versions 24H2 and 25H2 after installing update (KB5089549) released on May 12. The failures occur during the reboot phase, often around 35 percent, primarily on devices with 10MB or less free space in the EFI System Partition (ESP). For consumer and unmanaged business devices, Microsoft has implemented a Known Issue Rollback (KIR), and restarting the computer may resolve the issue. For managed devices, network administrators must manually deploy a Group Policy workaround. Microsoft suggests modifying a Registry value to decrease reserved padding in the EFI partition as a potential fix, along with restarting the computer and checking for updates. A permanent solution is planned for a future Windows update.

Winsage

May 19, 2026

Your SSD has built-in maintenance tools that Windows keeps hidden from you

Modern SSDs are highly reliable and require minimal maintenance. Windows includes tools for SSD health management, such as the TRIM command, which helps optimize performance by allowing the SSD to clean unnecessary data blocks. Users can check if TRIM is active using the Command Prompt. The "Optimize Drives" utility schedules SSD optimization routines and sends ReTrim commands. S.M.A.R.T. technology monitors SSD health, but the information is not easily accessible. Third-party tools like CrystalDiskInfo offer more detailed insights. Windows' Storage Sense feature helps manage storage on smaller SSDs by cleaning temporary files and freeing up space. The write caching policy in Device Manager enhances SSD performance, and users can adjust settings in the BIOS for optimization. Windows reserves SSD space for virtual memory and hibernation, which can be managed to reclaim storage. Overall, Windows provides built-in features to help maintain SSD performance and longevity.

Winsage

May 18, 2026

Old Windows Flaw Returns to Spotlight With MiniPlasma Exploit

Security researcher Chaotic Eclipse has introduced a Windows exploit called MiniPlasma, which may allow privilege escalation from standard user accounts to SYSTEM level access, even on patched versions of Windows. This exploit is linked to CVE-2020-17103, a flaw in the Windows Cloud Filter driver that was addressed by Microsoft in December 2020. Tests have reportedly demonstrated the exploit functioning on a patched Windows 11 Pro system, achieving SYSTEM access from a standard user account. The exploit involves an undocumented registry-key path within the .DEFAULT user hive, raising concerns about the effectiveness of the 2020 fix. There is a discrepancy between public and Canary builds of Windows 11, with the exploit working on the public build but not on the Canary build. Microsoft’s April 2026 Patch Tuesday updates included another entry related to the Windows Cloud Files Mini Filter Driver elevation-of-privilege issue. Defenders are advised to monitor the CVE-2020-17103 record for further clarification regarding the status of the original fix and the implications of the MiniPlasma exploit.

Winsage

May 17, 2026

New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

A cybersecurity researcher, known as Chaotic Eclipse, has released a proof-of-concept exploit for a Windows privilege escalation zero-day vulnerability called "MiniPlasma," which allows attackers to gain SYSTEM privileges on fully patched Windows systems. The vulnerability affects the cldflt.sys Cloud Filter driver and was reported by Google Project Zero in September 2020, assigned the identifier CVE-2020-17103, and claimed to be resolved by Microsoft in December 2020. However, Chaotic Eclipse asserts that the vulnerability remains unpatched. Testing confirmed that the exploit works on Windows 11 Pro, enabling command prompt access with SYSTEM privileges from a standard user account. Will Dormann, a vulnerability analyst, verified the exploit's effectiveness but noted it did not work in the latest Windows 11 Insider Preview Canary build. The exploit leverages the undocumented CfAbortHydration API to manage registry key creation improperly. Chaotic Eclipse has previously disclosed other Windows zero-day vulnerabilities and claims their actions are a protest against Microsoft's handling of vulnerabilities.

Winsage

May 15, 2026

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit named YellowKey allows individuals with physical access to Windows 11 systems to bypass BitLocker encryption protections. Discovered by researcher Nightmare-Eclipse, this vulnerability enables unauthorized users to access encrypted drives quickly. The exploit involves transferring a custom FsTx folder to a USB drive, connecting it to a BitLocker-protected device, and entering recovery mode to gain command prompt access without needing a BitLocker recovery key. Esteemed researchers Kevin Beaumont and Will Dormann have confirmed the exploit's functionality, although the specific mechanism within the FsTx folder that enables the bypass is not fully understood.