PowerShell Archives

Winsage

January 13, 2026

New Windows updates replace expiring Secure Boot certificates

Microsoft is enhancing security for Windows 11 24H2 and 25H2 users by automatically replacing expiring Secure Boot certificates on eligible devices. Secure Boot protects against malicious software by ensuring only trusted bootloaders are executed during startup. Many Secure Boot certificates are set to expire starting in June 2026, which could jeopardize secure booting capabilities if not updated. The update includes a mechanism to identify devices eligible for automatic receipt of new Secure Boot certificates. IT administrators are advised to install the new certificates to maintain Secure Boot functionality and prevent loss of security updates. Organizations can also deploy Secure Boot certificates through various methods. IT administrators should inventory their devices, verify Secure Boot status, and apply necessary firmware updates before installing Microsoft's certificate updates.

Winsage

January 12, 2026

How to remove Copilot AI from Windows 11 today

Microsoft's Copilot AI has received mixed reviews from users, with many preferring a more reliable operating system over new AI features. Users have reported inaccuracies in Copilot's responses and raised concerns about privacy and resource consumption. To disable or remove Copilot in Windows 10 and 11, users can access Task Manager, navigate to Startup apps, and disable Copilot. Additionally, tools like "Remove Windows AI" and "Flyoobe" can help manage AI components, with the latter allowing users to disable specific AI settings after installation.

Winsage

January 12, 2026

Windows 11 File Explorer Lag: Legacy XP Feature Fix via Registry Tweak

File Explorer in Windows 11 has been reported to have performance issues, particularly delays when navigating folders with many media files or documents. This problem is linked to the auto-discovery feature, which optimizes folder display settings based on content but incurs a significant computational burden. Disabling this feature through registry modifications can lead to improved performance, with users experiencing faster navigation and reduced folder load times. Microsoft has acknowledged these issues and plans to preload File Explorer for quicker launches, but the underlying problems remain largely unaddressed. Users have shared their experiences and solutions, including registry tweaks that set folder types to "NotSpecified" to eliminate scanning overhead. Despite some incremental updates from Microsoft, many users still face core lags, prompting ongoing community-driven fixes and discussions about the need for deeper audits of legacy code.

Winsage

January 11, 2026

I uninstalled Windows 11’s WhatsApp WebView2 and replaced it with the old native app with a new trick

WhatsApp's transition to a Chromium-based web wrapper has resulted in a significant increase in resource consumption for Windows 11 users, with RAM usage reportedly surging to 2GB, compared to less than 1GB for the older version. Users can revert to the older version, which utilizes native code and is more efficient, by following a series of steps involving enabling Developer Mode, downloading a specific package, and using PowerShell commands. The older version maintains a steady resource usage, with memory consumption peaking at 400 MB during status updates and remaining under 300 MB for general messaging. However, reverting to the older version will prevent users from receiving new updates, and it may eventually be phased out by Meta.

Winsage

January 10, 2026

How to edit text files directly from Command Prompt and PowerShell on Windows 11 — using Microsoft Edit just like Linux’s Nano

Windows 11 includes the Microsoft Edit command-line tool for editing text files directly within Command Prompt or PowerShell. The tool is under 250KB in size. To install Microsoft Edit, users can open Command Prompt as an administrator and run the command: winget install --id Microsoft.Edit. Alternatively, it can be downloaded from GitHub, but manual configuration is required. To use Microsoft Edit, users can launch it by typing PLACEHOLDERb167be8248c505bb in Command Prompt or PLACEHOLDER4905f66b5f26fc6f for administrator access. Existing text files can be edited using the command edit filename.txt, and new files can be created with the same command. Basic editing options include undo, redo, cut, copy, paste, and find and replace. Files can be saved with "Ctrl + S" and exited with "Ctrl + Q". The tool is designed for straightforward text editing without the need to switch applications.

Winsage

January 9, 2026

A Free Script Disables Built-In AI Features Across Windows 11

Windows 11 has integrated AI features, including Copilot, which is pinned to the taskbar and embedded in applications like Notepad and Paint. Users cannot universally disable these features, although individual toggles exist. A community script called RemoveWindowsAI has been created to disable Windows AI features at the system level and modify Windows Update settings to prevent reinstallation. The script targets Copilot, Recall, and their integrations, allowing users to disable all features or select specific components. It operates by making registry changes and aims to eliminate visible AI entry points while maintaining their disabled status across updates. When executed, RemoveWindowsAI removes Copilot from the taskbar, uninstalls the app, and disables AI functionalities in applications. Users run the script through Windows PowerShell 5.1, and it can be rerun to re-enable features. The tool provides a consistent experience but has limitations, as it may not address new AI features or changes from major Windows updates.

Winsage

January 8, 2026

How to get started with PowerToys Command Palette on Windows 11 — an answer to macOS Spotlight for Windows PCs

The Command Palette is a feature in PowerToys for Windows 11 that allows advanced users to access applications, settings, and system tools quickly, similar to macOS Spotlight. To install it, users must install PowerToys via Command Prompt or the Microsoft Store. Configuration involves enabling the Command Palette, customizing activation shortcuts, and adjusting display settings. Users can search for applications, settings, and files, perform calculations, access clipboard history, and execute system commands. Keyboard modifiers enhance functionality, and users can create custom search shortcuts with community plugins. The Command Palette also includes a Registry browser extension for navigating the Windows Registry.

Winsage

January 7, 2026

This Free Script Disables Every AI Feature in Windows 11

The integration of artificial intelligence into Windows 11 has led to mixed reactions among users, with some feeling overwhelmed by features like Copilot. RemoveWindowsAI is a free script that allows users to disable various AI features, including Copilot, Recall, and AI integrations in applications like Edge, Paint, and Notepad. The script modifies registry keys and prevents Windows Update from reinstalling these features. To use RemoveWindowsAI, users must launch Microsoft PowerShell 5.1, copy a command from the official GitHub page, and follow the prompts to select which AI features to disable. Testing the script showed that removing AI features significantly altered the user experience, with the Copilot icon and application disappearing from Notepad and Settings.

Winsage

January 7, 2026

Hackers Use Fake Windows BSOD To Spread Malware

Security researchers have identified a social engineering campaign that mimics the Windows Blue Screen of Death (BSOD) to deceive users into installing a remote access Trojan (RAT). The campaign, named PHALT#BLYX, begins with phishing emails that appear to be legitimate cancellation notices from travel websites, leading victims to a fake login page and an interactive CAPTCHA. This culminates in a full-screen imitation of the BSOD, prompting users to follow instructions that ultimately allow attackers to gain control of their computers. The attackers use a “ClickFix” process that involves executing commands through native Windows tools like PowerShell and MSBuild, making detection more challenging. The malware delivered is an obfuscated version of DCRat, which provides attackers with remote control capabilities, keylogging, and the ability to download additional malware. The campaign primarily targets hotels and hospitality businesses in Europe, exploiting the urgency of front-desk staff to respond to apparent technical issues. Indicators of a fake BSOD include the ability to interact with the screen, requests to execute commands via Windows tools, and the presence of CAPTCHA prompts. Organizations are advised to train employees, implement application control, enhance email and web defenses, and prepare for incident response to mitigate risks associated with such attacks.

Tech Optimizer

January 7, 2026

Fake error popups are spreading malware fast

A new cybercrime tool called ErrTraffic has emerged, simplifying malware dissemination through deceptive fake error messages that prompt users to address non-existent issues. The attacks begin on compromised websites, where users encounter distorted text and pop-ups suggesting a browser update or font installation. Clicking the provided button copies a command to the clipboard, instructing users to paste it into PowerShell, which triggers the malware infection. ErrTraffic automates this process, requiring minimal investment for attackers to access a control panel and scripted payload delivery. It operates via JavaScript injection, adapting to the user's operating system and browser to display tailored messages. This method effectively bypasses traditional malware defenses, achieving high conversion rates, with nearly 60% of users following through with the instructions. Infected devices may deploy infostealers or banking trojans, with the system designed to evade law enforcement by excluding certain regions. To mitigate risks, users should avoid copying commands from websites, trust built-in update notifications, use robust antivirus software, and regularly remove personal information from data broker sites.