registry changes Archives

Winsage

January 9, 2026

A Free Script Disables Built-In AI Features Across Windows 11

Windows 11 has integrated AI features, including Copilot, which is pinned to the taskbar and embedded in applications like Notepad and Paint. Users cannot universally disable these features, although individual toggles exist. A community script called RemoveWindowsAI has been created to disable Windows AI features at the system level and modify Windows Update settings to prevent reinstallation. The script targets Copilot, Recall, and their integrations, allowing users to disable all features or select specific components. It operates by making registry changes and aims to eliminate visible AI entry points while maintaining their disabled status across updates. When executed, RemoveWindowsAI removes Copilot from the taskbar, uninstalls the app, and disables AI functionalities in applications. Users run the script through Windows PowerShell 5.1, and it can be rerun to re-enable features. The tool provides a consistent experience but has limitations, as it may not address new AI features or changes from major Windows updates.

Winsage

January 1, 2026

Windows Registry Tweak Unlocks 80% SSD Speed Boost on Consumer PCs

A modification in the Windows Registry can enable a native NVMe driver, potentially doubling the performance of solid-state drives (SSDs) by enhancing random read and write speeds by up to 80%. This driver is typically reserved for enterprise environments and is not officially available for consumer versions of Windows 11. The modification carries risks, including the possibility of rendering a system unbootable and disrupting features like BitLocker encryption. Early adopters have reported mixed results, with some experiencing significant performance improvements while others face stability issues. The tweak highlights the disparity between consumer and enterprise hardware capabilities and reflects ongoing discussions within the tech community about optimizing SSD performance.

Winsage

December 24, 2025

Windows 11 driver hack boosts NVMe SSD performance by up to 85%

Windows 11 has recently begun to unlock the full potential of NVMe SSDs through registry modifications that enable a pseudo driver injection, resulting in nearly double the random write performance in certain scenarios. A native NVMe driver was rolled out in a recent update to Windows Server 2025, but it is not enabled by default in consumer versions of Windows 11. Users can activate it through specific registry edits. Testing by users revealed significant enhancements in random read and write performance after implementing these changes, with one user noting an 85% improvement in random write speeds. However, caution is advised when making registry edits, as some users have experienced loss of access to their file systems, which was recoverable by reverting the changes. There is no official timeline for when Microsoft will make the native NVMe driver available for Windows 11.

Tech Optimizer

December 7, 2025

K7 Antivirus Flaw Lets Attackers Gain SYSTEM-Level Privileges

A security vulnerability, designated as CVE-2024-36424, has been found in K7 Ultimate Security antivirus software, allowing low-privileged users to escalate their permissions to the SYSTEM level, thus gaining full control over affected Windows devices. The flaw arises from inadequate access controls in the named pipe K7TSMngrService1, which allows limited permission programs to communicate with higher-privileged programs. Attackers can exploit this vulnerability to disable antivirus protection or execute malicious code with SYSTEM privileges. K7 Computing has released several patches to address the issue, but researchers have found ways to bypass these protections. The vulnerability affects K7 Ultimate Security version 17.0.2045 and potentially earlier versions, prompting organizations to upgrade to the latest patched version.

Winsage

November 25, 2025

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity experts have identified a new campaign that combines ClickFix tactics with counterfeit adult websites to trick users into executing harmful commands under the guise of a "critical" Windows security update. This campaign uses fake adult sites, including clones of popular platforms, as phishing mechanisms, increasing psychological pressure on victims. ClickFix-style attacks have risen significantly, accounting for 47% of all attacks, according to Microsoft data. The campaign features convincing fake Windows update screens that take over the user's screen and instruct them to execute commands that initiate malware infections. The attack begins when users are redirected to a fake adult site, where they encounter an "urgent security update." The counterfeit Windows Update screen is created using HTML and JavaScript, and it attempts to prevent users from escaping the alert. The initial command executed is an MSHTA payload that retrieves a PowerShell script from a remote server, which is designed to deliver multiple payloads, including various types of malware. The downloaded PowerShell script employs obfuscation techniques and seeks to elevate privileges, potentially allowing attackers to deploy remote access trojans (RATs) that connect to command-and-control servers. The campaign has been linked to other malware execution chains that also utilize ClickFix lures. Security researchers recommend enhancing defenses through employee training and disabling the Windows Run box to mitigate risks associated with these attacks.

Winsage

October 16, 2025

Microsoft’s October 2025 Patches Disrupt Active Directory Sync on Server 2025 Systems

Microsoft has acknowledged a significant issue affecting Windows Server 2025 systems, particularly after the installation of the October 2025 security updates. This issue disrupts Active Directory directory synchronization, especially impacting organizations with large security groups exceeding 10,000 members. The synchronization failures affect applications relying on DirSync for on-premises Active Directory Domain Services and particularly impact those using Microsoft Entra Connect Sync to link on-premises directories with cloud services. The problem was first noted on October 14, 2025, after the installation of the September 2025 Windows security update (KB5065426). A temporary workaround involves modifying the Windows registry by creating a DWORD value named 2362988687 with a value of 0 under the FeatureManagement Overrides section at HKEYLOCALMACHINE. Microsoft cautions that incorrect registry changes can lead to severe complications. There is no definitive timeline for a permanent fix, and the issue is limited to Windows Server 2025, with no similar problems reported for earlier server editions or client versions of Windows. Organizations using Windows Server 2022 or older are unaffected. Administrators should assess synchronization needs before deploying the October 2025 updates and monitor for updates regarding a permanent resolution.

Winsage

August 22, 2025

Linux Fu: Windows Virtualization The Hard(ware) Way

The Linux community faces challenges when certain applications are only available on Windows, despite solutions like Wine and virtual machines. A new approach using hardware instead of virtualization has emerged. The author received a Surface Laptop 2 that was non-functional until the keyboard was removed, revealing it was operational. While transitioning Windows installations from VirtualBox to KVM, the author discovered WinApps, a script that allows Windows applications to run on a Linux desktop via a virtual machine. However, this setup caused performance issues due to constant disk activity. The author experimented with connecting WinApps to a physical Windows machine on the network, successfully running Windows software directly on their desktop. The setup required executing an installation script on the Windows machine and making registry changes to enable RDP applications. Minor hurdles included compatibility issues with a dual-monitor setup and user permission bugs. Ultimately, Microsoft Word ran smoothly on the author's KDE desktop, demonstrating the potential for utilizing older computers for occasional tasks.

Winsage

July 9, 2025

5 Windows Registry tweaks I still use, even in 2025

The Windows registry is a crucial part of Microsoft's operating system, recording various system operations. Users can modify the registry through the Registry Editor to enhance performance and user experience, but must do so cautiously to avoid system issues. To take ownership of files, users can add a "Take Ownership" option to the context menu by creating a .reg file. To restore the old Windows 10 context menu in Windows 11, a new key can be added in the Registry Editor. Power throttling can be disabled by creating a new key and DWORD value in the Registry Editor, improving performance for desktop users. Users can disable the Copilot feature by creating a specific key and DWORD value in the Registry Editor. To reduce telemetry data collection, a DWORD value can be set to 0 in the Registry Editor. It is recommended to back up files and create a Restore Point before making any registry changes, and to test risky tweaks on a virtual machine or secondary device.

Tech Optimizer

June 17, 2025

Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT

Threat actors are using a fileless variant of AsyncRAT, targeting German-speaking individuals with a deceptive verification prompt. This prompt misleads users into executing harmful commands. The malware employs obfuscated PowerShell scripts to operate in memory without creating files on disk, complicating detection by antivirus solutions. The attack begins with a fake verification page prompting users to click "I’m not a robot," which copies a malicious command to the clipboard. This command uses conhost.exe to run a hidden PowerShell instance that retrieves a payload from a remote server. The malware establishes a connection to a command-and-control server and maintains persistence through registry keys, enabling remote control and data exfiltration. Key tactics include stealth execution, in-memory C# compilation, and TCP-based communication over non-standard ports. The campaign has been active since at least April 2025. Indicators of Compromise (IOCs) include: - IP: 109.250.111[.]155 (Clickfix Delivery) - FQDN: namoet[.]de (Clickfix / C2 Server) - Port: 4444 (TCP Reverse Shell Listener) - URL: hxxp[:]//namoet[.]de:80/x (PowerShell Payload) - Registry (HKCU): SOFTWAREMicrosoftWindowsCurrentVersionRunOncewindows (Persistence on Boot) - Registry (HKCU): SOFTWAREMicrosoftWindows NTCurrentVersionWindowswin (Holds Obfuscated Command)

Winsage

February 19, 2025

These Windows 11 registry hacks will turn you into a PC pro

The Windows Registry Editor is accessed by pressing Win-R, typing regedit, and confirming with “OK.” The registry files are located in “C:WindowsSystem32config” and user-specific files in “C:Users[username].” The five main branches of the registry are: - HkeyCurrentUser: Configuration settings for the current user. - HkeyLocalMachine: Global settings for all users, requiring administrative rights for changes. - HkeyUsers: Contains user IDs for system profiles. - HkeyClassesRoot: Manages file name extensions and program shortcuts. - HkeyCurrentConfig: Links to keys under HkeyLocalMachineSystemCurrentControlSetHardware ProfilesCurrent. Users can create subkeys and values, which can be of different types. To modify the registry, select a key, use the “New” context menu, and double-click to edit. Creating a backup of the registry is recommended before making changes, which can be done using the Registry Backup Portable tool. To restore the registry, select the most recent backup and click “Restore Now.” Microsoft’s Process Monitor can be used to analyze registry values by filtering for “RegSetValue” and tracking changes. Certain registry values are restricted from modification for security reasons, such as the “widgets” feature in Windows 11. However, methods like batch files and PowerShell scripts can override these protections. Windows transmits diagnostic data to Microsoft, impacting user privacy. Tools like O&O Shutup10 and W10Privacy help manage telemetry settings.