registry modifications Archives

Winsage

January 19, 2026

Windows 11 PCs Fail To Shut Down After Update

Some users of Windows 11 have experienced a problem where their PCs reboot instead of shutting down after the Patch Tuesday security update KB5073455. This issue primarily affects devices with Secure Launch on Windows 11 version 23H2. Microsoft has confirmed this behavior, which disrupts the usual power-off sequence and can drain battery life for laptops and complicate remote management processes. An out-of-band update, KB5077797, has been released to restore normal shutdown and hibernation functionalities for affected systems. Users can check for this update in Windows Update or download it from the Microsoft Update Catalog. To determine if they are affected, users should look for immediate restarts when selecting Shut Down or Hibernate and check if Secure Launch is enabled in System Information.

Winsage

January 12, 2026

EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup

A new tool named EDRStartupHinder was unveiled on January 11, 2026, which allows attackers to inhibit the launch of antivirus and endpoint detection and response (EDR) solutions during the Windows startup process. Developed by security researcher Two Seven One Three, it targets Windows Defender and various commercial security products on Windows 11 25H2 systems by redirecting essential system DLLs during boot using the Windows Bindlink API and Protected Process Light (PPL) security mechanisms. The tool employs a four-step attack chain that includes creating a malicious service with higher priority than the targeted security services, redirecting critical DLLs to attacker-controlled locations, and modifying a byte in the PE header of the DLLs to cause PPL-protected processes to refuse loading them. This results in the termination of the security software. EDRStartupHinder has been tested successfully against Windows Defender and other unnamed antivirus products, demonstrating its effectiveness in preventing these security solutions from launching. The source code for EDRStartupHinder is publicly available on GitHub, raising concerns about its potential misuse. Security teams are advised to monitor for Bindlink activity, unauthorized service creation, and registry modifications related to service groups and startup configurations to detect this attack vector. Microsoft has not yet issued any statements regarding patches or mitigations for this technique.

Winsage

January 12, 2026

Windows 11 File Explorer Lag: Legacy XP Feature Fix via Registry Tweak

File Explorer in Windows 11 has been reported to have performance issues, particularly delays when navigating folders with many media files or documents. This problem is linked to the auto-discovery feature, which optimizes folder display settings based on content but incurs a significant computational burden. Disabling this feature through registry modifications can lead to improved performance, with users experiencing faster navigation and reduced folder load times. Microsoft has acknowledged these issues and plans to preload File Explorer for quicker launches, but the underlying problems remain largely unaddressed. Users have shared their experiences and solutions, including registry tweaks that set folder types to "NotSpecified" to eliminate scanning overhead. Despite some incremental updates from Microsoft, many users still face core lags, prompting ongoing community-driven fixes and discussions about the need for deeper audits of legacy code.

Winsage

January 9, 2026

Use These Windows Registry Hacks to Tame the Disruptive Windows Updates

Many users are frustrated with Microsoft's management of Windows updates, which can disrupt workflows during critical tasks. While completely disabling updates poses security risks, users can modify the Windows Registry to regain control. To prevent automatic downloading and installation of updates, users can create a key in the Registry at HKEYLOCALMACHINESOFTWAREPoliciesMicrosoftWindows, naming it WindowsUpdate, and then create another key named AU. A DWORD value named AUOptions can be set to 2 to prompt for permission before updates. To stop automatic restarts during logged-in sessions, users can navigate to HKEYLOCALMACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU and create a DWORD value named NoAutoRebootWithLoggedOnUsers, setting its value to 1. To lock Windows to a specific version and avoid feature upgrades, users can access HKEYLOCALMACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate and create a DWORD value named TargetReleaseVersion set to 1, along with two String values: ProductVersion for the current version and TargetReleaseVersionInfo for the desired version. To prevent automatic driver updates, users can go to HKEYLOCALMACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate and create a DWORD value named ExcludeWUDriversInQualityUpdate, setting its value to 1. To extend the pause limit for updates beyond five weeks, users can access HKEYLOCALMACHINESOFTWAREMicrosoftWindowsUpdateUXSettings and create a DWORD value named FlightSettingsMaxPauseDays, setting its value to 365 or any preferred duration. These modifications allow for greater control over Windows updates, although emergency updates may still occur.

Winsage

January 8, 2026

Windows can never be an immutable OS, and that might be a problem

"Immutable" operating systems are designed with a read-only core that is updated comprehensively, allowing user data and applications to exist independently from the base system, reducing risks of corruption and configuration drift. While macOS is largely immutable, Windows cannot transition to an immutable model due to its design based on mutability, which allows for continuous modification and backward compatibility. Windows 11's flexibility leads to a cumulative change model, making it increasingly difficult to troubleshoot and maintain. Microsoft has made some improvements within the mutable framework, but challenges remain, such as dependency control and application integration. Users expect seamless updates, but Windows is perceived as high-maintenance, leading to performance issues. A truly immutable version of Windows would conflict with user expectations and require significant software rewrites. Consequently, Windows is likely to remain in a hybrid state, adopting some immutable features while still facing issues related to its mutable architecture.

Winsage

January 3, 2026

5 Free Tools To Keep Your Windows 10 PC Secure Without Further Microsoft Support

Millions of users are unable to transition to Windows 11 due to stringent hardware requirements, leaving many Windows 10 PCs vulnerable to malware threats. Microsoft has introduced Extended Security Updates (ESU) for Windows 10 Home users, available for a year at a cost. Users can enhance their Windows 10 security with various tools: - 0patch: Micropatches vulnerabilities without requiring a restart, supported until 2030. The free version addresses zero-day vulnerabilities, while the pro version offers more comprehensive protection. - TinyWall: Simplifies firewall management using the Windows Filtering Platform, allowing users to control app connections without constant pop-ups. - Patch My PC Home Updater: Automates the updating of outdated applications to enhance security. - Sandboxie Plus: Allows users to run applications in an isolated environment to prevent changes from affecting the system. - Panda Dome Free: A free antivirus solution providing real-time protection against malware, with features like USB Protection and Process Monitor.

Winsage

December 24, 2025

This neat Windows 11 registry trick offers higher NVMe SSD performance—but it’s not for everyone

Recent discoveries have revealed a registry tweak that can enhance the performance of NVMe SSDs on Windows 11, particularly improving random 4K speeds. Traditionally, Windows has treated most drives as SCSI, limiting the potential of NVMe drives. Microsoft is introducing native NVMe support in Windows Server 2025, which bypasses the SCSI conversion process for improved speed and efficiency. Users can achieve similar enhancements on Windows 11 through specific registry modifications, which must be done at their own risk. The necessary driver is included in recent updates for both Windows Server 2025 and Windows 11. Users need to adjust three registry values to enable this functionality. Once modified, NVMe drives will appear under 'Storage Media' in Device Manager. Reports indicate significant performance gains, with one user noting increases of 45% in random 4K read and 49% in write performance. Microsoft suggests enterprise users could see up to 80% higher IOPS and a 45% reduction in CPU cycles. The WD Black SN8100 SSD is noted for its high random 4K speeds, loading games faster than competitors. Many users have pointed out that Linux has had native NVMe support for some time.

Winsage

December 24, 2025

Windows 11 has a hidden driver that may boost NVMe SSD performance

Windows users have relied on the disk.sys driver for storage management since 2006, which has not changed significantly despite support for NVMe since Windows 8.1. Microsoft has introduced nvmedisk.sys for Windows Server 2025 and a version in Windows 11 25H2, which improves performance by enhancing integration with NVMe technology. Tests show that nvmedisk.sys offers better raw throughput in sequential and random read/write tasks compared to disk.sys, as it removes the legacy SCSI translation layer, reducing overhead and improving latency, particularly on high-end SSDs. However, enabling nvmedisk.sys may cause system instability or boot failures if the SSD controller lacks compatibility, and users are advised to check the current driver in Device Manager and back up data before switching drivers. The new driver is still in a soft launch phase, and there is uncertainty about when it will be available in a stable build.

Winsage

December 24, 2025

Windows 11 driver hack boosts NVMe SSD performance by up to 85%

Windows 11 has recently begun to unlock the full potential of NVMe SSDs through registry modifications that enable a pseudo driver injection, resulting in nearly double the random write performance in certain scenarios. A native NVMe driver was rolled out in a recent update to Windows Server 2025, but it is not enabled by default in consumer versions of Windows 11. Users can activate it through specific registry edits. Testing by users revealed significant enhancements in random read and write performance after implementing these changes, with one user noting an 85% improvement in random write speeds. However, caution is advised when making registry edits, as some users have experienced loss of access to their file systems, which was recoverable by reverting the changes. There is no official timeline for when Microsoft will make the native NVMe driver available for Windows 11.

Winsage

December 22, 2025

Windows 11 hack: Higher SSD speeds with new Microsoft NVMe driver

The process of enhancing SSD performance involves modifying the Windows registry with specific commands to unlock improvements in data transfer speeds, particularly for PCIe 4.0 SSDs. The commands to add values to the registry are: 1.

reg add HKEYLOCALMACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides /v 735209102 /t REG_DWORD /d 1 /f

reg add HKEYLOCALMACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides /v 1853569164 /t REG_DWORD /d 1 /f

reg add HKEYLOCALMACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides /v 156965516 /t REG_DWORD /d 1 /f

After executing these commands, a system restart is required to see changes in the Device Manager, where SSD drives will shift from "Disk drives" to "Storage disks," indicating the use of the nvmedisk.sys driver. Users may experience a 10 to 15% increase in data speeds for PCIe 4.0 SSDs, with even PCIe Gen 3.0 SSDs showing improvements. Benchmark results indicated up to a 45% increase in sequential reading performance and a 15% increase in write performance. For a specific 1TB SSD, sequential read performance improved by approximately 23%, and write performance increased by 30%. However, caution is advised as some users reported issues with SSD management tools, and compatibility with all NVMe SSDs is not guaranteed.