Registry Archives

Winsage

May 6, 2026

“Minimize downtime and simplify troubleshooting”: Microsoft’s powerful new recovery tool is quietly fixing System Restore. Here’s how it actually works.

System Restore is a recovery tool in Windows that allows users to revert their systems to a previous state, originating with Windows ME. It generates restore points that can be created manually or automatically, with a maximum retention of 60 days starting from the Windows 11 24H2 update in 2025. System Restore captures essential system files and settings but does not recover personal files. The new Point-in-Time Restore feature, introduced in 2025 and appearing in the Windows 11 Insider Experimental preview in April 2026, captures a broader range of data, including user files and applications, and operates on a scheduled basis with snapshots retained for up to 72 hours. It is optional for standard users, enabled by default for PCs with 200GB or more storage, and has storage limits set to 2% of total drive capacity. In enterprise settings, it is always enabled for Windows 365 Enterprise, maintaining restore points for up to one month and utilizing cloud storage. Point-in-Time Restore aims to improve the recovery experience and address limitations of the classic System Restore.

Winsage

May 6, 2026

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

On April 30, 2026, Microsoft Defender misclassified two legitimate DigiCert root certificates as a severe threat, specifically Trojan:Win32/Cerdigent.A!dha, leading to their quarantine and disrupting SSL/TLS validation across affected endpoints. This misclassification was a result of new malware detections introduced by Microsoft in response to concerns over compromised certificates from a DigiCert breach. The false-positive alerts were triggered by the registry entries of the two trusted root certificates, which are crucial for validating SSL/TLS sessions. Microsoft later acknowledged the error and adjusted the alert logic. There was no actual compromise of the DigiCert certificates, as administrators confirmed that the certificate hashes matched the official values. The misclassification stemmed from a failure to properly constrain the detection to only revoked end-entity signing certificates related to a separate incident. This incident follows a pattern of Microsoft Defender misidentifying legitimate software as malicious, as seen in a 2022 incident where Microsoft Office was flagged as a virus. Organizations with restrictive update policies may continue to face SSL/TLS validation failures until they deploy the corrective Security Intelligence version or manually restore the DigiCert roots.

Winsage

May 4, 2026

Windows Update Preview: Haptic Feedback and Xbox Gaming Mode

Microsoft has released preview updates for Windows that include haptic feedback and an improved Xbox mode. The haptic feedback feature provides tactile responses during actions like aligning objects in PowerPoint and resizing windows, supported by select devices such as the Surface Slim Pen 2 and Logitech's MX Master 4 after a firmware update. The improved Xbox mode offers a full-screen interface for gaming, accessible via the Windows+F11 shortcut. File Explorer now supports additional formats and remembers view and sort preferences for Downloads and Documents folders. Monitoring capabilities for AI agents have been enhanced, and Windows 11 allows the removal of pre-installed Microsoft Store apps through policies. The updates also introduce a new policy preventing the acceptance of drivers with cross-signed root certificates and enhance security measures for batch files. The updated Windows 11 versions will display build numbers 26200.8328 and 26100.8328.

Tech Optimizer

May 4, 2026

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, leading to their removal from Windows systems globally. This issue arose after a Defender signature update on April 30th, with affected certificates including 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 and DDFB16CD4931C973A2037D3FC83A4D7D775D05E4. The certificates were removed from the AuthRoot store under the Registry key HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates. Microsoft has addressed the issue in Security Intelligence update version 1.449.430.0, which also restored the removed certificates. The false positives were linked to detections related to a recent DigiCert breach, where threat actors obtained valid code-signing certificates used for signing malware. DigiCert revoked 60 code-signing certificates, including those linked to the "Zhong Stealer" malware campaign. The malware utilized certificates issued to companies like Lenovo and Kingston, but the certificates flagged by Microsoft Defender are root certificates and do not correspond to the revoked code-signing certificates.

Winsage

May 2, 2026

Windows finally fixed File Explorer’s most annoying quirk, and it only took 20 years

Windows 11's latest builds (26100.8313 and 26200.8313) have improved folder view consistency in File Explorer, ensuring that user-configured settings persist regardless of how a folder is accessed. This update eliminates the need for registry tweaks. Additionally, the updates enhance File Explorer's speed and performance, resolve a white flash issue in dark mode, introduce a "preview anyway" button for the preview pane, and add support for four new archive formats. These changes are currently available in the Release Preview channel and will soon be rolled out to regular users.

Winsage

May 2, 2026

“Xbox mode is easily the headline feature”: In May’s Windows 11 update, I walk through the 11 upgrades that change how we use the OS, and why some of them surprised me

Microsoft will begin rolling out the May 2026 Security Update for Windows 11 on May 12, 2026. Key features of this update include: 1. Xbox Mode: Transforms PCs into a console-like experience, prioritizing system resources for gaming and freeing up to 2GB of memory. 2. Voice Typing Improvements: Redesign of Voice Typing elements on the touch keyboard. 3. New Arabic 101 Legacy Keyboard Layout: Available for addition from the Region page in Settings. 4. Drop Tray Changes: Renamed from Drag Tray and can be disabled in Settings > System > Multitasking. 5. Taskbar AI Agents Support: Allows monitoring of AI agents directly from the Taskbar, starting with the Microsoft 365 Copilot app. 6. Debloat Policy with Dynamic List Support: Enables administrators to specify additional apps for removal beyond the default list. 7. Windows Driver Policy Update: Changes how the kernel manages trust for third-party drivers, eliminating default trust for cross-signed drivers. 8. Batch File Security Changes: Enhances security for batch files and Command Prompt scripts, with an option for a hardened processing mode. 9. Format FAT32 up to 2TB: The format command-line tool now supports formatting volumes up to 2TB using FAT32.

AppWizard

April 30, 2026

Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection

A new infostealer malware called LofyStealer is targeting the gaming community, particularly Minecraft players, by disguising itself as a cheat tool named “Slinky.” It employs a two-stage attack to extract sensitive information from eight major web browsers, including Chrome and Firefox, while evading detection by security software. The malware siphons off cookies, saved passwords, payment card information, and session tokens. Researchers at Zenox.ai identified LofyStealer, linking it to the Brazilian cybercrime group LofyGang, which has been active since October 2022. The malware uses social engineering tactics to appear legitimate and operates as a Malware-as-a-Service platform, offering both Free and Premium tiers to buyers. Its technical sophistication is evident in its method of in-memory browser injection, which allows it to bypass security defenses. The stolen data is compressed and sent to a command-and-control server. Users are advised to avoid downloading unofficial game mods and enable multi-factor authentication to reduce the risk of credential theft. Security teams should monitor for specific behavioral indicators related to the malware's operations.

AppWizard

April 29, 2026

Minecraft 26.2 Snapshot 5

The 26.2 Snapshot 5 introduces several new features, including an explosive archetype for the Sulfur Cube and the addition of erupting Geysers formed by Potent Sulfur. The new Sulfur Cube archetype, called Explosive, shares properties with the Regular archetype but has higher air drag and can absorb TNT blocks. When primed, absorbed TNT has a fuse time of 6 seconds when ignited by fire or Redstone, and a randomized fuse time between 0.75 and 3 seconds when primed by an explosion. Sulfur Cubes with absorbed TNT cannot be picked up or damaged, and no Small Sulfur Cubes will spawn upon explosion. Potent Sulfur creates Geysers when placed above a Magma block and under water, sending water particles skyward at random intervals. Various adjustments have been made to mob hitboxes, and Hoglins are now classified as hostile and will not spawn on Peaceful difficulty. New sounds for Geyser eruptions have been added, and Touchscreen Mode has been removed. The Data Pack version is now 104.0, and the Resource Pack version is 86.2. New particles related to Geysers have been introduced, and several bugs have been fixed in this update.

Tech Optimizer

April 28, 2026

Constructive Open Sources Agentic DB, the Postgres Memory Layer for AI Agents

Constructive has released agentic-db, an open-source Postgres database aimed at improving AI agents with features like persistent memory, structured knowledge, and hybrid retrieval. This database allows for efficient searching, filtering, and ranking of information, addressing inefficiencies associated with traditional markdown file storage. Key features of agentic-db include long-term memory, conversation tracking, a versioned registry for skills and tools, rules and policies for governance, task orchestration, and runtime observability. It is delivered as a single installable Postgres schema, indexed for multiple retrieval modes, and supports integration with various AI assistants through generated Agent Skills and CLIs. agentic-db is available under the MIT license for local use, with a cloud offering in development for secure, scalable solutions. Developers can access it on npm and GitHub.

Winsage

April 27, 2026

Windows 11 KB5083769: The April Update may require the recovery key on certain BitLocker-enabled systems

The April update KB5083769 for Windows 11 versions 24H2 and 25H2, released on April 14, 2026, has a known issue where certain devices may enter BitLocker recovery mode after installation. This problem affects a limited subset of devices with specific, non-recommended BitLocker Group Policy settings. The issue arises when BitLocker is activated, a specific TPM platform validation policy is set to include PCR7, PCR7 binding is not feasible, the Windows UEFI CA 2023 certificate is present, and the device is not using the 2023-signed Windows Boot Manager. Microsoft advises organizations to review their BitLocker Group Policy settings and verify PCR7 binding status before deploying the update to prevent devices from requesting recovery keys. If the recovery prompt appears, users will need to enter the BitLocker recovery key, but subsequent reboots should not trigger the recovery process again if the Group Policy remains unchanged.