Registry Archives

Tech Optimizer

June 18, 2026

Here’s What Actually Happens When Antivirus Software Scans Your PC

Interactions with antivirus software occur during installation and when issues arise, while the software operates quietly in the background. Modern antivirus solutions continuously monitor for threats using various detection methods, including real-time scanning, which actively scrutinizes files as they are downloaded or accessed. The signature database is essential for identifying malware by comparing files against known signatures, but it can only detect documented threats. Heuristic detection and behavioral analysis help catch unknown malware by evaluating suspicious characteristics and monitoring file actions during execution. Sandboxing allows suspicious files to run in a controlled environment, logging their behavior to determine if they are malicious. Quarantine neutralizes threats by locking files in a secure location, allowing users to review them before deletion. Full scans are resource-intensive and can slow down system performance, while real-time scanning is less demanding. Users can schedule scans during idle times, exclude trusted folders, or consider cloud-based solutions to mitigate performance impacts.

Winsage

June 18, 2026

Microsoft confirms Windows 11 Search will find your apps, not Bing results, even if you make typos

Microsoft has released the Insider Experimental Preview Build 26300.8687 for Windows 11 on June 12, 2026, which improves the Windows Search functionality. The update allows the search tool to accurately locate applications even with misspellings, omitted letters, or partial words. For example, typing “utlook” will yield Outlook as a result. Enhancements in the ranking of settings search results ensure that the most relevant options appear at the top. The update also improves local file search, allowing users to find files like “Severance-S2E5” more effectively. A new feature is being tested that will let users turn off web results in Windows Search, focusing exclusively on local content. Currently, disabling Bing results requires navigating through the Windows Registry, but a toggle in the Settings menu is being introduced for easier access. The June 2026 update has already implemented search enhancements, including returning file results after just two characters and a feature called Search by Substring, which allows users to find files using any segment of a filename.

Winsage

June 17, 2026

Windows SprySOCKS Malware: Advanced Kernel-Level Rootkit Targets Government Organizations via Supply Chain Vulnerabilities

The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

Winsage

June 15, 2026

Microsoft released the Windows 11 Secure Boot update for all PCs, how to verify yours

Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.

Winsage

June 14, 2026

Microsoft hides these secret Windows 11 performance boost settings available on every PC

Windows enthusiasts aim to enhance system performance while managing heat and power consumption, especially in mobile PCs. Under-volting techniques are commonly used to optimize performance and reduce power consumption, with tools like AMD's Ryzen Master and Intel's XTU available for this purpose. Users can also adjust settings in the BIOS, such as Curve Optimizer for Ryzen processors. Processor Power Management operates through the Advanced Configuration and Power Interface (ACPI), which includes P-states for voltage-frequency scaling and C-states for CPU sleep states. Windows provides two default P-States: "Minimum Processor State" and "Maximum Processor State." A Registry modification can unlock additional options under a "Processor performance boost mode" dropdown, allowing for five distinct profiles: 1. Disabled: Disables processor boosting, reducing power consumption and heat but limiting performance. 2. Enabled: Allows boost functionality under normal conditions, balancing performance with power and thermal constraints. 3. Aggressive: Prioritizes performance, allowing higher boost states but increasing power draw and thermal output. 4. Efficient Enabled: Focuses on energy efficiency while allowing boosting. 5. Efficient Aggressive: Balances performance responsiveness with efficiency. To enable the Processor performance boost mode, users must access the Registry Editor, navigate to a specific path, and modify the value of Attributes from 1 to 2. This will reveal the new "Processor performance boost mode" dropdown with the five P-State options. The settings are summarized as follows: - Disabled: P-state behavior is disabled. - Enabled: P-state behavior is enabled with Efficient Enabled CPPC. - Aggressive: P-state behavior is enabled with Aggressive CPPC. - Efficient Enabled: Efficient P-state behavior with Efficient Enabled CPPC. - Efficient Aggressive: Efficient P-state behavior with Aggressive CPPC. - Aggressive At Guaranteed: Requests performance above the guaranteed level. - Efficient Aggressive At Guaranteed: Consistently requests the highest performance above the guaranteed level. Users should be cautious when modifying these settings, as issues may arise that require reverting to original settings.

Winsage

June 11, 2026

Microsoft fixes BitLocker recovery bug on Windows Server 2025

Microsoft has resolved an issue affecting certain Windows Server 2025 devices that were booting into BitLocker recovery mode after the April 2026 security update. This issue was linked to specific BitLocker Group Policy configurations and required users to input their BitLocker recovery key upon the first restart after the update. However, this key would only need to be entered once for subsequent restarts, provided the group policy configuration remained unchanged. The problem primarily affected enterprise systems rather than personal devices. The issue arose under specific conditions: BitLocker was enabled on the operating system drive, a particular Group Policy was set, the Secure Boot State PCR7 Binding was "Not Possible," the Windows UEFI CA 2023 certificate was present, and the device was not already using the 2023-signed Windows Boot Manager. Microsoft released fixes in the KB5094125 and KB5093998 updates to address this problem, preventing devices with incompatible group policy configurations from installing the 2023-signed Windows Boot Manager. Event ID 1032 in the System event log indicates the issue when Windows updates are installed. For IT administrators unable to deploy the latest updates, it is recommended to remove the Group Policy configuration before installing updates or to implement a Known Issue Rollback (KIR) on affected devices. Additionally, Microsoft had previously addressed similar BitLocker recovery issues in August 2024 and May 2025.

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.

Winsage

June 10, 2026

Microsoft to Allow Users to Disable Web Search in Windows 11

Microsoft is introducing new controls for Windows 11 that will allow users to disable web search and remove Microsoft Store suggestions from their search results. The update, demonstrated on June 2, 2026, will include two toggles in the Windows 11 Settings app under Privacy and Security → Search Permissions. The first toggle will turn off Bing-powered web results in the taskbar search and Start menu, while the second will control the appearance of Microsoft Store app suggestions. This change replaces the previous method of disabling web search, which required complex registry edits. The new settings aim to enhance user experience by prioritizing local search results and addressing privacy concerns, as user queries will no longer be transmitted to Microsoft’s servers. The toggles are expected to roll out through the Windows Insider program before becoming available to all users.

Winsage

June 8, 2026

Microsoft lets users disconnect Bing from Windows 11 search

Microsoft is set to enhance the user experience for Windows 11 by allowing users to disable web search results during local searches. This feature will be available in the settings menu under Privacy & Security > Search, with a new toggle under "Show suggested search results." Additionally, users will have the option to disable Microsoft Store suggestions in the Windows 11 search feature. Currently, turning off web results requires manual adjustments in the Windows registry, but the upcoming update aims to simplify this process. The exact rollout date for this update has not been announced.