Windows Startup Archives

Winsage

January 15, 2026

Speed Up Your Windows 11 Launch Time in a Snap. Here’s How to Do It

The delay in booting up a Windows 11 laptop can be caused by multiple applications that automatically launch at startup, which can hinder system performance. Common applications that may launch include antivirus programs, Microsoft OneDrive, Slack, gaming applications, backup tools, and webcam software. Users can manage these startup applications through three methods: Task Manager, Settings, or File Explorer. In Task Manager, users can view and disable startup applications by right-clicking on entries in the Startup apps menu. The impact of each application on startup time is categorized as high, medium, low, none, or not measured. In the Settings app, users can navigate to Apps and then Startup to toggle off applications they do not want to launch automatically. File Explorer can also be used to manage startup applications by accessing the shell:appsfolder and shell:startup or shell:common startup commands to view and modify the applications set to launch at sign-in. Users are advised to disable applications they rarely use while keeping essential security software enabled. Third-party startup managers like Autoruns and Startup Delayer can provide additional insights into startup applications. Similar management methods apply to previous Windows versions.

Winsage

January 12, 2026

EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup

A new tool named EDRStartupHinder was unveiled on January 11, 2026, which allows attackers to inhibit the launch of antivirus and endpoint detection and response (EDR) solutions during the Windows startup process. Developed by security researcher Two Seven One Three, it targets Windows Defender and various commercial security products on Windows 11 25H2 systems by redirecting essential system DLLs during boot using the Windows Bindlink API and Protected Process Light (PPL) security mechanisms. The tool employs a four-step attack chain that includes creating a malicious service with higher priority than the targeted security services, redirecting critical DLLs to attacker-controlled locations, and modifying a byte in the PE header of the DLLs to cause PPL-protected processes to refuse loading them. This results in the termination of the security software. EDRStartupHinder has been tested successfully against Windows Defender and other unnamed antivirus products, demonstrating its effectiveness in preventing these security solutions from launching. The source code for EDRStartupHinder is publicly available on GitHub, raising concerns about its potential misuse. Security teams are advised to monitor for Bindlink activity, unauthorized service creation, and registry modifications related to service groups and startup configurations to detect this attack vector. Microsoft has not yet issued any statements regarding patches or mitigations for this technique.

AppWizard

October 24, 2025

New Python RAT Mimic as Legitimate Minecraft App Steals Sensitive Data from Users Computer

A Python-based remote access trojan (RAT) has emerged in the gaming community, disguised as a legitimate Minecraft client named “Nursultan Client.” It uses the Telegram Bot API for command and control, allowing attackers to exfiltrate sensitive data and interact with compromised machines. The malware is packaged with PyInstaller and has a large executable size of 68.5 MB to evade security tools. Upon execution, it hides its console window and presents a fake installation progress bar. Researchers identified the executable with the SHA256 hash 847ef096af4226f657cdd5c8b9c9e2c924d0dbab24bb9804d4b3afaf2ddf5a61. It attempts to create a registry key for persistence but has a flawed startup command. The malware includes a hardcoded Telegram Bot Token (8362039368:AAGj_jyw6oYftV2QQYiYoUslJOmXq6bsAYs) and a restricted list of user IDs (6804277757) for command authorization. It targets Discord authentication tokens and scans local storage and user data directories of major web browsers to extract tokens. Additionally, it features surveillance capabilities like screenshot capture and webcam photography, compiling detailed system profiles.

Winsage

August 14, 2025

6 settings I turn off on every new Windows computer for a smoother, more efficient experience

Microsoft's Windows 11 often does not meet the diverse needs of its users due to its one-size-fits-all default settings. Here are six adjustments that can improve the user experience: 1. The Recall feature, available only on Copilot+ PCs, allows for system snapshots but poses security risks; opting out during setup is advisable. 2. The default display timeout is set to 3–5 minutes; adjusting it to 15 minutes for display and 20–30 minutes for sleep can enhance productivity. 3. Many applications launch automatically at startup, which can slow down boot times; disabling unnecessary start-up programs can improve performance. 4. Modifying or disabling search indexing can enhance system responsiveness for users who do not frequently use the search function. 5. Curating notification settings can reduce distractions from the numerous system notifications in Windows 11. 6. Uninstalling OneDrive can simplify file management by avoiding complications from syncing desktop shortcuts across devices.

Winsage

August 4, 2025

Windows 11 bug that “unexpectedly” trolled Apple squashed by Microsoft — Vista startup sound removed

The Windows Vista boot chime has been officially retired from Windows 11. A bug caused the Vista sound to play during the startup of Windows 11, which Microsoft acknowledged in June and confirmed it was a bug, not an intentional feature. The issue was resolved in Windows 11 Build 27913, which stated that the unexpected use of the Vista boot sound was fixed. Microsoft first introduced startup sounds with Windows 3.1, and they were omitted in Windows 8, but a startup sound was reinstated for Windows 11.

Tech Optimizer

May 18, 2025

Defendnot tool pitched as ‘an even funnier way’ to disable Windows Defender

A new tool called Defendnot, developed by es3n1n, allows users to disable Windows Defender by using an undocumented Windows Security Center (WSC) API to simulate the presence of another antivirus program. This tool is a successor to the no-defender tool, which was taken down due to legal issues. Defendnot does not use third-party antivirus code and aims for a clean implementation. It disables Microsoft Defender upon activation, leaving users vulnerable to malware as it does not provide real-time scanning. Defendnot is designed to run automatically at Windows startup. Microsoft classifies Defendnot as a Trojan, raising concerns about its potential misuse by malicious actors.

Winsage

April 10, 2025

Amy Winehouse, Elton John, and ‘Hamilton’ Added to Library of Congress’ National Recording Registry

The Library of Congress added 25 new sound recordings to its National Recording Registry, including notable entries such as Amy Winehouse’s "Back to Black," Elton John’s "Goodbye Yellow Brick Road," and the original cast album of "Hamilton." Other significant recordings include Tracy Chapman’s self-titled 1988 LP, Miles Davis’ "Bitches Brew," and Mary J. Blige’s "My Life." Iconic tracks featured are “Fly Like an Eagle” by the Steve Miller Band, Celine Dion’s “My Heart Will Go On,” and Helen Reddy’s “I Am Woman.” The selections reflect a range of musical evolution and cultural milestones, with recordings dating from 1913 to 2015. Key additions include a radio broadcast of the 1960 World Series Game 7, Keith Jarrett’s "The Kӧln Concert," the "Minecraft: Volume Alpha" soundtrack, and Brian Eno’s Microsoft Windows startup chime. The recordings span various genres and highlight significant moments in American music history.

Winsage

March 30, 2025

Microsoft Office apps will soon preload on Windows boot for faster launch

Microsoft has introduced a feature called Startup Boost for its Office applications on Windows, aimed at reducing launch times. This feature preloads essential components of apps like Word, Excel, and PowerPoint into memory upon Windows startup, keeping them in a paused state until needed. Startup Boost requires a minimum of 8GB of RAM and 5GB of free disk space to function effectively and will disable itself in Energy Saver mode. Users can disable Startup Boost through Office settings, but it will be automatically reactivated with the next Office update. The rollout is expected to begin in mid-May, starting with Word, followed by other Office apps.

Winsage

March 28, 2025

Office is too slow, so Microsoft is making it load at Windows startup

Microsoft is introducing a feature called "Startup Boost" for its Office suite, allowing applications like Word and Excel to launch automatically upon booting Windows. This feature will only be enabled on devices with a minimum of 8GB of RAM and 5GB of available disk space. The rollout will begin in mid-May, starting with Microsoft Word, and users can disable the feature in Word’s settings or through the Task Scheduler.

Winsage

March 3, 2025

How to make Microsoft Windows services work for you

Windows services are essential for the functionality of the operating system, and while many can be deactivated, caution is advised. Daemon Master is a tool that allows users to configure executables, shortcuts, or batch files as services that start automatically with Windows. To create a service with Daemon Master, users must launch the application, click “New,” assign a service name and display name, and optionally add a description. The default start type is “Automatic,” and users can specify the path to the desired EXE file. After saving, the service will appear as “stopped” and can be started by right-clicking and selecting “Start service.” Services run in the background, but users can access the program window temporarily by selecting “Start service on desktop.” Services can be managed by starting, pausing, resuming, or stopping them, and unnecessary third-party services can be disabled through the system configuration. Troubleshooting can involve restarting specific services, like the Print Spooler for printing issues. To delete a service, users must identify its name, stop it using the command prompt, and then delete it with the sc.exe tool. Tools like Autoruns can also be used for managing services. While deactivating services may not improve performance, it can reduce security vulnerabilities, and programs like Ashampoo Winoptimizer can help users assess the necessity of installed services.