Windows has introduced an update that blocks users from changing their default browser using a software utility or by modifying the Registry.
A driver has been found sneakily nestled in the latest Windows 10 and 11 updates that only allow users to change their browser in the Windows settings.
IT consultant Christoph Kolbicz noticed the change when his SetUserFTA and SetDefaultBrowser programs stopped working.
SetUserFTA is a command line utility that allows you to change the file type associations for different programs.
The command lets users configure which programs handle specific file types.
SetDefaultBrowser is a similar utility that only sets your default web browser from the command line.
SetUserFTA was reverse-engineered by Kolbicz in 2017 after Microsoft removed the functionality in 2012.
This was due to Microsoft revamping the system to assign file extensions and URL protocols to open with specific apps.
Its new system linked file type and protocol associations to a unique hash stored under the UserChoice Registry keys.
If users do not use the correct hash, Windows will ignore the Registry values.
When his SetUserFTA and SetDefaultBrowsaer stopped working, Kolbicz received the following error message: “Cannot edit Hash: Error writing the value’s new contents.”
Further investigation revealed Windows had locked down these Registry keys.
Kolbicz found that a new filter driver introduced in the February updates for Windows 10 and 11 called “USPD.sys” bars users from editing the registry keys of HTTP, HTTPS, and .PDF file associations.
In tests conducted by BleepingComputer to verify this change, only Windows 10 devices were found to lock down Registry keys. However, many Windows 11 users reported experiencing the issue.
Kolbicz mentioned that although users could not unload the driver from Windows, it could be disabled using the following command.
New-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\UCPD” -Name “Start” -Value 4 -PropertyType DWORD -Force
However, Gunnar Haslinger soon pointed out in a blog post that Windows had created a Scheduled Task to re-enable the driver.
The only way to completely remove the driver is to delete the Scheduled Task and disable UCPD.sys in the Registry.
Loading ...
Join the conversation Autoload comments
Comments section policy: MyBroadband has a new article comments policy which aims to encourage constructive discussions. To get your comments published, make sure it is civil and adds value to the discussion.