Microsoft added an undocumented driver to Windows that silently blocks changes to specific registry keys, defends itself from removal, and can resurrect after being killed. Its name is UCPD (User Choice Protection Driver). Why does it exist? Why is Microsoft silent about it? And how do you get rid of it? Useful downloads: - Procmon - https://learn.microsoft.com/en-us/sysinternals/downloads/procmon - Strings - https://learn.microsoft.com/en-us/sysinternals/downloads/strings Blog posts about this for further reading: - Xusheng Li - https://binary.ninja/2025/03/25/default-browser-upcd.html - Christoph Kolbicz - https://kolbi.cz/blog/2024/04/03/userchoice-protection-driver-ucpd-sys/ - Gunnar Haslinger (post in German) - https://hitco.at/blog/windows-userchoice-protection-driver-ucpd/ Resources from the video: - EU Digital Markets Act - https://digital-markets-act.ec.europa.eu/index_en - Minifilter drivers - https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/filter-manager-concepts - Windows Feature Store (Velocity) - https://msft.chat/wiki/windows-feature-store.html - China - https://en.wikipedia.org/wiki/China ---------- Join this channel to get access to perks: https://www.youtube.com/channel/UCEaEuLUvy4Y1DqpxiDvnxeQ/join GET YOUR BSOD PILLOW HERE: https://store.flytech.video Join the channel's discord server "The Flying Tech"! https://flytech.video/discord ---------- #windows11 #windowsinternals #microsoft #cybersecurity #flytech
ADVERTISEMENT
Very interesting watch. As someone that migrated to Linux last year, I am very glad I don't have to deal with that crap anymore.
excellent video! this reminds me of the original screen savers microsoft used to sell, and charge you for patching the OS.
no wonder. i totally got malware vibes trying to work on my registry, because of this. well done.
This is an amazing vid i am curious about the security side of this if Microsoft can implement a kernel-level driver that blocks registry edits and persists through reboot, what is the risk that bad actors could exploit this same watchdog to lock out security software or stuff on their own? Has there been anything on whether ucpd itself could be a place for vulnerabilities
You have a great voice for these please keep doing more!
GhostSpectre: "Hold my beer.".
We went from "my pc" to "this computer"
step 1: don't use windows 11 step 2: never worry about this problem
Okay, "Let me delete Edge, oida!"" killed me. 😅
i have an option to right-click to "kill not responding task" AND everytime I right-clik the desktop there almost everytime 2 processes that are kill. 2 PIDs are kill. I wait 1-2-3 minutes, then retry again it kill 2 PIDs.
The fact that MS did not document this driver makes their intentions feel very suspicious.
For some reason i dont have access to run windows calculator and a few other things... Some how my admin account doesn't have access...
So that's what I've felt for a few years now, its like having an anti virus the way it causes what you may call a hitch or micro stutter for no reason.
Austria mentioned 🥳 Oida
Damn, this is a good video! You answered every question, rather than leave queries hanging like so many others.
I've left this os behind. To be frank: 'I do not care anymore'. There are better options out there. Thank you for your content, yt's like these enlighten the masses that needs it!
If you have malware, you've already lost
They never documented NSA backdoor either
I was a computer tech in the 2000's. It was hilarious the sheer number of computers we had come in with browsers with less than 50% viewable windows because of the 43 toolbars the customer had installed over time. Cpu usage pegged at 100%, ram had left the chat, hdd clicking away "please kill me" in morse code... Ahhhh, the good old days.
The fact that admin accounts are still blocked in recent versions of Windows is my biggest trigger.