|
WPBT (Windows Platform Binary Table) is the way that hardware in your computer can force Windows (8, 10, and 11) to run a specific program when starting up. This is how your Motherboard may install software automatically. There are ways to disable this, but it is a fairly complicated procedure. It is possible that malware may hide itself in one of these areas (or even be there by default if the manufacturer or supply chain is compromised).
To see what data YOUR hardware has Windows run automatically, you can run the following free tool. You can export the data to a binary file, and then check it with https://www.virustotal.com https://www.nirsoft.net/utils/firmware_tables_view.html This registry setting disables WPBT. (save this to a .reg file and run it, or edit it manually). Copy to Clipboard
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"DisableWpbtExecution"=dword:00000001
However, by the time you do this, Windows will have loaded WPBT at least once already. To be completely safe, you need to set this registry entry before windows loads. This page has a Powershell script that will let you modify the Windows registry in a .wim file. You can do this on your Windows installer USB drive, so that when you do a clean install of Windows, it will come with this registry entry as default, and will never execute WPBT. https://github.com/BiscuitTin/Disable-WpbtExecution This link is for a way to disable this on bootup by installing this special bootloader (as of yet untested by me). This is not the ideal way to do this, the registry entry above is probably the better and safer way. https://github.com/Jamesits/dropWPBT |