It turns out that a driver that prevents users from changing the default browser from Microsoft Edge was distributed to Windows



Microsoft is known for doing whatever it takes to stop users from using browsers other than Microsoft Edge, such as

by issuing messages urging users to stop downloading Google Chrome and using the chat AI 'Rinna'. It has been discovered that Microsoft has introduced a driver in the February 2024 Windows update that prevents users from changing the default browser settings for Windows 10 and Windows 11.

UserChoice Protection Driver – UCPD.sys – the kolbicz blog
https://kolbi.cz/blog/2024/04/03/userchoice-protection-driver-ucpd-sys/

Windows UserChoice Protection Driver UCPD / UCPD.sys / UCPDMgr.exe – Gunnar Haslinger
https://hitco.at/blog/windows-userchoice-protection-driver-ucpd/

New Windows driver blocks software from changing default web browser
https://www.bleepingcomputer.com/news/microsoft/new-windows-driver-blocks-software-from-changing-default-web-browser/

In February 2024, IT consultant Christoph Kolbicz reported on social media that he had received a series of inquiries from users of the programs 'SetUserFTA' and 'SetDefaultBrowser,' which he created to change Windows settings, including the default browser, stating that they could no longer change associations after applying the latest Windows 10 updates.



Kolbicz began investigating this issue and discovered that the cause was the 'UserChoice Protection Driver (UCPD.sys)' introduced in KB5034763 (Windows 10) and KB5034765 (Windows 11), which are included in the February 2024 update.

'UserChoice' is a new system introduced in Windows 8 to prevent tampering with malware or malicious scripts.

The new system associates certain file extensions and URL protocols with a hash stored under a registry key called 'UserChoice,' and if the hash is incorrect, the registry value will be ignored and the file will open in Edge, even if you change the browser you use.

For example, if you have set 'https' to open in Google Chrome, the registry will look like this:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
'ProgId'='ChromeHTML'
'Hash'='N3eikAB1HhI='



Kolbicz reverse engineered this algorithm to develop SetUserFTA and SetDefaultBrowser, but the February update introduced the UserChoice Protection Driver, which locked these registry keys, causing errors when trying to change the default browser outside of Windows settings, such as through software.

According to Kolbicz, even if the problem driver prevents you from modifying the registry key, you can disable the driver itself. To disable the driver, run the following cmdlet in PowerShell launched with administrator privileges and restart Windows:

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\UCPD' -Name 'Start' -Value 4 -PropertyType DWORD -Force



However, even if you disable it, the driver is automatically restored by a task called 'UCPD Velocity' created in Windows. Therefore, IT researcher Gunnar Haslinger reported that the change will only take effect if you delete or disable this task in the Task Scheduler.



Kolbicz believes the driver is intended to comply with the Digital Markets Act (DMA) that came into force in the EU.

The DMA designated six major IT companies, including Microsoft, as 'gatekeepers' and imposed various restrictions on them to prevent anti-competitive behavior.

In response to this, Microsoft announced in November 2023 that 'in the European Economic Area, link and file formats that contain http and https will always use the app default settings you configure.'

However, the driver in question has also been deployed to devices of US users, where DMA does not apply, casting doubt on this theory. Some have suggested that this could be for security reasons, or simply to block browsers that compete with Edge, according to IT news site BleepingComputer.

Related Posts:

in Software,   , Posted by log1l_ks