SetUserFTA has now its own domain and Twitter account. I will no longer use my blog to share information about SetUserFTA. Please follow @setuserfta on Twitter and visit the website at

KB5064081 updates UCPD.sys to v4.4 with four new features and shifts several older ones into the base protection layer. More details coming soon.

Microsoft is now enabling almost all the new features I covered in my blog on Windows 11 Pro. My test VM has most of them activated already - interestingly, file rename protection isn’t active yet.

New blog post: UCPD.sys – UserChoice Protection Driver Part 2:

UCPD.sys v4.3 is now rolling out on Windows 11. It brings 6 new protection features (currently inactive) - including one that blocks the file renaming attack 😬

Looks like Microsoft is rolling out the new hash protection more broadly - even my test VM just got migrated to UserChoiceLatest. Time to update @SetUserFTA, I guess 😬

Microsoft is A/B testing Office file extension protection via UCPD.sys (.doc/.docx/.xls/.xlsx/.ppt/.pptx) on consumer Windows (non-Enterprise, non-domain, non-EDU). This “feature” is now active for some as part of an experimental rollout. SetUserFTA can already handle this.

Since it's now blocked on Windows 11, I'm publishing a simple PoC to bypass UCPD.sys using RegRenameKey: https://t.co/jtxJiD0VbW Original idea by @GHaslinger, but also discovered by Mozilla:

It looks like UCPD.sys can now load dynamic rules from the registry and process them in real time — no update or reboot needed, similar to antivirus pattern updates. This is not active yet, but will extend deny/allow lists and other functions.

Windows 11 is now getting UCPD.sys v4.2. The update activates features that block several workarounds used by various software products, including SetUserFTA, which already handles the change by falling back to alternative methods. More info soon.

UCPD.sys v4.1.1 fixes this bug - now rolling out to Windows 10 as well.

🚨 New Blog Post: UserChoiceLatest - Microsoft’s new protection mechanism for file type associations. What it changes, how it impacts file association management, and what it means for tools like SetUserFTA.

For those wondering: that’s why UCPD.sys protects the UserChoiceLatest key too.

This turned out way fancier than I expected. Thanks, Microsoft, for disrupting my sleep schedule and Easter holidays 🙃 But hey - it's solved now!

Microsoft is A/B testing a new machine-bound UserChoice hash in Windows 11. Existing associations are migrated, but new UserChoice keys are ignored. The hash format has changed and must be recalculated. Nothing too fancy, actually. 😎

RELEASE: SetUserFTA v2.5.0 is now available. SilentFTA is included as a free add-on for all existing customers. Additionally, it properly handles the UCPD.sys v4.1 bug. The update is available through the download portal.

Confirmed: this bug remains unfixed in today’s public updates. Applies to Windows 11 with UCPD.sys v4.1.0.0. Windows 10 still uses v4.0.1.0, which isn’t affected.

UCPD v4.1 has a bug that miscalculates string array indexes, causing it to block .html but not .htm. Clearly, the driver wasn’t meant to block these extensions yet.

Microsoft is rolling out UCPD.sys v4.1 on Windows 11, now protecting .htm and .html files. Previously, this was only the case on Insider builds. Windows 10 remains on UCPD v4.0.

Today, I tried to pay online, and Safari suggested an unknown credit card. No idea whose it is. I googled it, and apparently, this happens often?! The card was expired, and the CVV was missing, but still… 🤯

SetUserFTA now supports wildcards for get and find commands, making filtering and exporting simpler and more efficient: