New Windows driver blocks changing the default browser

Microsoft’s update includes a driver that blocks changing the default browser in Windows 10 and Windows 11 using software or by manually making changes to the registry, reports Bleeping Computer.

Windows users can still change their default browser through Windows Settings. However, those who have used software to make the change are now locked out of the driver as part of the Windows 10 (KB5034763) and Windows 11 (KB5034765) updates.

IT consultant Christoph Kolbicz was the first to notice the changes when his SetUserFTA and SetDefaultBrowser programs suddenly stopped working.

SetUserFTA is a command-line program that allows Windows administrators to change file associations through logon scripts and other methods. SetDefaultBrowser works in a similar way, but is only designed to change the default browser in Windows.

Starting with Windows 8, Microsoft introduced a new system for associating file extensions and URL protocols with default programs to prevent them from being replaced by malware and scripts.

This new system associates a file extension or URL protocol with a specially created hash stored under the UserChoice registry keys.

For example, the default browser for the HTTPS URL protocol is located at:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
“ProgId”=”ChromeHTML”
“Hash”=”N3eikAB1HhI=”

If the correct hash is not used, Windows will ignore the registry value and use the default program for that URL, which is Microsoft Edge.

Kolbich reworked this hashing algorithm to create the SetUserFTA and SetDefaultBrowser programs to change the default programs.

However, after installing the February updates to Windows 10 and Windows 11, Kolbich noted that these registry keys were locked, resulting in errors when changing them outside of Windows settings.

For example, using the Windows Registry Editor to change these settings results in an error: “Cannot edit hash: Error writing new value content”.

This driver is described as the “User Choice Protection Driver” and when loaded, it prevents direct editing of registry keys associated with HTTP and HTTPS URL associations as well as PDF file associations.

In his blog post, Kolbicz explains that while you can’t uninstall the driver, you can disable it in the registry. However, a newly created UCPD velocity scheduled task in the \Microsoft\Windows\AppxDeploymentClient folder will automatically enable the service again if it was disabled.