Hi, thank you for producing this guide.
Recently when debugging a system plagued with I/O issues, I had gone to lengths to try disable Windows from auto-installing third-party software using the registry methods already outlined in the guide.
I found in several cases, particularly Razer and Alienware hardware were installing their own bloatware even with these registry edits applied. In this case of Alienware - simply plugging in their monitor would auto-install the Alienware Command Center without any permission/asking. Razer would bring up an installer setup - even when declined would go ahead and install various Razer DLL files, for simply plugging in a mouse.
It has since been discovered that some of these coinstallers (Razer in particular) are abusing sys admin privileges to bypass UAC and user consent. In addition, several security vulnerabilities have been highlighted from this, which are not addressed by MS as of time of writing.
To prevent this, I had to do the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer
Add DWORD-32 value named DisableCoInstallers
and set it to 1
This registry edit appears to prevent driver coinstaller bloatware from auto-running when a device is plugged in.
Under System properties (sysdm. cp
) -> Hardware -> Device Installation Settings -> Set to No
Note: This setting was off for me and Razer/Alienware would still install, so this setting is not reliable on it's own.
Sources:
https://www.bleepingcomputer.com/news/microsoft/how-to-block-windows-plug-and-play-auto-installing-insecure-apps/
https://twitter.com/wdormann/status/1432703702079508480
I think it would be beneficial to add this to the guide for others, as this is becoming an increasing problem.