Enterprise Tech

How to disable the Windows Platform Binary Table (WPBT)?

2 views0
How to disable the Windows Platform Binary Table (WPBT)
IGBy
Share

Windows Platform Binary Table (WPBT) refers to an ACPI table in your firmware that allows your computer vendor to execute a program each time. It works on Windows 8 or later boots. It enables computer vendors to force install anti-theft software or a software program conveniently.

However, this also suggests that your newly installed Windows will have potentially redundant 3rd party programs operating directly on the first boot. You being the end user, would not be able to control it.

Moreover, the firmware is not updated as often as your software or OS. So, if any security vulnerability happens in the WPBT-loaded program, many users may never receive the update.

The WPBT program uses a temporary, non-destructive method to discard the table from system memory. Hence, it must be executed each time the computer is rebooted before the Windows bootloader begins.

The WPBT mechanism is significant because it enables OEMs to force install important software that can’t be incorporated with Windows installation media. Unfortunately, it can permit attackers to use malicious tools.

This feature provides the capability to run system software in a Windows environment continually; it becomes crucial that WPBT-based solutions are as safe as possible and don’t expose Windows users to security concerns. WPBT solutions should not include malware (i.e., unwanted software or malicious software installed without proper user consent).

How can you confirm if your computer has a WPBT?

You can use any of these software to confirm:

Note: These software may not work if you’ve enabled HVCI.

Alternate methods to disable the WPBT:

i. From Windows:

Note: It is an unauthentic feature, so implement it at your own risk.

You need to set the below registry key to disable WPBT execution from a running Windows.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager]

"DisableWpbtExecution"=dword:00000001

Now the question is how to set a registry key on the initial boot before the session manager begins. You can do this by setting the registry key in a WIM file with the help of BiscuitTin/Disable-WpbtExecution.

ii. From the Firmware

Certain vendors support disabling WPBT in the firmware settings on certain models. The examples are Lenovo LSE Windows Disabler Tool and ASUS Grid Install Service.

iii. From a 3rd-party Bootloader:

Hackintosh-oriented bootloaders like OpenCore support their config for deleting ACPI tables. It performs the same as this program. Make sure to see their documentation.

Here are the benefits of disabling WPBT:

  • Reduces the risk of your computer being infected with malware.
  • Improves your computer’s security.
  • It makes it more difficult for attackers to gain access to your computer.

If you are concerned about your computer’s security, I recommend that you disable WPBT. It is a simple process that can help to protect your computer from malware.

Disclaimer: The Questions and Answers provided on https://www.gigxp.com are for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose.

What's your reaction?

Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
IG
Previous
Next

You may also like

More in:Enterprise Tech