Windows Platform Binary Table (WPBT) refers to an ACPI table in your firmware that allows your computer vendor to execute a program each time. It works on Windows 8 or later boots. It enables computer vendors to force install anti-theft software or a software program conveniently.
However, this also suggests that your newly installed Windows will have potentially redundant 3rd party programs operating directly on the first boot. You being the end user, would not be able to control it.
Moreover, the firmware is not updated as often as your software or OS. So, if any security vulnerability happens in the WPBT-loaded program, many users may never receive the update.
The WPBT program uses a temporary, non-destructive method to discard the table from system memory. Hence, it must be executed each time the computer is rebooted before the Windows bootloader begins.
The WPBT mechanism is significant because it enables OEMs to force install important software that can’t be incorporated with Windows installation media. Unfortunately, it can permit attackers to use malicious tools.
This feature provides the capability to run system software in a Windows environment continually; it becomes crucial that WPBT-based solutions are as safe as possible and don’t expose Windows users to security concerns. WPBT solutions should not include malware (i.e., unwanted software or malicious software installed without proper user consent).
You can use any of these software to confirm:
Note: These software may not work if you’ve enabled HVCI.
i. From Windows:
Note: It is an unauthentic feature, so implement it at your own risk.
You need to set the below registry key to disable WPBT execution from a running Windows.
Windows Registry Editor Version 5.00
Now the question is how to set a registry key on the initial boot before the session manager begins. You can do this by setting the registry key in a WIM file with the help of BiscuitTin/Disable-WpbtExecution.
ii. From the Firmware
Certain vendors support disabling WPBT in the firmware settings on certain models. The examples are Lenovo LSE Windows Disabler Tool and ASUS Grid Install Service.
iii. From a 3rd-party Bootloader:
Hackintosh-oriented bootloaders like OpenCore support their config for deleting ACPI tables. It performs the same as this program. Make sure to see their documentation.
Here are the benefits of disabling WPBT:
If you are concerned about your computer’s security, I recommend that you disable WPBT. It is a simple process that can help to protect your computer from malware.