Asus Z390 Motherboards Automatically Push Software In2 Your Windows Installation

Looks like it&#x27;s the WPBT ACPI table again. Lenovo was caught doing the same back in 2015: <a href="https:&#x2F;&#x2F;www.theregister.co.uk&#x2F;2015&#x2F;08&#x2F;12&#x2F;lenovo_firmware_nasty&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.theregister.co.uk&#x2F;2015&#x2F;08&#x2F;12&#x2F;lenovo_firmware_nas...</a><p>Windows will just blindly execute the binary from the WPBT table on boot. Specifically, it&#x27;s done by the Session Manager, the first user-mode process (%SystemRoot%\System32\smss.exe).<p>The WPBT table is dumped as %SystemRoot%\System32\wppbin.exe and then executed.<p>This behavior can apparently be disabled by a registry setting:<p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]<p>&quot;DisableWpbtExecution&quot;=dword:00000001<p>The previous time this happened, didn&#x27;t Microsoft promise to keep this behavior on by default only in a corporate setting? Or maybe I&#x27;m misremembering.<p>(Edited to add more details.)

I would tolerate if the board exposed a small romdisk that&#x27;s visible to the OS, but running stuff without my express consent is waaaaay too much.

Old article is old. Old news.