Microsoft’s Windows Security Update Blocks Popular Search Utility “Everything”
In a recent development, Microsoft has expanded its security protocols to block the widely used Windows search utility, “Everything,” developed by voidtools. Notably, this action does not involve kernel-level drivers but results from the application being flagged under Microsoft’s updated driver and application control rules.
Background on “Everything”
“Everything” is a highly popular desktop search tool praised for its speed and efficiency in locating files and folders within Windows. Its lightweight nature and lack of deep system integration have made it a favorite among power users and IT professionals alike.
The Issue with Microsoft’s Security Update
On January 14, 2025, Microsoft released a Windows security update that, among various changes, incorporated “Everything” into their Recommended Driver Block Rules. This inclusion prevents users from executing the program’s main executable, Everything.exe, with an error message citing, “A certificate was explicitly revoked by its issuer.”
This change was observed and discussed openly on the voidtools forums as early as a few weeks prior, with detailed explanations surfacing on January 16. The inclusion in the blocklist appears to be based on the application’s signer identity, with Microsoft referencing the signer ID associated with voidtools.
Technical Details
The blocklisting references the following signer identification:
xml
<Signer ID="ID_SIGNER_VOIDTOOLS" Name="voidtools (Thumbprint: 4DA2AD938358643571084F75F21AFDDD15D4BAE9)">
<CertRoot Type="TBS" Value="2AAA2A578BDEB2F1DBAAE27B6358B87D14143B7FA98518A6AC576172677225AC"/>
This indicates that the executable’s digital signature has been revoked or flagged within Microsoft’s security infrastructure, effectively preventing its execution.
Workarounds and Community Response
In response, some users have discovered methods to temporarily bypass this restriction by removing or altering the certificate signatures on the “Everything” executable. These workarounds have been shared within the voidtools community and forum discussions, but they do not address the underlying security policy changes.
Broader Implications
The question arises: Is Microsoft overreaching by blocking a trusted, well-established utility? The move raises concerns about the balance between security and user autonomy. While the rationale may be rooted in security policies—particularly to prevent malicious actors from exploiting digital
Share this content:
