Windows 11 Preview Updates Add Native Sysmon and Fix Explorer/Taskbar Regressions
Microsoft’s latest Windows 11 preview releases for Insiders and optional updaters introduce native Sysmon and ship fixes for disruptive Windows Explorer/taskbar regressions. Windows 11 Insider Dev Channel Build 26300.7733 (KB5074178) adds Sysmon as a built-in Optional Feature, bringing deeper endpoint telemetry (e.g., process creation with command lines, network connections, driver loads, and file timestamp manipulation) intended to improve forensic visibility and incident investigation; Microsoft notes the integrated Sysmon conflicts with legacy standalone Sysmon installs, requiring removal of the older version before enabling the new feature.
Separately, the optional preview update KB5074105 for Windows 11 24H2/25H2 addresses a January cumulative-update regression where Explorer.exe could hang at startup—causing the taskbar to intermittently disappear and forcing users to restart Explorer via Task Manager—and also fixes reports of desktop icons being rearranged unexpectedly. ZDNET characterizes the upcoming February Windows 11 patch as feature-heavy and indicates KB5074105 is an early look at what will roll into the broader monthly release, while other referenced ZDNET pieces are general OS commentary/comparisons and not tied to the Sysmon integration or the KB5074105 Explorer fix; an Android 17 feature roundup is unrelated.
Sources
Related Stories
Windows 11 Reliability Backlash and KB5074105 Preview Update Fixes
Microsoft reported **over 1 billion monthly active Windows 11 users**, but user sentiment remains negative, with prominent complaints focused on **buggy updates**, perceived reliability regressions, and unwanted feature changes (including AI-related additions). Microsoft leadership publicly acknowledged the feedback and said the company will prioritize **performance, reliability, and overall user experience** improvements to rebuild trust. Microsoft also released the **KB5074105** optional *non-security* preview cumulative update for Windows 11 (24H2/25H2), positioned as an end-of-month quality update ahead of the next Patch Tuesday. KB5074105 includes dozens of changes and targets operational issues including **boot problems** (e.g., startup hangs when Windows Boot Manager debugging is enabled and iSCSI boot failures with `Inaccessible Boot Device`), **sign-in issues** (including `Explorer.exe` hanging on first login under certain startup-app configurations), and **activation/license migration failures** during upgrades when devices cannot register with the Windows Activation server; the update is available via Windows Update or manual download from the Microsoft Update Catalog.
1 months ago
Windows 11 Insider Updates Add Native Sysmon and Relax Smart App Control Re-Enablement
Microsoft is rolling out **native Sysmon functionality** to some Windows 11 devices in the **Windows Insider** program, integrating the Sysinternals *System Monitor* directly into the OS. Sysmon records security-relevant telemetry to the Windows Event Log (e.g., process creation/termination and, when configured, richer behaviors such as file creation, process tampering, clipboard changes, and deleted-file backup) to support threat detection and hunting; the built-in capability is **disabled by default** and must be explicitly enabled, with guidance to remove any separately installed Sysmon before turning on the native feature. In parallel Windows 11 Insider builds, Microsoft is also changing **Smart App Control (SAC)** behavior so users can **turn SAC off and later re-enable it without a full OS reinstall**, reversing the prior “clean install only” design that permanently blocked reactivation after disablement. The change follows user-impacting false positives (e.g., SAC flagging ASUS Armoury Crate on ASUS ROG Ally), and Microsoft’s updated approach aims to reduce operational friction while still encouraging users to keep SAC enabled unless conflicts require disabling it.
1 months ago
Windows 11 25H2/24H2 Preview Updates Add AI Features and Flag Secure Boot Certificate Expiration
Microsoft began rolling out **Windows 11 preview updates** for versions **25H2 and 24H2** (including the optional non-security preview update `KB5074105` and Release Preview builds `26200.7701`/`26100.7701`) focused on functionality, performance, and reliability improvements rather than patching new security vulnerabilities. The updates emphasize expanded **AI-driven experiences** (including refinements to Copilot+ PC-related models and more natural-language assistance within Settings), along with usability changes and a simplified Windows update title format intended to reduce administrative friction in tools like **WSUS** and **Microsoft Configuration Manager**. Alongside these feature updates, Microsoft highlighted an operational security risk: **Windows Secure Boot certificates** used by most Windows devices are expected to begin expiring in **June 2026**, and organizations that do not update Certificate Authority (CA) material in time may face devices that cannot boot securely. Separately, consumer guidance circulated on bypassing Windows 11 hardware eligibility checks (notably **TPM 2.0** requirements) to upgrade “unsupported” PCs; while this may extend device usability after Windows 10 support ended, it can also undermine Microsoft’s intended security baseline and increase enterprise risk if adopted outside controlled policy.
1 months ago