When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft blocks free Windows 11 24H2 system requirements bypass app as potential malware [Update]

Neowin · · Hot! with 8 comments

windows 11 TPM requirement

Back in October last year, we reported about a new third-party utility called Flyby11 that allows users to bypass the Windows 11 system requirements check including on version 24H2.

The application received its latest update today and has incorporated a Registry tweak that Microsoft itself once hosted on its official Windows 11 installation guidance, even though the company now probably wants you to forget about it. Aside from that, the utility has also received improved script that should make the software more stable.

The developer of Flyby11 though has added that Microsoft Defender flags the app as PUA or potentially unwanted application.

The release notes says:

  • Compliance with Microsoft's Recent Changes: Adjustments made to accommodate Microsoft's updated CPU and TPM policies. Some infos are on Neowin
  • Some scripts have been refined and rigorously tested for stability within the app

Important Notes:
Microsoft does not officially support this method, but it still works as expected

The app is now flagged as PUA:Win32/Patcher by Microsoft Defender. You can safely ignore this if you wish to proceed with the upgrade. I will contact Microsoft to verify whether this is an official classification or a false positive

Microsoft Security Intelligence website defines a PUA:Win32/Patcher as follows:

PUA:Win32/Patcher

Aliases: TR/Spy.23040.293 (Avira) Virus.Win32.Oliga (Ikarus) Troj/Bdoor-AZC (Sophos) W32/PEPatcher (McAfee) Win32/HackTool.Patcher.T (ESET) HackTool.Patcher!k1ob6v1J4gE (VirusBuster)

Summary

This application was stopped from running on your network because it has a poor reputation. This application can affect the quality of your computing experience.

If you were trying to install an application, you might have downloaded it from a source other than the official product's website.

As in the case of any third-party unofficial app, we always recommend trying it out on a virtual machine. Now, that the app has been flagged, it is extra important that you make sure it is on a VM even though something like a lack of digital signage can lead to apps getting flagged as well. Still, it is always better to be safer than sorry.

You can try Flyby11 1.2 here on its official GitHub repo. There are other alternatives too like Rufus.

Update, February 8 23:00 PST: The author of Flyby11 has issued an update. The app is no longer flagged by Microsoft Defender as a PUA. Microsoft has reclassified it as "Hacktool" though it is not blocked any more.

The developer writes:

Update (February 7, 2025)

The current release v1.2 is no longer flagged by Windows Defender.
The previous "HackTool" classification only applies to v1.1.
If you're still using the older version, be aware it might get intercepted by Defender.

An inquiry with Microsoft is ongoing, but for now, v1.2 remains clean and safe to use.

Details:
On February 1, Flyby11 v1.1 got flagged by Windows Defender as a PUA (Potentially Unwanted Application) (release link). Users started noticing the issue after Neowin reported on it (article link). Without adding explicit exclusions in Defender, the app couldn't even be launched.

Things escalated on February 4, when Microsoft conveniently reclassified it as a "HackTool" right after Neowin’s follow-up report. I reached out to Microsoft Security Intelligence, but their response was a generic boilerplate: "The submitted files do not meet our criteria for malware or potentially unwanted applications." Their security scan confirmed the files are clean, but they still refused to lift the block. I contacted the right people again,though I’m not holding my breath for a resolution.

The current release (v1.2) isn't being flagged anymore, at least for now. The old classification as a HackTool only applies to version 1.1. An inquiry with Microsoft is still ongoing, but it’s frustrating to see them block useful tools based on arbitrary classifications. The app may not be so insignificant for Microsoft, its roughly estimated that around 500,000 users have used it to upgrade to Windows 11

Here's how Microsoft Threat Intelligence defines as a HackTool:Win32/Patcher:

Summary

This family of hacktools are used to patch or "crack" some software so it will run without a valid license or genuine product key.

We recommend you don't run this hacktool as it can be associated with malware or unwanted software.

In the past, we have seen malware on many PCs where hacktools are detected.

Report a problem with article
Outlook logo
Next Article

A long-awaited Outlook feature arrives on Mac after being a staple on Windows and web

Previous Article

Need for Speed may not be back for a while, Criterion is too busy working on Battlefield

Join the conversation!

Login or Sign Up to read and post a comment.

8 Comments - Add comment