Can Windows Updates Add DBX Keys to Secure Boot Key Management?

JamesBacon 0 Reputation points

hi, I have Secure Boot enabled on both my Windows 10 Asus PC and Windows 11 MSI laptop; within 'Key Management', I always see these amounts of keys next to each key type, and their setting, which are all factory settings;

PK- 1 key (Default)

KEK- 3 keys (Default) on Asus | 1 key (Default) on MSI

DB- 10 keys (Default)

DBX- 77 keys (Default)

now I don't know much about the other key types but I do know that DBX is supposed to be a blacklist and filters (?) out, or blocks, malicious code that attempts to execute

I updated both of my devices to the latest Cumulative Update as well as the newest version of the Windows Malicious Software Removal Tool. today I don't remember seeing anything different when I went into my Asus Bios after the update but I also wasn't very focused on the keys at the time

I've gone into both my Asus PC and MSI Laptop's Bios just now and both of them have changed the DBX key settings

instead of having 77 keys and set to Default, DBX was had 270 keys and was set to "Mixed" instead. I reset the keys on both devices and they both returned to their normal values of 77 (Default), but I'm really confused

can 'larger' Windows Updates add more DBX keys when Secure Boot is enabled, after the update is fully installed? I only recently just enabled Secure Boot on my PC and I've never gone to Bios on my laptop until now so I have nothing to compare to

edit: I updated my laptop to 23H2 and this did not change the DBX keys in the Bios, they are still set to 77; so could the Malicious Software Removal Tool update have caused this??

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
9,529 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
6,814 questions
0 comments No comments
{count} votes