Home Software Blog FAQ About Contact ⬇ Download Free
← Back to Blog
Guide

Microsoft Recall Is Back in Windows 11 — How to Disable It (May 2026)

📅 May 19, 2026 · 9 min read · By Rai

Microsoft Recall timeline UI with EXPOSED banner — TotalRecall Reloaded

Microsoft's Recall feature — the one that takes a screenshot of your screen every few seconds and OCR-indexes it so an AI can answer "what did I look at last Tuesday?" — is back in Windows 11 with stronger encryption, opt-in by default, and a TPM-backed Windows Hello gate. Microsoft says it's safe now. A security researcher named Alexander Hagenah disagreed loudly enough that on April 9, 2026 he released TotalRecall Reloaded, a single executable that walks straight past the new protections and extracts every screenshot Recall has ever taken on your machine.

Microsoft's response: "Not a vulnerability." Closed. So the feature is shipping the way it is, and if you don't want your screen archived, the only real fix is to disable it yourself. Here's the full story and the 60-second turn-off.

What Recall actually does

Recall is the headline feature of Microsoft's Copilot+ PC push. With Recall enabled, Windows captures a screenshot of your display every few seconds, runs OCR on every snapshot to extract the visible text, and stores it all locally on disk. Six months later, when you can't remember which website you saw a recipe on, you open Recall and type "salmon teriyaki" — Recall finds the snapshot of that web page from October and lets you click straight to it.

It's a useful feature. It's also a perfect surveillance dataset. Everything you typed, every email you read, every banking session, every two-factor code that flashed on screen — captured, OCR'd, indexed.

Microsoft's new defences (added after the 2024 cancelled-launch backlash):

  • Snapshots are encrypted at rest. The decryption key is stored in the TPM, gated behind Windows Hello ESS (Enhanced Sign-in Security).
  • Recall is opt-in, not on by default. You have to click "Set up Recall" during initial setup or in Settings.
  • A "Sensitive information filtering" setting (on by default) promises to skip snapshots when credit-card numbers, passwords and similar are detected, using the same Microsoft Classification Engine that powers Microsoft Purview.
  • Snapshots are stored in a Virtualization-Based Security (VBS) enclave that the rest of the OS can't directly read.

That sounds reasonable. Now look at what happened when someone actually tested it.

The TotalRecall Reloaded exploit

Alexander Hagenah is a Swiss security researcher. He built the original TotalRecall tool in 2024 against the first version of Recall (the one that stored everything in a plain SQLite file with no encryption — that was, generously, an oversight). When Microsoft re-launched Recall with TPM encryption, Hagenah went back at it.

He found that the Recall UI is rendered by a process called AIXHost.exe. That process has no Protected Process Light, no AppContainer sandbox, and no code-integrity enforcement. Any code running as the logged-in user can inject itself into AIXHost.exe and call the same COM APIs that the legitimate Recall UI uses to display your timeline.

Translation: once you've authenticated with Windows Hello (which you do every time you sit down at the PC), decrypted screenshots, OCR text and metadata flow through AIXHost.exe as live COM objects. Any process running as you can grab them. No admin required. Standard user. No kernel exploit. No crypto bypass. Just COM calls.

That's TotalRecall Reloaded. Public release on April 9, 2026. The code is on GitHub — Hagenah's intent is to force Microsoft's hand by making the issue impossible to ignore.

Microsoft's response: "Not a vulnerability"

Hagenah submitted a report to the Microsoft Security Response Centre (MSRC) in March 2026. MSRC closed the case on April 3, 2026 with the verdict that the behaviour "operates within the current, documented security design of Recall." In other words: yes, any program running as you can read your decrypted Recall data — that's how we built it.

You can debate whether that's defensible engineering. The practical takeaway is: if Microsoft considers it a feature, it isn't getting patched. The risk model for Recall is "I trust every program I've ever run as my user account". For most people that's a much lower bar than they realise — every browser extension, every Discord bot you ran once, every legacy game with a bundled installer, every piece of pirated software a relative may have installed on the family PC — any one of those is now a fully authorised reader of your screen archive.

The "Sensitive information filtering" setting still misses passwords

Microsoft's main user-facing privacy concession is the "Sensitive information filtering" setting, on by default. With it on, Recall is supposed to detect and skip snapshots containing passwords, credit-card numbers, Social Security numbers and similar — Microsoft says it runs locally on the NPU via the Microsoft Classification Engine.

Independent testing in 2026 found that the filter misses:

  • Credit-card numbers in many common forms (spaces between groups, mixed in with text)
  • Bank-account balances
  • U.S. Social Security numbers in non-standard layouts
  • Passwords typed in plain text fields where the website didn't use type="password"
  • Two-factor authentication codes
  • Most non-English sensitive data

The filter is doing something, but it's not a wall. Treat it as a small reduction in surface area, not a guarantee.

Microsoft's claims vs reality

Microsoft says Reality (May 2026)
Snapshots are encrypted at rest with TPM-backed keys. True — but the decrypted data is exposed live through AIXHost.exe to any process running as you.
Recall is opt-in. Off by default. True, on Copilot+ PCs. Some OEMs reportedly opt-in for you during first-run setup — read the screens carefully.
Microsoft can't access or view the snapshots. True locally. Snapshots stay on your device. (But anything you back up to OneDrive may sync the index alongside.)
"Sensitive information filtering" blocks passwords and card numbers. Partial. Independent testing finds it misses common forms of all four examples Microsoft names.
TotalRecall Reloaded is not a vulnerability. Microsoft's classification. The exploit needs no admin, no kernel access, and works against fully-patched Windows 11.

How to disable Recall — step by step

There are three reliable methods. Pick the one that matches your edition of Windows.

Method 1 — Settings (any edition, simplest)

This turns Recall off but doesn't remove the feature, so it can come back if someone re-enables it later or if a Windows update flips the toggle (it has happened).

  1. Press Win + I to open Settings.
  2. Go to Privacy & securityRecall & snapshots.
  3. Toggle Save snapshots off.
  4. Click Delete all snapshots to wipe whatever's already been collected.
  5. If you see a Remove Recall button (Copilot+ PCs only), click it. That actually uninstalls the component.

Method 2 — Group Policy (Windows 11 Pro / Enterprise / Education)

This sets the disable at the policy layer, so a future user toggle or a OEM script can't easily re-enable it.

  1. Press Win + R, type gpedit.msc, press Enter.
  2. Navigate to Computer Configuration → Administrative Templates → Windows Components → Windows AI.
  3. Find Turn off saving snapshots for Recall. Right-click → EditEnabledApplyOK.
  4. Find Allow Recall to be enabled. Right-click → EditDisabledApplyOK.
  5. Open an admin Command Prompt and run gpupdate /force. Reboot.

Method 3 — Registry (Windows 11 Home — Group Policy isn't available)

This is the equivalent of Method 2 done by hand. Same effect on Home edition.

  1. Open an admin Command Prompt (right-click Start → Terminal (Admin)).
  2. Paste this exact line and press Enter:
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsAI /v AllowRecallEnablement /t REG_DWORD /d 0 /f

Reboot. Recall is now disabled by policy on Home as well as Pro.

How to verify Recall is actually off

  1. Open Settings → Privacy & securityRecall & snapshots.
  2. The "Save snapshots" toggle should be off and greyed out with a note like "Some settings are managed by your organisation". If it's just off-but-toggleable, Method 2 / Method 3 didn't apply — re-run them.
  3. Open Task Manager → Details tab. Search for AIXHost.exe and Recall.exe. After a reboot, neither should be running.
  4. Optional: check C:\Users\<you>\AppData\Local\CoreAIPlatform\ — if it exists, the snapshot store may still be there. Safe to delete the folder.

What if I actually want screen-history (just not from Microsoft)?

The use case Recall promises — "find that thing I looked at last Tuesday" — is genuinely useful. There are local-first tools that do this without sending anything to Microsoft and without the AIXHost.exe live-COM problem:

  • OpenRecall — an open-source, cross-platform alternative on GitHub. You control where snapshots are stored and the code is auditable. Still indexes everything, so the same "one compromised process reads it all" caveat applies — but at least you can read exactly what it does.
  • Just take notes — the old answer, and still the safest. A simple habit / task tracker beats a full screen archive for the large majority of "I forgot something" cases, and it only stores what you choose to write down. RBS Life Dashboard does this entirely offline.

None of these are perfect. The honest answer is that any tool that indexes everything you do is a single-process compromise away from leaking everything you do. The safer architecture is to record less in the first place.

For IT admins managing fleets

If you run a managed fleet, set the GPO at the domain level so Recall is disabled before users ever see it:

  • Computer Configuration → Administrative Templates → Windows Components → Windows AI → Turn off saving snapshots for Recall → Enabled.
  • Pair with: Allow Recall to be enabled → Disabled.
  • Optionally also disable Copilot in the same section if your data-handling policy requires it.

The policies apply to Copilot+ PCs (the only ones where Recall is shipped). Setting them on non-Copilot+ machines is harmless — they just have no effect.

Bottom line

Microsoft Recall can be used safely if you trust every single piece of software on your machine, never run anything unsigned, never have anyone else on the device, and never have a malicious browser extension. That's not most people's reality. The TotalRecall Reloaded exploit makes the trust model explicit: Recall protects against an attacker who steals your hard drive while you're not logged in. It does not protect against an attacker (or a curious program) that runs while you're using the computer.

If that risk model is fine for you, great — leave it on. If not, the three methods above turn it off in under a minute. The Registry fix in particular is the one to run on family PCs where you don't trust everyone who might sit down at it.

Build choice, not a hot take: most of the apps on this site run offline by default for the same reason this article exists. No telemetry, no cloud sync, nothing leaves your machine. RBS PDF Editor for documents, RBS Voice Cloner V2 for voice work, RBS PC Cleaner for upkeep — all free, all local. Made by Rai, solo dev, Singapore.