Indestructible Update Engine · for Windows

Windows maintenance, automated.

Indestructible Update Engine runs every update, repair, and cleanup tool Microsoft ships — Windows Update, DISM, SFC, driver updates, winget, disk cleanup, network and battery health checks — in the only order that's safe, with one click. Built for the family PC, the freelancer's laptop, and the gaming rig that needs to just work.

Become a tester See how it works

v2.8.0 feature-complete · v2.9.0 polish in flight · pricing announced soon

The problem

Anyone who has had to fix a stuck Windows machine knows the routine.

It looks something like this:

  1. Run DISM. Wait. Read the result.
  2. Run SFC. Wait. Read the result.
  3. Open Settings, check for updates, install, reboot.
  4. Open Defender, force a signature update.
  5. Open winget, run winget upgrade --all.
  6. Hunt down the .NET runtime updates that didn't come through.
  7. Visit the OEM site for drivers, or hope Windows Update caught them.
  8. Run cleanmgr. Reboot again.
  9. Forget step 4. Realize three days later when something breaks.

That's hours of work. It's what IT pros charge for. Most people skip it, so their PC slowly degrades and they decide “Windows is just bad”.

Indestructible Update Engine runs all of it, in the right order, with one click. It's the difference between knowing the playbook and not.

The phase model

26 phases. The order is locked.

A phase is a discrete maintenance task — one job, one progress bar, one outcome. What makes Indestructible Update Engine different from a generic “PC cleaner” is not which phases run; it's the order they run in.

Why ordering matters

Image repair runs before update install. Defender signatures update before the update install. Disk cleanup runs after updates so we don't blow away cached installers. Execution Policy Hardening always runs last, after everything else, so nothing finishes the run with weakened security.

The phase order is enforced in code and validated by an automated flow tracer at build time. You can't break it by accident.

Pick what runs, skip what doesn't apply

Every phase is independently selectable. Skip the laptop battery report on a desktop. Skip the 25H2 upgrade phase if you're already on Win 11 25H2. Skip the WiFi fix on an ethernet-only machine. The order stays locked even when you skip phases — nothing reshuffles.

What it actually does

Phases are grouped into four categories so you can see at a glance where each one fits in the maintenance picture. Each card lists the actual phases shipped — no marketing fluff, no invented features.

Updates

Bring everything current, in the right order

Windows Update is one phase out of dozens. Drivers, .NET runtime channels, third-party apps, image corruption, and Office updates all get their own pass.

  • Windows Update — full scan + install (PSWindowsUpdate)
  • DISM Image Repair — rebuilds the Windows component store before updates
  • SFC System File Check — repairs corrupted system files
  • Windows Defender — signature + engine update
  • Driver & Firmware Updates — OEM drivers + BIOS/UEFI via Windows Update
  • .NET Runtime — channels 6 through 10, Runtime + AspNetCore + Desktop + SDK
  • Microsoft 365 / Office — silent Click-to-Run update
  • libcurl Remediation — CVE scanner + updater for the Windows-shipped libcurl

Apps

Update every app, not just Microsoft’s

Indestructible Update Engine bootstraps winget if missing, scans every installed app, and bulk-updates them silently.

  • App Inventory — scans every installed app, bootstraps winget if missing
  • Bulk App Updates — `winget upgrade --all` silent, with built-in retry logic
  • 25H2 Upgrade Engine — eligibility check + Installation Assistant launch (Win11 only)

Cleanup

Reclaim disk + remove the junk you forgot about

Disk cleanup, temp files, browser caches, duplicate-finder, registry health — known-safe paths only, no speculative deletion.

  • Disk Cleanup — `cleanmgr` sageset/sagerun on safe targets
  • Temp File Cleanup — crash dumps, old logs, WER, thumbnails, Recycle Bin
  • Browser Privacy Cleanup — cookies, cache, history across Chrome / Edge / Firefox / Brave
  • Duplicate & Large Files — SHA256 duplicate detection, files over 100 MB
  • Registry Health Check — orphaned keys, broken paths, stale Run keys
  • Scheduled Task Audit — flags hidden miners, adware updaters, leftover junk

Health

Diagnose and report, don’t guess

Network, battery, drivers, user profile, WiFi connectivity — produces clear health reports for everything that’s ever caused a slow PC.

  • Network Health Check — connectivity, DNS, TLS, proxy diagnostics
  • Battery Health Report — laptop battery degradation analysis
  • WiFi Auto-Connect Fix — repairs broken preferred network profiles
  • Driver Health Check — problem devices, unsigned drivers, drivers older than 3 years; produces a 0–100 Driver Health Score
  • User Profile Health — corruption detection, orphaned SIDs, stale profile detection
  • Startup Optimizer — catalogs boot items, rates them green/yellow/red, lets you disable safely
  • Execution Policy Hardening — restores `Set-ExecutionPolicy Restricted` (always runs last, no exceptions)

Why Indestructible Update Engine over alternatives

Right order, not just every order.

Image repair before updates. Defender before updates. Hardening at the very end. The order is locked in code and validated by an automated flow tracer.

Restores what it changes.

Indestructible Update Engine captures execution policy, Windows Update settings, WSUS, and other registry state at start, then rolls them back at finish. Not a one-way change.

Phase by phase visibility.

Live progress, live ETA, per-phase status. No "stuck on 73%" black box.

Built for failure.

Pause/resume, retry passes, prior-run detection, skip-if-recently-completed logic. Survives wifi drops and crashed installers.

Real engineering rigor.

Multi-gate static audit pipeline, vulnerability sweeps, semantic-diff release reports. Every release passes the same gates a production-grade software shop would run.

No telemetry.

Talks to Windows Update, winget, and OEM driver services. That’s it. No phone-home to us.

No background service.

Single executable. No installer footprint, no startup hook, no daemon. Run it when you want; it’s gone when you close it.

Trust & security, in plain English

No telemetry. No analytics. No phone-home.

Indestructible Update Engine talks to Microsoft (Windows Update, winget, Defender) and your OEM (drivers and firmware). That is the entire outbound network surface. There is no analytics SDK, no error tracker, no behavioral pixel. We don't know your PC exists.

Restores everything it changes.

Before any modification, Indestructible Update Engine captures registry state for execution policy, Windows Update, WSUS, and other settings it touches. At end of run, it rolls those settings back. The Windows you had before is the Windows you have after — just with everything updated and repaired.

Multi-gate audit pipeline gates every release.

Before any installer leaves the dev machine, Indestructible Update Engine passes a hardened pipeline: static audit, flow tracing, visual layout regression, freshness checks, integrity checks, post-release verification, semantic diff, and a vulnerability sweep with results stored as JSON per release. The same kind of pipeline a production-grade software shop would run, applied to a one-person Windows utility.

Common questions

Will Indestructible Update Engine break my PC?
No. It only runs commands that ship with Windows itself — DISM, SFC, Windows Update, winget, cleanmgr — and any registry settings it changes are restored when the run finishes. There is no proprietary "registry cleaner" doing risky deletions.
Why not just use Windows Update?
Windows Update is one phase out of 26. Drivers, .NET runtime channels, third-party apps, image corruption, and dozens of other issues are not fixed by Windows Update alone.
How is this different from CCleaner / IObit / Glary?
Those tools are built around aggressive registry deletion and "free up space" claims. Indestructible Update Engine does not do speculative deletion. It runs Microsoft’s own diagnostic and repair commands, reports what they find, and only cleans known-safe paths.
Does it phone home?
No. Indestructible Update Engine talks to Microsoft (Windows Update, winget, Defender) and the OEM (driver and firmware). That is the entire outbound network surface. There is no analytics SDK, no error tracker, no third-party pixel.
Is it admin-only?
Yes. Windows update and repair commands all require admin rights, so Indestructible Update Engine always runs as admin.
Can I select which phases run?
Yes. The phase selector is built into the main window. Skip any phase per-run — the order stays locked, nothing reshuffles.
System requirements?
Windows 10 (build varies by phase) or Windows 11 22H2 / 25H2. The 25H2 Upgrade Engine phase is for Win11-pre-25H2 only. Admin rights required. Roughly 2 GB free disk for safe cleanup operations.

Pricing announced soon. Get on the early-access list.

Indestructible Update Engine is feature-complete on its v2.8.0 line and in v2.9.0 polish. Pricing is being finalized. Drop your email and we'll let you know the moment it ships publicly.

Become an IUE tester Back to Steadfast Software