Jump to content

Windows Defender: Vulnerable Driver Blocklist protects against malicious or exploitable drivers


MMT

Recommended Posts

  1. On Windows 10, go to  Update & Security > Windows Security. Select Open Windows Security.
  2. On Windows 11, go to Privacy & Security > Windows Security > Select Open Windows Security.
  3. Select Device Security from the sidebar on the left side.
  4. Activate the "core isolation details" link.
  5. Toggle the Memory Integrity setting to On to enable the feature.
  6. Restart the device.

Windows administrators will see the new Microsoft Vulnerable Driver Blocklist on the Core isolation page of Windows Security once the feature becomes available. The feature can be toggled on or off, and also managed through other means. David Weston notes that turning it on will enable a more aggressive blocklist.

Microsoft states that it recommends enabling HVCI or using S mode, but that administrators may also block the drivers on the list using an existing Windows Defender Application Control policy. The documentation lists an XML file that contains the blocked drivers ready for use.

 

 

ARTICLE

Link to comment

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...