Microsoft adds a new driver blocking feature to Windows Defender on Windows 10 and 11


Credit: Microsoft

Microsoft is adding a new Vulnerable Driver Blocklist feature to Windows Defender on Windows 10, Windows 11 and Windows Server 2016 or newer releases. This feature is intended to help IT professionals protect users from malicious and exploitable drivers.

Microsoft Vice President of OS Security and Enterprise David Weston tweeted about the new Windows security option on March 27.

The feature is enabled by default on Windows 10 in S mode, as well as on devices with the Memory Integrity Core Isolation feature, which relies on virtualization-based security. (This Core Isolation Memory Integrity feature is also known as Hypervisor-protected Code Integrity or HVCI). More details are available in this Microsoft article on recommended driver blocking rules.

This blocking feature is based on a list of blocked drivers maintained by Microsoft in conjunction with OEM partners. As explained on, the reason these drivers can be marked as blocked is because they are known security vulnerabilities that can be exploited to increase Windows kernel privileges; they act as malware or certificates used to sign malware, or they exhibit behavior that circumvents the Windows security model and can be used to increase Windows kernel privileges.

I have asked Microsoft if this new driver blocking feature will be available on all versions of Windows 10 and 11 and when it will be fully implemented. Not a word back so far.

In other security-related news, Microsoft announced plans for a new US government cloud environment — Office 365 Government Secret — on March 28. This new secret cloud is currently under government review and is designed for the U.S. federal citizen, Department of Defense (DoD), Intelligence Community (IC), and U.S. government partners working in secret environments using Microsoft’s Software as a Service (SaaS) capabilities. for all data classifications. The Office 365 Government Secret cloud environment is built on Microsoft’s classified Azure Government environments.

Leave a Comment