Whether downloading a certain internet archiveor when opening a compressed file from a pen drive, for example, our team may be at risk. However, we must also be careful with such important elements for the operating system as the controllers or drivers that we install. In fact, next, we want to talk about a new function that will protect us against this type of attacks.
Microsoft, aware of the importance of these small pieces of software, has just announced a new feature in its aforementioned antivirus to protect us from them. To give us an idea, we are actually referring to the recently introduced feature Vulnerable Driver Blocklist or Vulnerable Driver Block List. This is a Windows Defender security feature that will be supported in Windows 10, Windows 11, and Server 2016.
According to Microsoft’s Vice President of Security, David Weston, it is a new safety feature enabled by default in Windows. It is worth mentioning that the core idea of the new protection feature is to maintain a list of drivers blocked by Windows Defender. The main reason for this will be because these drivers they would fulfill at least one of the attributes that we will talk about next. As you can imagine, all this actually serves to protect our equipment from possible vulnerabilities existing in these important elements.
Which drivers will Windows Defender block
For Microsoft’s powerful antivirus to add a certain driver to this blacklist, it must first contain known security vulnerabilities. These could be exploited by attackers in the core of Windows. On the other hand, those with potentially malicious behavior or certificates used to sign malware are also blocked.
You should also know that the antivirus blocks drivers that circumvent the Windows security model, even if they do not behave maliciously. One thing we must bear in mind is that Microsoft itself cooperates with hardware manufacturers and OEMs to keep this block list up to date. Suspicious drivers will be sent to the firm for analysis. At the same time, manufacturers can request that changes be made to the drivers that are on the block list.
In order to check, when it is rolled out to the whole world, if we have this functionality activated, let’s see how to achieve it. The first thing we do is open the Settings application for example using the key combination Win + I. In Windows 10 here we are in the Update and security / Windows Security section. In Windows 11 we go to Privacy and security / Windows Security / Open Windows security.
Next, in both cases we go to Device Security / Kernel Isolation, where we activate Memory Integrity.
This will automatically create the Microsoft’s new vulnerable driver block list when the feature is available. It can be activated or deactivated depending on the needs of the equipment administrator.
