New Windows security option: Enable more aggressive blocklist which includes vulnerable drivers
Conversation
This is being done through Defender Application Control?
If so, any reference for differences between this and the new ASR rule?
1
1
4
lists are in sync, being enforced with HVCI or WDAC depending on config. Code integrity is more robust than ASR which depends on Defender.
3
3
11
Show replies
How risky is that? So if your SCSI driver suddenly lands on the list, you can‘t even boot anymore?
1
1
2
yeah if a boot driver is blocked, that would be bad. Audit mode is recommended and much safer.
2
Show replies
Nope. that implies there’s an infinite amount of vuln drivers and static bar for onboarding of more neither of which is true. Also allow lists.
1
1
6
Show replies
that was in the appcompat list as non-HVCI compatible (e.g. merged IAT section) IIRC so slightly different.
4
I am testing this in a VM (Hyper-V) running Windows 11 Beta Insiders Preview and do not see this. Has it been rolled out?
1
Show replies