This tutorial will show you how to turn on or off the Microsoft Vulnerable Driver Blocklist for all users in Windows 10 and Windows 11.
Starting with Windows 10 (KB5018482) and Windows 11 (KB5018483 and KB5018496), the Microsoft Vulnerable Driver Blocklist is enabled by default.
The vulnerable driver blocklist is also enforced when either memory integrity (also known as hypervisor-protected code integrity or HVCI), Smart App Control, or S mode is active. Users can opt in to HVCI using the Windows Security app, and HVCI is on by-default for most new Windows 11 devices.
The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:
- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
- Malicious behaviors (malware) or certificates used to sign malware
- Behaviors that aren't malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
Microsoft recommended driver block rules
View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.
learn.microsoft.com
You must be signed in as an administrator to turn on or off the Microsoft Vulnerable Driver Blocklist
The option to turn Microsoft's vulnerable driver blocklist on or off using the Windows Security app is grayed out when HVCI (Memory Integrity), Smart App Control, or S mode is enabled.
You must disable HVCI (Memory Integrity) or Smart App Control, or switch the device out of S mode, and restart the computer before you can turn off the Microsoft vulnerable driver blocklist.
Contents
- Option One: Turn On or Off Microsoft Vulnerable Driver Blocklist in Windows Security
- Option Two: Turn On or Off Microsoft Vulnerable Driver Blocklist using REG file
1 Open Windows Security.
2 Click/tap on Device security on the left side, and click/tap on the Core isolation details link on the right side. (see screenshot below)
3 Turn on (default) or off Microsoft Vulnerable Driver Blocklist for what you want. (see screenshot below)
4 If prompted by UAC, click/tap on Yes to approve.
5 You can now close Windows Security if you like.
1 Do step 2 (on) or step 3 (off) below for what you want.
2 Turn On Microsoft Vulnerable Driver Blocklist
This is the default setting.
A) Click/tap on the Download button below to download the REG file below, and go to step 4 below.
Turn_ON_Microsoft_Vulnerable_Driver_Blocklist.reg
Download
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config]
"VulnerableDriverBlocklistEnable"=dword:00000001
3 Turn Off Microsoft Vulnerable Driver Blocklist
A) Click/tap on the Download button below to download the REG file below, and go to step 4 below.
Turn_OFF_Microsoft_Vulnerable_Driver_Blocklist.reg
Download
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config]
"VulnerableDriverBlocklistEnable"=dword:00000000
4 Save the .reg file to your desktop.
5 Double click/tap on the downloaded .reg file to merge it.
6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
7 You can now delete the downloaded .reg file if you like.
That's it,
Shawn Brink
Attachments
Last edited: