Microsoft Extending Publishing Blocklist Enforcement During Driver Signing



 Hardware Dev Center:

As part of Microsoft's commitment to improving Windows reliability through higher-quality driver content, we are extending the Driver Shiproom Publishing Blocklist to the signing stage of the driver submission process. Files that are already blocked from publishing to Windows Update due to known reliability issues will now also be rejected at the time of signing. This change helps partners identify problematic files earlier in their workflow and prevents known-bad content from entering the ecosystem.

Note: This blog is intended for Microsoft partners who submit drivers for signing through the Partner Center portal or API.

What's Changing​

Today, the Driver Shiproom Flighting and Gradual Rollout processes evaluate thousands of drivers for reliability issues. When individual binaries repeatedly are determined to cause reliability issues in drivers, they're added to the Driver Shiproom Publishing Blocklist and automatically rejected at publishing.

With this update, we are extending that same check to the signing stage. Going forward, if a signing submission contains a file that appears on the Publishing Blocklist, the submission will be rejected before the driver is signed. Partners will receive an error identifying the problematic file so they can take corrective action.

Key points:​

  • The Publishing Blocklist is maintained by Microsoft based on files that have been determined to cause reliability issues across multiple driver submissions.
  • This check runs during the signing request — before the driver is signed and before any publishing request is created.
  • If your submission contains a blocklisted file, you will receive an error message identifying which file triggered the rejection.
Note: The Driver Shiproom Publishing Blocklist is not related to the Microsoft Vulnerable Driver Blocklist or the Malicious Driver Blocklist. A file appearing on the Publishing Blocklist does not mean it is malicious or vulnerable.

What This Means for Partners​

If your submission is rejected

If your submission contains a blocklisted file, it will fail at the Validation stage. The error report will include a message identifying the specific file and version:

"The driver submission has been rejected because file name: [filename] with version: [version] is blocked."

To resolve:
  1. Review the error message to identify which file in your submission is on the Publishing Blocklist.
  2. Remove or replace the problematic file in your driver package.
  3. Resubmit the driver for signing.
If you use API automation

If your build pipeline automates driver signing submissions, update your error handling to account for the new rejection reason. Submissions rejected due to a blocklisted file will return an error identifying the specific file. Failing to handle this response may cause your automation to treat the rejection as an unexpected failure.

Timeline​

Milestone​
Status​
Publishing Blocklist enforcement at signingMay 2026

FAQs​

Q: Will this affect submissions that are already signed?
A: No. This check applies only to new signing submissions going forward. Drivers that have already been signed are not affected. Existing publishing blocklist enforcement at the shiproom stage remains unchanged.

Q: Why was a file added to the Publishing Blocklist?
A: Files are added when Microsoft determines they cause reliability issues across multiple driver submissions.

Q: Is this related to the Microsoft Vulnerable Driver Blocklist or the Malicious Driver Blocklist?
A: No. The Publishing Blocklist is a completely separate program. It focuses on driver reliability, not security threats. It is enforced during the signing and publishing process (pre-distribution) via HDC, while the Vulnerable and Malicious Driver Blocklists are endpoint protection mechanisms that operate on Windows devices (post-distribution).

Q: What if I believe a file was incorrectly added to the blocklist?
A: Contact support through the Hardware Program support channel. Include the file name, your submission ID, and details on why you believe the file should not be blocked.

Q: Does this apply to both HLK-signed and attestation-signed submissions?
A: Yes. The Publishing Blocklist check applies to both HLK and attestation signing submissions.

Q: Will the Publishing Blocklist change over time?
A: Yes. Microsoft may add or remove files from the Publishing Blocklist as reliability data evolves.



 Source:

Publishing Blocklist Enforcement During Driver Signing | Microsoft Community Hub

As part of Microsoft's commitment to improving Windows reliability through higher-quality driver content, we are extending the Driver Shiproom...
techcommunity.microsoft.com techcommunity.microsoft.com
 
Click to expand...
I hope Macrium have read this considering their current driver problems!
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self build
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770 & Dell (secondary)
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    80 Mb / s
    Browser
    Chrome
    Antivirus
    Defender, Malwarebytes Free & AdwCleaner
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom