This feature of Windows Defender will prevent you from installing drivers with viruses

On a regular basis we try to avoid the arrival of all kinds of malicious code on our computer, although we are not always successful. The reason is that all of this can come to us in the least expected way, something for which antiviruses like Windows Defender will always try to help us.

Whether downloading a certain file from the internet , or opening a compressed file from a USB stick , for example, our equipment may be at risk. However, we must also be careful with such important elements for the operating system as the controllers or drivers that we install. In fact, next, we want to talk about a new function that will protect us against this type of attack.

Windows Defender will prevent you from installing drivers with viruses

Microsoft, aware of the importance of these small pieces of software, has just announced a new function in its aforementioned antivirus to protect us from them. To give us an idea, we are actually referring to the recently introduced Vulnerable Driver Blocklist feature . This is a Windows Defender security feature that will be supported on Windows 10, Windows 11, and Server 2016.

According to Microsoft’s Vice President of Security, David Weston, it is a new security feature enabled by default in Windows. It is worth mentioning that the core idea of the new protection feature is to maintain a list of drivers blocked by Windows Defender. The main reason for this will be because these drivers would meet at least one of the attributes that we will talk about below. As you can imagine, all this actually serves to protect our equipment from possible vulnerabilities existing in these important elements.

Which drivers will Windows Defender block

In order for Microsoft’s powerful antivirus to add a certain driver to this blacklist , it must first contain known security vulnerabilities. These could be exploited by attackers in the core of Windows. On the other hand, those with potentially malicious behavior or certificates used to sign malware are also blocked.

You should also know that the antivirus blocks drivers that circumvent the Windows security model, even if they do not behave maliciously. One thing to keep in mind is that Microsoft itself cooperates with hardware manufacturers and OEMs to keep this block list up to date. Suspicious drivers will be sent to the firm for analysis. At the same time manufacturers can request that changes be made to drivers that are on the block list .

In order to check, when it is rolled out to the whole world, if we have this functionality activated, let’s see how to achieve it. The first thing we do is open the Settings application for example by using the Win + I key combination. In Windows 10 here we are in the Update and security / Windows Security section. In Windows 11 we go to Privacy and security / Windows Security / Open Windows security.

Next, in both cases we go to Device Security / Kernel Isolation, where we activate Memory Integrity.

Integridad de memoria Windows defender

This will automatically create the new Microsoft Vulnerable Driver Block List when the feature becomes available. It can be activated or deactivated depending on the needs of the equipment administrator.