How to Turn On Microsoft Vulnerable Driver Blocklist
Table of Contents
What is Microsoft Vulnerable Driver Blocklist?
The Microsoft Vulnerable Driver Blocklist is a crucial security feature that enhances system protection by blocking drivers known to have vulnerabilities. This feature is part of the Windows Defender Application Control (WDAC) and Core Isolation settings, specifically targeting drivers that could be exploited by attackers.
- The vulnerable driver blocklist is turned on automatically for all devices running the Windows 11 2022 update.
- If you want to enable or disable it, you can do so through the Windows Security app or the registry editor.
- For Windows Server 2016, the blocklist kicks in when memory integrity (also known as hypervisor-protected code integrity or HVCI), Smart App Control, or S mode is active.
- You can opt in to use HVCI via the Windows Security app, and it’s already enabled on most new Windows 11 devices.
Method 1: How to Turn on Microsoft Vulnerable Driver Blocklist in Windows Security
- Open up the Start Menu in Windows and search for Windows Security.
- Click on Device Security from the navigation menu on the left and go to Core isolation details.
- At the bottom of the page, you will find the Microsoft Vulnerable Driver Blocklist option.
- Toggle this setting to turn it on or off.
Method 2: How to Enable or Disable Microsoft Vulnerable Driver Blocklist Using Registry
- Search for registry in the Windows Start Menu and select Registry Editor. Alternatively, you can type regedit in the Windows Start Menu or Run Menu (⊞ Win + R).
- Navigate to this path in the registry editor:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config. - Select the DWORD VulnerableDriverBlocklistEnable by double-clicking on it. If it does not exist, you will need to create it yourself by: Right-click 🠮 New 🠮 DWORD (32-bit) Value. Make sure to use the exact name as above for the DWORD.
- To turn on the Microsoft Vulnerable Driver Blocklist, type a value of 1 in the Edit DWORD (32-Bit) Value dialog box. Otherwise, enter a value of 0 to keep it off.
If messing with the registry feels a bit scary to you or if you’d like to make this change on multiple machines, it might be useful to enable or disable the Microsoft Vulnerable Driver Blocklist by running one of the below files. The files effectively set the DWORD value in the Windows registry as described above.
Turn Microsoft Vulnerable Driver Blocklist On |
Download |
Turn Microsoft Vulnerable Driver Blocklist Off |
Download |
Benefits and Considerations
The vulnerable driver blocklist aims to keep Windows systems secure by targeting risky drivers that aren’t developed by Microsoft. It works by spotting and blocking drivers that:
- Have known security flaws that hackers can exploit to gain high-level access to the Windows kernel.
- Show malicious behavior or use certificates that sign malware.
- Exhibit behaviors that, even if not directly harmful, can be manipulated by attackers to bypass Windows security and gain elevated privileges in the system.
However, be aware that this feature might block certain legitimate drivers, which can affect the functionality of some applications or devices. Always monitor your system after enabling this feature to ensure that necessary drivers are not being mistakenly blocked.
Why is Microsoft Vulnerable Driver Blocklist Greyed Out?
The option to enable or disable Microsoft’s vulnerable driver blocklist in Windows Security settings is greyed out if HVCI (Hypervisor-protected Code Integrity), Smart App Control, or S mode is active. To manage the blocklist, you need to disable HVCI or Smart App Control, or switch out of S mode, and then restart the device.