# Vulnerable Driver Blocklist

### 📌 How to Disable the Vulnerable Driver Blocklist

The **Vulnerable Driver Blocklist** prevents known insecure kernel-mode drivers from loading. Disabling it reduces protection and should only be done for compatibility reasons (e.g., unsigned drivers, legacy mods, certain anti-cheats).

***

### 🖥 Step 1: Check the Current Blocklist Status

**✅ Via PowerShell (Optional)**

1. Press `Start`, type `PowerShell`, right-click it, and select **Run as Administrator**.
2. Run this command:

   Copy

   ```
   Get-CimInstance -Namespace root\Microsoft\Windows\CI -ClassName Win32_DeviceGuard
   ```
3. Look for:
   * `UserModeCodeIntegrityPolicyEnabled`
   * `KernelModeCodeIntegrityPolicyEnabled`

***

### 🖥 Step 2: Disable Blocklist in Windows Settings (if available)

1. Go to **Settings** → **Privacy & Security** → **Windows Security** → **Device Security**.
2. Click **Core Isolation details**.
3. Find **Microsoft Vulnerable Driver Blocklist** and toggle it **Off**.

> 💡 If the switch is **greyed out**, continue to Step 3.

***

### 🖥 Step 3: Disable the Blocklist via Registry Command (All Windows Editions)

1. Press `Windows + X`, then choose **Terminal (Admin)** or open **Command Prompt as Administrator**.
2. Run the following command:

   Copy

   ```
   reg add HKLM\SYSTEM\CurrentControlSet\Control\CI\Config /v VulnerableDriverBlocklistEnable /t REG_DWORD /d 0x000000 /f
   ```
3. You should see: **"The operation completed successfully."**
4. Restart your PC.

***

### 🖥 Step 4: Disable Secure Boot

In BIOS/UEFI:

1. Go to the **Boot**, **Security**, or **Authentication** tab.
2. Look for **Secure Boot** or **Secure Boot Control**.
3. Set **Secure Boot** to **Disabled**.

> 🛑 If the setting is greyed out, you may need to:

* Change **Boot Mode** to **Custom** or **Legacy/CSM** first.
* Clear Secure Boot Keys:
  * Option: **Clear Secure Boot Keys** → Yes
  * Then, Secure Boot should become editable.

1. Save changes and exit BIOS (`F10` → Yes).

***

### ✅ Step 4: Confirm the Blocklist Is Disabled

After reboot:

* Go back to **Windows Security** → **Device Security** → **Core Isolation Details**
* The **Microsoft Vulnerable Driver Blocklist** should be **Off**
* Or re-run the PowerShell command from Step 1 to verify policy status

<figure><img src="https://404413077-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnKWfAYI6H1iwZwYnFcfU%2Fuploads%2FucamFbcgKqz0QqMCDmug%2Fimage.png?alt=media&#x26;token=7db6f6c2-0a65-4d9f-8193-a9fe49490000" alt=""><figcaption></figcaption></figure>