πVulnerable Driver Blocklist
π How to Disable the Vulnerable Driver Blocklist
The Vulnerable Driver Blocklist prevents known insecure kernel-mode drivers from loading. Disabling it reduces protection and should only be done for compatibility reasons (e.g., unsigned drivers, legacy mods, certain anti-cheats).
π₯ Step 1: Check the Current Blocklist Status
β Via PowerShell (Optional)
Press
Start, typePowerShell, right-click it, and select Run as Administrator.Run this command:
Copy
Get-CimInstance -Namespace root\Microsoft\Windows\CI -ClassName Win32_DeviceGuardLook for:
UserModeCodeIntegrityPolicyEnabledKernelModeCodeIntegrityPolicyEnabled
π₯ Step 2: Disable Blocklist in Windows Settings (if available)
Go to Settings β Privacy & Security β Windows Security β Device Security.
Click Core Isolation details.
Find Microsoft Vulnerable Driver Blocklist and toggle it Off.
π‘ If the switch is greyed out, continue to Step 3.
π₯ Step 3: Disable the Blocklist via Registry Command (All Windows Editions)
Press
Windows + X, then choose Terminal (Admin) or open Command Prompt as Administrator.Run the following command:
Copy
You should see: "The operation completed successfully."
Restart your PC.
π₯ Step 4: Disable Secure Boot
In BIOS/UEFI:
Go to the Boot, Security, or Authentication tab.
Look for Secure Boot or Secure Boot Control.
Set Secure Boot to Disabled.
π If the setting is greyed out, you may need to:
Change Boot Mode to Custom or Legacy/CSM first.
Clear Secure Boot Keys:
Option: Clear Secure Boot Keys β Yes
Then, Secure Boot should become editable.
Save changes and exit BIOS (
F10β Yes).
β
Step 4: Confirm the Blocklist Is Disabled
After reboot:
Go back to Windows Security β Device Security β Core Isolation Details
The Microsoft Vulnerable Driver Blocklist should be Off
Or re-run the PowerShell command from Step 1 to verify policy status
Last updated