๐Vulnerable Driver Blocklist
๐ How to Disable the Vulnerable Driver Blocklist
The Vulnerable Driver Blocklist prevents known insecure kernel-mode drivers from loading. Disabling it reduces protection and should only be done for compatibility reasons (e.g., unsigned drivers, legacy mods, certain anti-cheats).
๐ฅ Step 1: Check the Current Blocklist Status
โ Via PowerShell (Optional)
Press
Start, typePowerShell, right-click it, and select Run as Administrator.Run this command:
Copy
Get-CimInstance -Namespace root\Microsoft\Windows\CI -ClassName Win32_DeviceGuardLook for:
UserModeCodeIntegrityPolicyEnabledKernelModeCodeIntegrityPolicyEnabled
๐ฅ Step 2: Disable Blocklist in Windows Settings (if available)
Go to Settings โ Privacy & Security โ Windows Security โ Device Security.
Click Core Isolation details.
Find Microsoft Vulnerable Driver Blocklist and toggle it Off.
๐ก If the switch is greyed out, continue to Step 3.
๐ฅ Step 3: Disable the Blocklist via Registry Command (All Windows Editions)
Press
Windows + X, then choose Terminal (Admin) or open Command Prompt as Administrator.Run the following command:
Copy
reg add HKLM\SYSTEM\CurrentControlSet\Control\CI\Config /v VulnerableDriverBlocklistEnable /t REG_DWORD /d 0x000000 /fYou should see: "The operation completed successfully."
Restart your PC.
๐ฅ Step 4: Disable Secure Boot
In BIOS/UEFI:
Go to the Boot, Security, or Authentication tab.
Look for Secure Boot or Secure Boot Control.
Set Secure Boot to Disabled.
๐ If the setting is greyed out, you may need to:
Change Boot Mode to Custom or Legacy/CSM first.
Clear Secure Boot Keys:
Option: Clear Secure Boot Keys โ Yes
Then, Secure Boot should become editable.
Save changes and exit BIOS (
F10โ Yes).
โ
Step 4: Confirm the Blocklist Is Disabled
After reboot:
Go back to Windows Security โ Device Security โ Core Isolation Details
The Microsoft Vulnerable Driver Blocklist should be Off
Or re-run the PowerShell command from Step 1 to verify policy status
Last updated