Share via

Microsoft Vulnerable Driver Blocklist missing

Anonymous
2024-01-05T07:47:11+00:00

On a clean install of Windows 11, Microsoft Vulnerable Driver Blocklist is missing in Core Isolation. Only Memory Integrity is there and even that is off by default. I had to turn it on during the initial setup along with windows updates.

Why is the blocklist feature missing in Core isolation? I've done several clean installs and it's always missing.

Checking in the Core Integrity folder in system32 i see a file called driversipolicy.p7b.. Does it mean the Microsoft Vulnerable Driver Blocklist is functioning and it's a Windows Security UI bug?

Every other protection feature work as intended. Real-time protection, cloud based, sample submissions. I only have to turn on Memory Integrity during the first boot. Only problem is the missing Microsoft Vulnerable Drivers Blocklist. It was there before i did a clean installation.

Windows for home | Windows 11 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-01-12T08:53:18+00:00

    Have exactly the same issue.

    I reinstalled a windows PC which was showing the "Microsoft Vulnerable Driver Blocklist" option, and after the reinstallation the option is no longer available. This is a completely clean install, with the Windows ISO downloaded directly from the Microsoft website. Registry key is still there, and "Microsoft Vulnerable Driver Blocklist" registry value still enabled. Is there a PowerShell command with which we can double check if the feature is actually enabled, perhaps to be used for an Intune remediation script?

    I also realised that another option in "Reputation-based protection" is missing. "Warn others about suspicious apps and sites" is now also gone. Can someone double check this for me? This is happening on new Windows installs.

    Frustrating to see features disappearing as we are then left wondering if the security feature is even enabled or not.

    thank you,

    Was this answer helpful?

    5 people found this answer helpful.
    0 comments
  2. Anonymous
    2024-01-05T08:54:20+00:00

    One update.

    Checking in

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config

    The value for VulnerableDriverBlocklistEnable is 1.

    And also in Event Viewer there are event ids 3099 saying "refreshed and activated code integrity policy microsoft windows driver policy"

    Considering the value in regedit means Enabled, the event id 3099 and the p7b file exists does it mean the blocklist is functioning?

    Was this answer helpful?

    0 comments