Vulnerable Driver Blocklist

This page will help you disable the Vulnerable Driver Blocklist in Windows.

1. Check Current Blocklist Status Via PowerShell (Optional)

• Press Start, type PowerShell, right-click it, and select Run as Administrator.

• Run this command:

Get-CimInstance -Namespace root\Microsoft\Windows\CI -ClassName Win32_DeviceGuard

• Look for:

UserModeCodeIntegrityPolicyEnabled

KernelModeCodeIntegrityPolicyEnabled

1. Disable Blocklist in Windows Settings (if available)

• Go to Settings → Privacy & Security → Windows Security → Device Security.

• Click Core Isolation details.

• Find Microsoft Vulnerable Driver Blocklist and toggle it Off.

(If it is greyed out, continue on)

1. Disable the Blocklist via Registry Command (All Windows Editions)

• Press Windows + X, then choose Terminal (Admin) or open Command Prompt as Administrator.

• Copy & run the following command:

reg add HKLM\SYSTEM\CurrentControlSet\Control\CI\Config /v VulnerableDriverBlocklistEnable /t REG_DWORD /d 0x000000 /f

• You should see: "The operation completed successfully."

• Restart your PC.

1. Confirm the Blocklist Is Disabled

After reboot:

• Go back to Windows Security → Device Security → Core Isolation Details

• The Microsoft Vulnerable Driver Blocklist should be Off

• Or re-run the PowerShell command from Step 1 to verify policy status