Microsoft has blocked a Trend Micro driver in Windows 10

The world-renowned security software Trend Micro was reportedly suddenly blocked by Microsoft. The reason for the block was that Trend Micro performed performance fraud to deceive Microsoft for certification.

Microsoft has strict management of core drivers in the operating system, such as hardware drivers and security software drivers will have extremely high permissions after Microsoft certification.

In terms of certification, Microsoft has many regulations to ensure that the driver is stable and reliable, but Trend Micro actually uses fraud to deceive Microsoft to ensure certification.

At first, some researchers found that the core driver of Trend Micro had abnormal resources. At the same time, Microsoft’s Windows Hardware Quality Labs (WHQL) also found abnormalities.

The anomaly discovered by Microsoft is that Trend Micro tried to obtain certification by modifying the code. “Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro’s driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world.”

In daily use, Trend Micro does not follow the test process, which is simply to conduct special cheating against Microsoft’s Windows Hardware Quality Labs.

At the same time, Microsoft is also investigating the abnormal problem of Trend Micro resources found by researchers. Trend Micro not only cheated but also had defects in its core driver code.

Based on security considerations, Microsoft requires that all drivers can only request memory from the non-executable non-paged memory pool to prevent the driver from injecting malicious code into the memory.

Only under the premise of complying with the safety regulations, Microsoft will issue Microsoft official signatures to these drivers, so that these drivers can run smoothly on the system.

Trend Micro executes the memory request during the detection, and if the detected environment is not a test drive of Microsoft Labs, it directly extracts information from the memory.

This kind of operation has a great security threat to the operating system. For this reason, Microsoft has directly banned Trend Micro to prevent the software from running normally on the system. However, it is still unclear why Trend Micro operates illegally.

After the news came out, Trend Micro officials also issued a statement. In the statement, Trend Micro admitted that its driver was abnormal, and related abnormal software was also removed from the official website.

In terms of being blocked by Microsoft, Trend Micro said that the media rumors are all false. Trend Micro was blocked from running because the company asked Microsoft to operate to ensure safety.

Trend Micro stated that Trend Micro discovered an unknown security vulnerability in the product and removed it. Trend Micro is working closely with Microsoft to ensure that the code meets Microsoft’s requirements.

The researcher who initially discovered the problem also stated that Trend Micro’s behavior was extremely suspicious. The researcher said that he would identify the position that Trend Micro cheated.

Via: theregister