Microsofts Strategic Shift: Elevating Windows Security by Moving Antivirus Software Out of the Kernel

Microsoft is set to implement significant changes to the security architecture of Windows. Specifically, the company plans to **remove** antivirus software from the operating system’s kernel to avoid failures like the one that disabled 8.5 million PCs last year due to a CrowdStrike update.

The Redmond-based corporation is developing a new Windows Endpoint Security platform in collaboration with CrowdStrike, Bitdefender, ESET, Trend Micro, and numerous other antivirus software vendors.

Microsoft emphasizes that it has not established rules and does not expect their immediate enforcement. The company has clarified that these standards are created collaboratively. Several partner companies provided Microsoft with detailed design proposals for the platform, with some documents spanning hundreds of pages.

David Weston, Vice President of Security for Enterprise Solutions and OS at Microsoft, stated that the corporation does not dictate to its partners how their APIs should function but rather considers the input of suppliers to ensure safety and reliability.

Anti-cheat engines for games are another significant area of Windows utilizing kernel-level drivers. Microsoft is in discussions with game developers regarding ways to minimize kernel usage. Riot Games has indicated to Microsoft a willingness to adapt to potential changes in Windows security while reducing the impact on the OS kernel.

This summer, Microsoft is preparing to release a Windows update that will feature a new Quick Machine Recovery function, aimed at rapidly restoring the system after a crash. Previously, the company announced plans to **replace** the blue screen of death with a black one.

A few days after the crash caused by the CrowdStrike software update in July 2024, Microsoft **launched** a tool for system administrators to fix BSOD issues in Windows 10 and 11. In the fall, Microsoft **promised** to enhance Windows security update algorithms without restricting access to the OS kernel for antivirus tools.