driver blocklist

AppWizard
June 25, 2026
Riot Games has introduced a new feature for its Vanguard anti-cheat system called Vanguard On-Demand, which allows the kernel driver to load only when a Riot game is launched and unload upon exit. This change ends the previous practice of loading the driver at Windows start-up, which has been in place since 2020. The new mode is supported by Windows 11 25H2 and requires specific hardware configurations, including UEFI Secure Boot, TPM 2.0, Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and IOMMU. Approximately 35% of players currently meet these hardware requirements, while around 3% are using incompatible systems. Riot has created a checklist called Vanguard Pre-Check to help players determine if their systems qualify. The percentage of fully secured machines is estimated to be around 34.33% and is increasing monthly. Players whose systems do not meet the criteria will need to make manual adjustments in their BIOS. Vanguard On-Demand mode will be available for players on Windows 11 starting later today. The feature is based on Microsoft’s Runtime Driver Attestation Report, which tracks driver activity since boot and helps ensure no vulnerable drivers have been loaded while Vanguard is inactive. Riot Games has required TPM 2.0 and Secure Boot on Windows 11 since 2020 and has faced criticism for these requirements. Enabling VBS and HVCI may affect frame rates and could disable older peripheral drivers due to Microsoft's vulnerable driver blocklist.
Winsage
May 10, 2026
Microsoft's April 2026 Windows security update, KB5083769, may disrupt image-mount operations for backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup due to the addition of the psmounterex.sys kernel driver to its Vulnerable Driver Blocklist. This action was taken to address a high-severity buffer overflow vulnerability, CVE-2023-43896. The inclusion of this driver in the blocklist has rendered several backup products inoperable, and Microsoft will not retract the block for security reasons. Administrators can use Event ID 3077 in the Code Integrity log to confirm that the blocklist is causing the failures. Microsoft advises updating backup applications to versions that include necessary driver protections instead of uninstalling or pausing the security patch. Additionally, the April updates have caused other issues, such as failures in Windows Server installations and devices booting into BitLocker recovery mode.
Winsage
May 8, 2026
A recent Windows update, KB5083769, released on April 14, 2026, blocks the psmounterex.sys driver, disrupting the functionality of third-party backup software like Acronis Cyber Protect Cloud, Macrium Reflect, and NinjaOne. This driver is essential for loading and mounting backup storage images. Users may encounter errors related to Microsoft VSS during backup attempts. The update is a security enhancement, not a bug, and users are advised to upgrade their backup software to versions that use a newer driver or temporarily uninstall the KB5083769 update. It is recommended to check for updates from the backup software provider and pause Windows Updates to prevent automatic reinstallation of the problematic update until a fix is available.
Winsage
May 5, 2026
Microsoft will include the psmounterex.sys driver in its Vulnerable Driver Blocklist in the April 2026 security update, affecting third-party backup applications that use this driver for image mounting and Volume Shadow Copy Service (VSS) snapshots. This decision addresses CVE-2023-43896, a critical buffer overflow vulnerability. Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 11, Windows 10, and Windows Server platforms. Users may face issues during image-mount operations, receiving error messages related to VSS timeouts and Code Integrity errors in the Event Viewer. To check if a system is affected, users can look for Event ID 3077 in the Code Integrity Operational log. Microsoft recommends upgrading to newer versions of backup applications that do not use blocked drivers and advises against uninstalling or delaying the April update. Additionally, the update may cause certain Windows Server 2025 devices to boot into BitLocker recovery mode and has led to out-of-band updates for Windows Server update failures and restart loops on domain controllers.
Search