I am trying to code a driver that blocks signed Vulnerable drivers. I have done some reading and found out that you can block the driver load somehow with SeRegisterImageVerificationCallback.
My biggest problem is that it’s undocumented and there are only a few sites that have written about it but not enough. I’ve already managed to log the drivers that are loaded.
But now I’m wondering how I can block the load with it. I simply have no more ideas.