Block loading of drivers

I am trying to code a driver that blocks signed Vulnerable drivers. I have done some reading and found out that you can block the driver load somehow with SeRegisterImageVerificationCallback.
My biggest problem is that it’s undocumented and there are only a few sites that have written about it but not enough. I’ve already managed to log the drivers that are loaded.

But now I’m wondering how I can block the load with it. I simply have no more ideas.

Hmmm… this is your first post here?

This callback, and the others related to it, are part of the ELAM system. IIRC, there’s documentation for that, it’s just not available publicly.

Now, having said that… doesn’t the callback get a PBDCB_IMAGE_INFORMATION? And isn’t one of the fields in that structure the BDCB_CLASSIFICATION? Are you saying setting the BDCB_CLASSIFICATION properly on return doesn’t work, or that you don’t know how to set it?

Peter