Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
AVs that block (non-malware) driver load?
Dejan_Maksimovic
Member - All Emails Posts: 589
Hello,
I saw a few cases where I am suspecting some AV is blocking FilterLoad. I cannot easily test if StartService works here, nor what AVs are installed (it will take several weeks to do so).
FilterLoad returns "Privilege not held", even though SE_LOAD_DRIVER is enabled. Since the drivers can be installed, I am suspecting it might be some AV that blocks a driver load? One/two cases having random user->privilege assignments I can figure, but there are a lot more cases.
Anyone have other ideas?
Regards, Dejan.
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 16-20 October 2023 | Live, Online |
| Developing Minifilters | 13-17 November 2023 | Live, Online |
| Internals & Software Drivers | 4-8 Dec 2023 | Live, Online |
| Writing WDF Drivers | 10-14 July 2023 | Live, Online |
Comments
Did you check the Event Log to see if there's anything about the block?
-scott
OSR
Can you ask for someone to export and send them? We often ask for the System and Application event logs as part of triage.
-scott
OSR
It will take a few months before we can get those logs.
It started around June BTW.
Regards, Dejan.