Connect to PPL Only

Is there a way to allow user-driver connections from only PPL processes?

Yes there should be a way (because there is a way to find PPLs from a kernel driver)
Happy hacking.
– pa

Thanks Pavel. I had seen that github, but I don’t want to use undocumented calls.

You can use ZwQueryInformationProcess with ProcessProtectionInformation to query the protection level in a semi-documented way. (semi documented because this function is documented for user mode usage and it has a “may be altered or unavailable in future versions of windows” disclaimer.) - Why are you trying to protect your device that way? If a user is an administrator he has access to load drivers that could allow him to inject into a protected process and eventually access your device… The question is - what are you trying to protect from?