Hi, I recently finished building a complex driver that we want to ship to customers, but we wanted to protect some proprietary logic from reverse engineering. I used Oreans Code Virtualizer on it and as expected, we received a {"code":"4001","details":{"errorInfo":"BlockingDetectionFound"},"innerError":null} Without virtualizing it works fine.
This is something that has been discussed here, on Oreans as well as VMProtect forums, cheat dev forums, and Microsoft support, at least since 2025, but the outcome is always the same - just give up. And we all know how Microsoft support is very supportive about such topics.
We of course switched to alternative methods that get signed (and currently testing out how much of the “secret” logic can be moved to usermode), but I just want to understand how the big guys bypass this limitation? It is no secret that especially some anti-cheat drivers are virtualized to smithereens and Microsoft just does not care. Did they negotiate special treatment for themselves? Or is there some other way (custom virtualization that does not get recognized by scanners? submitting to Microsoft Security Intelligence to have it whitelisted?..).
I know this is a long shot, but I would love to hear from anyone who has any insight into this.