The EU did just that. Microsoft had a fix that would have prevented this some time ago but the EU wouldn't let them use it claiming it was monopolistic because it gave them too much control over how software could be installed. The ironic thing is Apple has the same fix, yet it was allowed.
Well, well, well. Interesting. The above folder screenshot was from the Meteor Lake laptop I was using yesterday evening. No .sys file.I got curious and had a look at a folder named like the one referenced in your registry to see what's in it, if it had a .sys file:The other interesting thing I found was when I poked around in Sysinternals Autoruns.
Based in this, it seems like Windows Defender might be structured in such a way where each definition update is itself a driver. This is in contrast to Crowdstrike Falcon where their “driver” that is running in ring 0 reads in its update files.
I don't intend that to be a direct comparison between the two since...as we've all come to know...Crowdstrike's product isn't really the same as a “definition-based” antimalware product. I just found this discovery about Defender interesting and possibly something to look for with third party “traditional” antimalware products.
Apparently not.
What this all means, if anything, I'm afraid I have no idea. Anyone?
Crowdstrike repeatedly refutes that the file was all zeros.
How do you think Crowdstrikes clients should be held responsible? Thats like saying you should be responsible for your cars recall that caused 100,000 cars to be recalled.
