Microsoft’s recent announcements regarding the Microsoft Virus Initiative (MVI) 3.0 and the Windows Resiliency Initiative have raised questions about the future of kernel-mode drivers in endpoint security solutions.
We would like to clarify our position for Comodo Internet Security (CIS) and the Xcitium Security Client:
- Kernel Drivers Are Not Banned Under MVI 3.0
Microsoft has not introduced a blanket prohibition on kernel-mode drivers. Instead, MVI 3.0 introduces enhanced Safe Deployment Practices (SDP) requirements—such as staged rollouts, rigorous testing, telemetry validation, and incident response drills—to ensure reliability and minimize risk in the Windows ecosystem. - Encouragement Toward User-Mode Solutions
Through the new Windows endpoint security platform, Microsoft is enabling security partners to build more functionality in user space rather than in the kernel. This reduces systemic crash risk and allows easier recovery in the event of an unexpected issue. Importantly, this is an encouraged best practice, not a mandated rule. - Continued Support for Kernel-Mode Components
Windows continues to support properly signed kernel-mode drivers, provided they comply with Microsoft’s requirements (EV signing, attestation signing, and compliance with the vulnerable-driver blocklist). CIS and Xcitium Security Client will continue to leverage kernel components where they are technically necessary, particularly for containment and advanced protection features. - Our Commitment to Compliance and Security
- All kernel-mode components in CIS and Xcitium Security Client are digitally signed and undergo rigorous QA.
- We align with Microsoft’s vulnerable driver blocklist poliy.
- We are actively testing Microsoft’s new user-mode alternatives and will progressively integrate them where they offer functional parity with kernel-based capabilities.
- Customer Impact
End users of Comodo Internet Security and the Xcitium Security Client will not experience disruption in protection or compatibility due to MVI 3.0. Our engineering roadmap ensures compliance with Microsoft’s evolving standards while maintaining the highest level of endpoint protection.