Microsoft is developing a new Windows security platform that moves antivirus (AV) and endpoint detection and response (EDR) software out of the Windows kernel. This is to prevent incidents like the 2024 CrowdStrike update failure that caused major global outages.
The initiative involves collaboration with major security vendors, including CrowdStrike, Bitdefender, ESET, and Trend Micro. Microsoft emphasizes a cooperative approach rather than dictating terms.
Kernel-level integration in security tools is being rethought due to its risk of system-wide crashes (e.g., Blue Screen of Death). The new approach aims for more secure and reliable alternatives.
A private preview of the changes is being released so vendors can test and provide feedback. AV and EDR are the starting focus, but other kernel-level apps (like anti-cheat systems in games) are also in discussion.
Game developers are interested in reducing kernel dependency, though it’s a more complex area due to cheat prevention.
