I created this video as the continuation of the AVs challenge to show that Antimalware kernel drivers and protected services of popular AVs can be tampered with (from Userland with high privileges), assuming that they are not protected by VBS.
The presented method could be used in the wild because the most important part of it is documented. If so, it was used rarely because I did not see any reference on the web.
It does not use vulnerable drivers and does not abuse PPL.
The presented method is not a full attack, and it is not probable that it can affect home users. However, it can probably be used as a part of targeted attacks in businesses.
Bitdefender is taken only as an example. The presented method was tested by the author on several well-known Antiviruses, with similar effects.
The password is probably to protect the current settings and not to protect kernel drivers.
It would be strange to leave the choice of protecting kernel drivers with a password to the customers.
In all honesty... I've seen fleets of machines get hijacked via MS OTA. There is a reason NiST and CIS configs benchmark it to off (p2p ms update). MS also recently flipped it off by default. To many undisclosed RCE's lol