Ensuring Protection & Compatibility Amid Microsoft’s MVI 3.0 Changes

[rashmi]

Ensuring Protection & Compatibility Amid Microsoft’s MVI 3.0 Changes

Microsoft’s recent announcements regarding the Microsoft Virus Initiative (MVI) 3.0 and the Windows Resiliency Initiative have raised questions about the future of kernel-mode drivers in endpoint security solutions. We would like to clarify our position for Comodo Internet Security (CIS) and...

forums.comodo.com

Microsoft’s recent announcements regarding the Microsoft Virus Initiative (MVI) 3.0 and the Windows Resiliency Initiative have raised questions about the future of kernel-mode drivers in endpoint security solutions.

We would like to clarify our position for Comodo Internet Security (CIS) and the Xcitium Security Client:

1. Kernel Drivers Are Not Banned Under MVI 3.0
   Microsoft has not introduced a blanket prohibition on kernel-mode drivers. Instead, MVI 3.0 introduces enhanced Safe Deployment Practices (SDP) requirements—such as staged rollouts, rigorous testing, telemetry validation, and incident response drills—to ensure reliability and minimize risk in the Windows ecosystem.
2. Encouragement Toward User-Mode Solutions
   Through the new Windows endpoint security platform, Microsoft is enabling security partners to build more functionality in user space rather than in the kernel. This reduces systemic crash risk and allows easier recovery in the event of an unexpected issue. Importantly, this is an encouraged best practice, not a mandated rule.
3. Continued Support for Kernel-Mode Components
   Windows continues to support properly signed kernel-mode drivers, provided they comply with Microsoft’s requirements (EV signing, attestation signing, and compliance with the vulnerable-driver blocklist). CIS and Xcitium Security Client will continue to leverage kernel components where they are technically necessary, particularly for containment and advanced protection features.
4. Our Commitment to Compliance and Security

• All kernel-mode components in CIS and Xcitium Security Client are digitally signed and undergo rigorous QA.
• We align with Microsoft’s vulnerable driver blocklist poliy.
• We are actively testing Microsoft’s new user-mode alternatives and will progressively integrate them where they offer functional parity with kernel-based capabilities.

1. Customer Impact
   End users of Comodo Internet Security and the Xcitium Security Client will not experience disruption in protection or compatibility due to MVI 3.0. Our engineering roadmap ensures compliance with Microsoft’s evolving standards while maintaining the highest level of endpoint protection.

 

[ForgottenSeer 114717]

Comodo said:

"End users of Comodo Internet Security and the Xcitium Security Client will not experience disruption in protection or compatibility due to MVI 3.0. "

Comodo said:

"But they might experience disruption from any of the 150 unfixed dangerous bugs and vulnerabilities. We are not bug fixers. We are cyber protection mavericks! Don't be a complainer. Be a maverick! Use Comodo!"

 

[Trident]

The discussion of kicking AVs out of the kernel space is still ongoing.
It will be minimum of one year of discussing with AV vendors (of which many got involved and some provided 500 pages documentations) and then 3 years of R&D.

It won’t be before 2029 when the first attempts will occur so not sure why and how Comodo users will be affected today.

 

[cartaphilus]

The discussion of kicking AVs out of the kernel space is still ongoing.
It will be minimum of one year of discussing with AV vendors (of which many got involved and some provided 500 pages documentations) and then 3 years of R&D.

It won’t be before 2029 when the first attempts will occur so not sure why and how Comodo users will be affected today.

Once they do kick it out then AV will be as useful in Windows as it is in Android.