Microsoft is gearing up to nudge EDR vendors out of the Windows kernel – a move that follows  CrowdStrike's failure to spot a bug that caused its agent (running in kernel mode) to crash over eight millions computers.

Redmond will release a new Windows endpoint security platform in private preview next month that will see “security-product developers… build their products outside of kernel mode,” it confirmed on June 25.

That’s part of an architectural overhaul that Microsoft is making much of being a collaborative industry effort with multiple EDR vendors: It names Bitdefender, CrowdStrike, ESET, SentinelOne, Trellix, Trend Micro, and WithSecure as members of its “Windows Resiliency Initiative” (WRI).

It will require some real product innovation by partners...

This post is for paying subscribers only

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in