US 12,079,364 B2
Controlling installation of unauthorized drivers on a computer system
Manoharan Kuppusamy, Redmond, WA (US); Dhananjay Ramakrishnappa, Bengaluru (IN); Shyam Arunkundram Ramprasad, Bengaluru (IN); and Priyadarshi Ghosh, Bangalore (IN)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Sep. 15, 2021, as Appl. No. 17/475,701.
Application 17/475,701 is a continuation of application No. 16/154,144, filed on Oct. 8, 2018, granted, now 11,151,273.
Prior Publication US 2022/0067195 A1, Mar. 3, 2022
Int. Cl. G06F 21/62 (2013.01); G06F 8/61 (2018.01); G06F 9/4401 (2018.01)
CPC G06F 21/6227 (2013.01) [G06F 8/61 (2013.01); G06F 9/4411 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computing system, comprising:
at least one processor; and
memory storing instructions executable by the at least one processor, wherein the instructions, when executed, provide a kernel-mode component in the computing system, the kernel-mode component comprising a volume driver that is loaded into a volume driver stack corresponding to a protected storage volume, the kernel-mode component configured to:
intercept a request to perform an operation on a target file stored on a data storage device;
based on a determination that the target file comprises a driver file that stores code configured to deploy a driver on the computing system,
compare the driver file to an entry in a whitelist file that identifies an authorized driver file, and
determine that the driver file is not authorized by the whitelist file based on the comparison of the driver file to the entry in the whitelist file; and
block the request from being executed based on the determination that the driver rile is not authorized.