Kernel Patch Protection (KPP), informally known as PatchGuard, is a feature of 64-bit (x64) editions of Microsoft Windows that prevents patching the kernel. It was first introduced in 2005 with the x64 editions of Windows XP and Windows Server 2003 Service Pack 1.[1]
"Patching the kernel" refers to unsupported modification of the central component or kernel of the Windows operating system. Such modification has never been supported by Microsoft because, according to Microsoft, it can greatly reduce system security, reliability, and performance.[1] Although Microsoft does not recommend it, it is possible to patch the kernel on x86 editions of Windows; however, with the x64 editions of Windows, Microsoft chose to implement additional protection and technical barriers to kernel patching.
Since patching the kernel is possible in 32-bit (x86) editions of Windows, several antivirus software developers use kernel patching to implement antivirus and other security services. These techniques will not work on computers running x64 editions of Windows. Because of this, Kernel Patch Protection resulted in antivirus makers having to redesign their software without using kernel patching techniques.
However, because of the design of the Windows kernel, Kernel Patch Protection cannot completely prevent kernel patching.[2][3] This has led to criticism that since KPP is an imperfect defense, the problems caused to antivirus vendors outweigh the benefits because authors of malicious software will simply find ways around its defenses.[4][5] Nevertheless, Kernel Patch Protection can still prevent problems of system stability, reliability, and performance caused by legitimate software patching the kernel in unsupported ways.
^ ab"Kernel Patch Protection: Frequently Asked Questions". Microsoft. 22 January 2007. Retrieved 30 July 2007.
^Cite error: The named reference skape was invoked but never defined (see the help page).
KernelPatchProtection (KPP), informally known as PatchGuard, is a feature of 64-bit (x64) editions of Microsoft Windows that prevents patching the kernel...
Kernelpatch may refer to: KernelPatchProtection (KPP), a feature of 64-bit (x64) editions of Microsoft Windows that prevents patching the kernel, informally...
that currently relies on the unsupported practice of patching the kernel (see KernelPatchProtection). An update to DirectX 10, named DirectX 10.1, marked...
baseball stadium in Lexington, Kentucky, USA (University of Kentucky) KernelPatchProtection, a security feature of Microsoft Windows Key Performance Parameters...
The Linux kernel is a free and open-source,: 4 monolithic, modular, multitasking, Unix-like operating system kernel. It was originally written in 1991...
the updated tool every second Tuesday of every month (commonly called "Patch Tuesday") through Windows Update, at which point it runs once automatically...
Protection. By May 8, 2017, Microsoft had released a patch to all affected systems. Ars Technica commended Microsoft for its unprecedented patching speed...
distributions, all of these kernels are grouped under a single entry in these tables, due to the differences among them being of the patch level. See comparison...
the Phishing Filter was renamed to SmartScreen and extended to include protection from socially engineered malware. Every website and download is checked...
ASLR in July 2001 as a patch for the Linux kernel. It is seen as a complete implementation, providing also a patch for kernel stack randomization since...
Endpoint Protection: A business antivirus software product that can be controlled over the network, formerly known as Forefront Endpoint Protection, Forefront...
Experience Toolkit [2009] Related topics Data Execution Prevention KernelPatchProtection Mandatory Integrity Control MS Antivirus (malware) User Account...
Extended Copy Protection (XCP) is a software package developed by the British company First 4 Internet (which on 20 November 2006, changed its name to...
improvements to enhance scalability. It also introduces KernelPatchProtection (also known as PatchGuard) to improve security by helping to eliminate rootkits...
(MSE) is a discontinued antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses...
terminate and stay resident component of MSAV that provided real-time virus protection. By default, VSafe does the following: Checks executable files for viruses...
upgraded KernelPatchProtection, also referred to as PatchGuard, prevents third-party software, including kernel-mode drivers, from modifying the kernel, or...
comprises a number of mechanisms that are enforced by the kernel. A centerpiece is the protection of system-owned files and directories against modifications...
improve KernelPatchProtection". Microsoft. October 26, 2007. Retrieved March 3, 2008. "How to Impress Girls with Browser Memory Protection Bypasses"...
used as a replacement for these tools, as it does not provide real-time protection, cannot update its malware definitions, and expires after ten days. It...
utility with the integrated functionality of Windows Defender for malware protection. A future addition of a registry cleaner was considered but not added...
Pro over S/PDIF. WASAPI exclusive mode is similar to kernel streaming in function, but no kernel mode programming is required. In shared mode, audio streams...
System Center Data Protection Manager (DPM) is a software product from Microsoft that provides near-continuous data protection and data recovery in a...
Experience Toolkit [2009] Related topics Data Execution Prevention KernelPatchProtection Mandatory Integrity Control MS Antivirus (malware) User Account...
Experience Toolkit [2009] Related topics Data Execution Prevention KernelPatchProtection Mandatory Integrity Control MS Antivirus (malware) User Account...