Profile
Microsof...
Microsoft Moves Antivirus Out of Kernel After Crash
June 27, 2025 -
3 minutes, 6 seconds
Why Microsoft Is Moving Antivirus Providers Out of the Windows Kernel
Microsoft is taking a major step to prevent another large-scale system crash like the one caused by the CrowdStrike update that affected millions of PCs. The tech giant is now working with security vendors to move antivirus and endpoint detection tools out of the Windows kernel. This redesign is a direct response to critical concerns about kernel-level access and system-wide vulnerability. The goal? Make Windows more secure, more resilient—and avoid future Blue Screen of Death chaos.
A collaborative shift in how Windows handles antivirus software
The upcoming private preview of Microsoft's new Windows endpoint security platform marks a shift in how antivirus (AV) and endpoint detection and response (EDR) software interact with the system. Previously, AV tools ran within the Windows kernel—an area with full system access, making failures catastrophic. Now, Microsoft is co-developing a new architecture with companies like CrowdStrike, Bitdefender, ESET, and Trend Micro. According to Microsoft’s VP of enterprise and OS security, David Weston, the entire security industry is contributing ideas to create a unified, stable platform.
Lessons learned from the CrowdStrike crash
Last year’s CrowdStrike error took down 8.5 million Windows devices due to a faulty kernel-level driver. Microsoft wants to make sure such a bug can’t bring down the entire OS again. By moving AV processes out of the kernel, Windows limits how much damage a single update can cause. Key Windows developers—including kernel architects and security specialists—are leading the redesign. The rollout will be gradual, starting with AV and EDR software, with other kernel-level drivers like gaming anti-cheat systems addressed later.
What’s next for Windows security and system recovery
Microsoft isn’t stopping at just improving antivirus architecture. A new Quick Machine Recovery feature, set to debut this summer, will help recover PCs that fail to boot, sending diagnostics directly to Microsoft. Meanwhile, in a symbolic move, the Blue Screen of Death will soon be black—a visual sign of a new era for Windows reliability. As security vendors adopt these kernel-free models, users can expect fewer critical failures and faster system recovery when things go wrong.
Related Posts
Photos
Contact Information
Suggested Writers
-
2.4K articles
-
1.3K articles
-
34 articles
-
28 articles








Comment