@ Martin
This is interesting. I have extracted the HWiNFO64A_171.sys by running HWiNFO64 on another system. Then I have written my own software to load the driver into Windows 11 build 25145, the software simply loads the driver and starts the service, nothing else:
View attachment 7897
Now that driver is loaded, I can start HWiNFO64 again, with all HVCI protection enabled. I guess HWiNFO checks if driver is already loaded before it actually tries to load one itself.
View attachment 7898
I don't know if that matter or not, but I named this service 'HWiNFO64 Kernel Driver'.
Wow, that's very interesting! That would mean you somehow circumvented the blocking rules by MS.
Unfortunately we still don't know what exact rules work in build 25145. There's a file
which defines the rules for blocking various drivers, but it's really odd that it doesn't list HWiNFO and the CPU-Z driver it blocks is rather old. So there must be some other rules enforced that we haven't figured out yet.c:\Windows\schemas\CodeIntegrity\ExamplePolicies\RecommendedDriverBlock_Enforced.xml
I tried to install build 25145 to have a deeper look but for some reason I can't get HVCI to work there, while this was not an issue on the same system with build 22000. So my testing capabilities are currently very limited.
Can you try to install the driver with all other details same as HWiNFO does, i.e. the exact service name, description, path, etc. to see if that will block it then?
Last edited: