I-Microsoft Vulnerable Driver Blocklist: Iyini nokuthi isetshenziswa kanjani

Namuhla, seguridad informática Kungenye yezinto ezibalulekile ezikhathazayo zanoma yimuphi umsebenzisi noma umlawuli wesistimu. Izinsongo ezintsha zihlala zivela ezizama ukuxhaphaza ubungozi. Kulapho-ke Uhlu Lokuvimba Abashayeli Abasengozini ye-Microsoft o Uhlu lwe-Microsoft Vulnerable Driver Blocklist. Isici esithole ukuhlobana okukhethekile ezinguqulweni zamanje ze-Windows.

Futhi enye yezindawo ezintekenteke kakhulu kwezokuphepha kweWindows yi- controladores o drivers. Leyo softhiwe encane kodwa ebalulekile ingatholakala kuzo zonke izinhlobo ukuhlaselwa, njengokusatshwayo I-BYOVD (“Letha Owakho Umshayeli Osengozini”). Kulesi sihloko, sizochaza lokho okudingeka ukwazi mayelana nalolu hlu lwamabhulokhi nokuthi lusebenza kanjani.

Luyini uhlu lwe-Microsoft Vulnerable Driver Blocklist?

 

Uhlu lwe-Microsoft Vulnerable Driver Blocklist luyi- isici sokuphepha esakhelwe ku-Windows nasezisombululweni zayo eziyinhloko zokuvikela, njenge I-Microsoft Defender. Inhloso yayo ukuvimbela ukulayishwa nokubulawa kwabashayeli abayingozi ohlelweni lokusebenza. Laba bashayeli, ngokuvamile abathuthukiswa abantu besithathu esikhundleni seMicrosoft uqobo, bangaba namaphutha ezokuphepha—noma baze baklanywe ngonya—okubenza babe ngamasango afanelekile okuhlasela okuthuthukile.

Uhlu lusebenza kanje uhlobo "lohlu olumnyama" lapho izilawuli ezihlangabezana nesici esisodwa noma ngaphezulu kwezilandelayo zifakwa khona:

• Ubuthakathaka obubonakalayo: Abashayeli ubuthakathaka babo bungasetshenziswa ukukhulisa amalungelo ku-Windows kernel noma ukuvikela kokudlula.
• Ukuziphatha okunonya: Abashayeli abahlanganisa ikhodi engabangela umonakalo, ukufaka uhlelo olungayilungele ikhompuyutha, noma abasayinwe ngezitifiketi ezihlobene nesofthiwe engalungile.
• Ukwephulwa kwemodeli yokuphepha ye-Windows: Abashayeli okuthi, ngaphandle kokuthi babe nonya, abangadlula imikhawulo yezokuphepha yesistimu yokusebenza.

Ngamafuphi, uhlu lokuvimba lweMicrosoft lusebenza njenge isivikelo sokuvimbela esivimbela abashayeli abangaba yingozi ukuthi bagijime, ngisho noma benesignesha yedijithali nesitifiketi esivumelekile. Lokhu kuqinisa esinye sezingqimba ezibucayi kakhulu zokuvikela i-Windows, i-kernel, futhi kwenza umsebenzi wezigebengu ze-inthanethi zibe nzima kakhulu.

I-blocklist isebenza kanjani: ivikela kanjani ikhompyutha yakho

La Uhlu Lokuvimba Abashayeli Abasengozini ye-Microsoft Akuyona into emile, kodwa umshini ophilayo ovuselelwa njalo. I-Microsoft, ngokubambisana nabakhiqizi bezingxenyekazi zekhompuyutha (IHV) kanye nama-OEM, iqapha ngokucophelela i-ecosystem yomshayeli ukuze ibone futhi ivimbe izingxenye eziyingozi.

Uma umshayeli ehlonzwa njengosengozini, enonya, noma engahambisani nezindinganiso zokuphepha ze-Windows, yengezwa ohlwini futhi avinjwe ngokuzenzakalelayo ekulayisheni kumakhompyutha lapho uhlu oluvinjiwe lusebenza khona. Lokhu kwenziwa, kuye ngenguqulo nokucushwa kwesistimu, ngezindlela eziningana:

• IMemory Integrity (HVCI noma I-Hypervisor-Protected Code Integrity): Uma inikwe amandla (ngokuzenzakalelayo kuma-PC amaningi we-Windows 11), uhlu lokuvimba luqala ukusebenza ngokuvimba abashayeli abafakwe kulo.
• Imodi Ephephile: Amadivayisi e-Windows asebenza ngemodi ye-S, eziqhenya ngendawo elawulwayo nevikeleke kakhudlwana, futhi inohlu lokuvimba oluvulwe ngokuzenzakalelayo.
• Ukulawula Uhlelo Lokusebenza ku-Windows Defender (Ukulawula Uhlelo Lokusebenza Lwebhizinisi): Ivumela abalawuli ukuthi basebenzise uhlu olunconyiwe ngezinqubomgomo zabo zokuphepha.
• IWindows Security (uhlelo lokusebenza lwesistimu): Kusukela Windows 11 22H2, isici sinikwa amandla ngokuzenzakalela futhi singaphathwa kusukela Ekuvikelekeni Kwedivayisi > Isixhumi esibonakalayo Sokuhlukaniswa Okubalulekile.

Ibaphi abashayeli abavinjwa ngempela uhlu lwabavimbeli?

Akubona bonke abashayeli abangaphansi kwe-blocklist, yilabo kuphela ezihlangabezana nemigomo ethile ezenza zibe izingozi ezingaba khona. Phakathi kwezizathu ezivame kakhulu zokuthi kungani umshayeli engezwe kulolu hlu yilezi:

• Ukuba khona kobungozi bokuphepha eyaziwa futhi ibhalwe phansi.
• Ukusetshenziswa kwayo kutholwe ekuhlaselweni okusebenzayo, okuhlanganisa ukuxhashazwa yi-ransomware, i-malware, noma izinsongo eziqhubekayo ezithuthukile.
• Ukusetshenziswa kwezitifiketi ezihlobene nemikhankaso enonya yesiginesha yakho yedijithali.
• Ukuziphatha okuvumela ukudlula imodeli yokuvikela yeWindows, nakuba kungeyona i-malware yakudala.

Amanye amagama angase abe sohlwini ahlanganisa abashayeli abadala bezinsiza zediski, izinhlelo ezithuthukisiwe zokuphatha izingxenyekazi zekhompuyutha, isofthiwe ye-virtualization, noma ngisho nezishayeli zamadivayisi athile axhumene ne-peripheral okuvikeleka kwawo ebucayini.

Ukubuyekezwa Kohlu Lokuvimba Nokusekelwa

Enye yamandla amakhulu e-Microsoft Vulnerable Driver Blocklist ukuthi Iwuhlu oluphilayo futhi luyagcinwa ngokuhamba kwesikhathi. I-Microsoft iyibuyekeza ngenguqulo entsha ngayinye enkulu ye-Windows (imvamisa kanye noma kabili ngonyaka ngezibuyekezo ezinkulu). Ukwengeza, ungakhulula ama-patches athile nge-Windows Update noma njengokulanda okwenziwa ngesandla uma kwenzeka kuba nezinsongo ezintsha.

Nakuba i-blocklist inikeza izinga eliphezulu kakhulu lokuzivikela, Ukwenza kusebenze kwayo kungase kube nemiphumela ethile engemihle ku-hardware noma ukusebenzisana kwesofthiwe nokusebenza. Isibonelo, uma umshayeli obalulekile wedivayisi ethile evinjiwe, angase ayeke ukusebenza kahle futhi, ezimweni ezingavamile, aze abangele isikrini sokufa esiluhlaza okwesibhakabhaka (BSOD).

Por ello, I-Microsoft incoma ukuthi kuqale kuqinisekiswe inqubomgomo kumodi yokuhlola, ibuyekeze izehlakalo ezivinjiwe ngaphambi kokuphoqelela ukuvinjwa unomphela. Ezimweni zebhizinisi, lokhu kwenziwa ngokuLawulwa kohlelo lokusebenza kanye nenqubomgomo ehambisanayo, okukuvumela ukuthi uqaphe ukuthi yibaphi abashayeli abangavinjwa futhi wenze izinqumo ngakunye.

Njengomthetho ojwayelekile, uhlu lwe-blocklist lucwengisiswe ngokwanele ukuze kuncishiswe amaphuzu angamanga futhi ukuvikelwa kwebhalansi ezinkingeni ezingase zihambisane. Nokho, ukungqubuzana okungalindelekile kungase kwenzeke kumasistimu ane-hardware ethize kakhulu noma isofthiwe endala. Uma kunjalo, kuwumqondo omuhle ukubika udaba ngeziteshi ze-Microsoft ukuze sixoxe ngokukhipha noma ukubuyekeza umshayeli othintekile.

Uluvumela kanjani noma lukhubaze Uhlu Lokuvinjelwa Kwedrayivu Ye-Microsoft

Kuye ngenguqulo ye-Windows nezilungiselelo zedivayisi, Uhlu lokuvimba lunganikwa amandla noma lukhutshazwe ngokuzenzakalela. Kusukela kwakhululwa Windows 11 inguqulo 22H2, isici sinikwe amandla kuwo wonke amadivayisi, kodwa sisengaphathwa ngesandla.

Bangu Izindlela ezimbili ezinkulu zokulawula isimo se-blocklist:

• Kusukela ku-Windows Security interface:
  • Vula uhlelo lokusebenza lwe-Windows Security (sesha kumenyu yokuqala).
  • Iya engxenyeni ethi “Ukuphepha Kwedivayisi” bese uye kokuthi “Core Isolation.”
  • Kuleso sikrini, vula noma uvale inketho ethi “Microsoft Vulnerable Driver Blocklist” ngokufanelekile.
  • Ezinguqulweni ezindala (Windows 10 noma 11 21H2), inketho ingase ingaveli noma ingase idinge ukuthi uvule i-HVCI kuqala.
• Ukusebenzisa i-Windows Registry:
  • Vula umhleli wokubhalisa (regedit.exe).
  • Zulazulela ku-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config.
  • Hlela noma dala inani le-DWORD elithi “VulnerableDriverBlocklist”, unikeze u-1 ukuze unike isici amandla, noma u-0 ukuze usikhubaze.

Ngemuva koshintsho, kunconywa ukuthi uqale kabusha ikhompyutha yakho ukuze izilungiselelo zisebenze.

Izincomo zabasebenzisi nezinkampani

Ukuthola okuningi ekuvikelweni okunikezwa Uhlu Lokuvinjelwa Komshayeli Osengozini Ye-Microsoft, abasebenzisi basekhaya nabaphathi bohlelo kufanele balandele izinyathelo ezimbalwa ezilula: imikhuba emihle:

• Hlala njalo ugcine isistimu yokusebenza ibuyekeziwe ngokugcwele, njengoba izinguqulo ezintsha zivame ukufaka ukuthuthukiswa okubalulekile kuhlu lokuvimba kanye nokuvikela i-kernel ye-Windows.
• Hlola ngezikhathi ezithile ukuthi uhlu lokuvimba luyasebenza yini kusuka kuhlelo lokusebenza lwe-Windows Security (ikakhulukazi ngemva kokubuyekezwa okukhulu kwesistimu noma izinguquko zezilungiselelo).
• Ezimweni zebhizinisi, sebenzisa Ukulawulwa Kohlelo Lokusebenza Lwezinqubomgomo Zebhizinisi ukuze uqinisekise ukuthi wonke amadivayisi athola inguqulo yakamuva yohlu futhi aqaphe izinkinga ezingaba khona ngaphambi kokusebenzisa amabhulokhi angunaphakade.
• Qinisekisa izinqubomgomo kumodi yokuhlola kuqala, ukunciphisa ukungqubuzana kokuhambisana futhi kuxazululwe imibono engamanga engaba khona.
• Hlala ubukele izaziso zezokuphepha ze-Microsoft kanye nomkhiqizi wezingxenyekazi zekhompuyutha ukuze bafunde mayelana nabashayeli abasha abathintekayo okungenzeka.
• Thumela abashayeli abasolisayo kwa-Microsoft Ukusebenzisa amathuluzi asemthethweni namaphothali, okunikela ekuthuthukisweni okuqhubekayo kokuvikelwa komhlaba.

Ukuphathwa okuthuthukisiwe kohlu lwe-Microsoft Vulnerable Driver Blocklist: ukulanda kanye nokusetshenziswa okwenziwa ngesandla

Kubasebenzisi abathuthukile namabhizinisi, iMicrosoft inikeza amandla okwenza Landa inguqulo yakamuva yohlu oluvinjiwe ngefomethi kanambambili noma ye-XML kuphothali yakho yokulanda. Lokhu kuyasiza ezimeni lapho kudingeka ukulawula okuphezulu noma nini, ngenxa yezizathu zokuphepha noma zokuthobelana, awufuni ukuthembela kuphela kuzibuyekezo ezizenzakalelayo.

Inqubo evamile imi kanje:

1. Landa Ithuluzi Lokubuyekeza Inqubomgomo App Control.
2. Thola futhi ukhiphe ama-binaries we-Vulnerable Driver Blocklist.
3. Khetha ifayela elifanele (ucwaningo noma inguqulo esetshenzisiwe) bese uliqamba kabusha libe yi-SiPolicy.p7b.
4. Kopisha i-SiPolicy.p7b ku-%windir%\system32\CodeIntegrity indawo.
5. Qalisa ithuluzi lokubuyekeza ukuze wenze kusebenze futhi ubuyekeze zonke izinqubomgomo Zokulawula Uhlelo Lokusebenza.

Ngemva kokuqalisa kabusha ikhompuyutha, ungaqinisekisa ukuthi inqubomgomo isetshenziswe ngendlela efanele ngokubuyekeza imicimbi engu-3099 ku-Windows Event Viewer, ngaphansi kwelogi ye-CodeIntegrity.

Umthelela kulwazi lomsebenzisi nezindaba ezaziwayo

Naphezu kwezinzuzo, akuyona yonke into ekhanyayo. Ukuphathwa kohlu lokuvimba kungabangela ukuphazamiseka okuthile kumsebenzisi wokugcina, ikakhulukazi kumasistimu anezidingo ezenziwe ngokwezifiso kakhulu. Izinkinga ezivame kakhulu ngokuvamile zihlanganisa:

• Ukungahambisani nehadiwe endala noma izinhlelo zefa ukuthuthukiswa kwawo okuye kwanqamuka futhi abashayeli bayo abangakabuyekezwa ukuze bahlangabezane namazinga amasha okuphepha.
• Imibono engamanga engenzeka lokho vimba abashayeli abasemthethweni, kodwa abangajwayelekile, abangakwazi ukwenza amadivayisi angasebenzi.
• I-Blue Screen of Death (BSOD) Amacala uma isici sokuqalisa esibalulekile sivinjwe ngephutha.

Kungani uhlu lokuvimba lubalulekile namuhla

Ukuhlaselwa kwe-BYOVD, ukuxhashazwa kwabashayeli abakhohliwe kanye nokuba yinkimbinkimbi kwe-malware kwenza kube njalo. ukuvikelwa komgogodla wesistimu ibaluleke kakhulu kunakuqala. Izigebengu ze-Cybercriminal ziye zafakazela ukuthi zingasebenzisa noma iyiphi i-loophole, futhi abashayeli abasengozini bamele enye yezindawo ezingemuva eziyingozi kakhulu, ezisebenza ezingeni eliphansi kangangokuthi zingakhubaza noma zisebenzise cishe noma yiziphi ezinye izindlela zokuphepha.

Isu le-Microsoft lokugcina uhlu lokuvimba oluphakathi nendawo, oluguqukayo oluxhunywe kubathengisi kanye nomphakathi wezokuphepha impendulo engcono kakhulu kusongo oluthinta kokubili abasebenzisi ngabanye nezinhlangano ezinkulu.

Ukugcina I-Microsoft Vulnerable Driver Blocklist isebenza futhi isesikhathini kungenye yezindlela ezilula nezisebenza kahle kakhulu zokuqinisa ukuvikeleka kwe-Windows nokwenza kube nzima kuzigebengu ze-inthanethi. Kunconywa ukuthi abalawuli bayisebenzise ngokuhlanganyela nezinye izinqubomgomo zokuvikela nokuthi abasebenzisi basekhaya babuyekeze izilungiselelo ngezikhathi ezithile Kokuvikeleka kwe-Windows; Lokhu kukhulisa kakhulu ukuvikeleka nokuthula kwengqondo kwedatha yakho nohlelo.