Kernel Patch Protection

As a result, some x86 software, notably certain security and antivirus programs, were designed to perform needed tasks through loading drivers that modify core kernel structures.

With highly obfuscated code and misleading symbol names, KPP employs security through obscurity to hinder attempts to bypass it.

[citation needed] Anti-virus software authored by Kaspersky Lab has been known to make extensive use of kernel code patching on x86 editions of Windows.

[17] Because of this, McAfee called for Microsoft to either remove KPP from Windows entirely or make exceptions for software made by "trusted companies" such as themselves.

[4] Symantec's corporate antivirus software[18] and Norton 2010 range and beyond[19] worked on x64 editions of Windows despite KPP's restrictions, although with less ability to provide protection against zero-day malware.

[10][24] Instead, Microsoft worked with third-party companies to create new Application Programming Interfaces that help security software perform needed tasks without patching the kernel.

[4][5] In January 2006, security researchers known by the pseudonyms "skape" and "Skywing" published a report that describes methods, some theoretical, through which Kernel Patch Protection might be bypassed.

[29] Nevertheless, Microsoft has stated that they are committed to remove any flaws that allow KPP to be bypassed as part of its standard Security Response Center process.

[30] In keeping with this statement, Microsoft has so far released two major updates to KPP, each designed to break known bypass techniques in previous versions.

The kernel connects the application software to the hardware of a computer.
Jim Allchin , then co-president of Microsoft, was an adamant supporter of Kernel Patch Protection.