Comment by greggsy

I wonder if there is change afoot in the way those APIs are designed and interacted with?

MS did indicate during the CrowdStrike DOS that they would work towards opening up or at least documenting those APIs and some other aspects of the kernel to help improve the situation for vendors.

I believe there might have also been antitrust concerns about the way they deliver Defender as part of the OS, but simultaneously offer premium cloud platforms? Don’t recall the full story.