Recently, security technology company Trend Micro was found to have cheated on Microsoft’s kernel-driven security test suite. The problematic kernel driver tmcomm.sys changes its behavior when it detects Microsoft’s WHQL test suite, especially by accessing only the available memory in a non-executable non-paged pool in windows 10 systems.
But there are no such restrictions on the daily operation of the system, so many critics have called it trend-tech’s “Volkswagen” cheating, after Volkswagen was caught in the middle of a scandal over cheating. After detecting emissions tests, Volkswagen switched to a less polluting model, which was more polluting when normal.
Volkswagen was subsequently fined billions of dollars, but the main consequence of trend-tech’s case was that Microsoft added the drivers to the Driver Compatibility Database, meaning they would be blocked when Windows 10 was installed.
Trend Micro has now taken Rootkit Buster off its website and claims that it is actually asking Microsoft to block the drivers. Trend Micro
Our development team has identified a potential intermediate security issue as a result of the investigation in the “Demirkapi” blog and is working to ensure that the issue is resolved properly and quickly. As a matter of caution, we have removed the current version of the tool from the site while evaluating and remediation.
We are working closely with Microsoft partners to ensure that our code meets their strict standards.
As for the accusation that Trend Micro is somehow trying to circumvent Microsoft’s certification process, we want to make it clear once again that this is not the case, and we are working closely with Microsoft partners to ensure that our code meets their strict standards.