Publicly-reported instances of BYOVD (Vulnerable Driver) bypassing endpoint security products. Maintained on the same basis for every technique in the Index.
| Product | Entries | High-confidence | Most recent |
|---|---|---|---|
| Microsoft | 24 | 23 | 2026-05-03 |
| SentinelOne | 5 | 4 | 2026-03-26 |
| CrowdStrike | 4 | 3 | 2026-04-05 |
| Elastic | 3 | 2 | 2025-11-21 |
| Palo Alto Networks | 3 | 3 | 2026-02-10 |
| Sophos | 2 | 2 | 2023-08-16 |
| Kaspersky | 2 | 1 | 2026-03-26 |
| Carbon Black | 2 | 2 | 2025-07-31 |
| Symantec | 2 | 1 | 2025-08-07 |
| McAfee | 2 | 1 | 2025-08-07 |
| Webroot | 2 | 1 | 2025-08-07 |
| Cylance | 2 | 1 | 2025-08-07 |
| Zemana | 2 | 2 | 2024-03-14 |
| Fortinet | 1 | 1 | 2026-02-04 |
| EasyAntiCheat | 1 | 1 | 2023-11-05 |
| Easy Anti-Cheat | 1 | 1 | 2024-07-24 |
| BattlEye | 1 | 1 | 2024-07-24 |
| Baidu | 1 | 1 | 2026-01-26 |
| F-Secure | 1 | 0 | 2025-08-07 |
| HitmanPro | 1 | 0 | 2025-08-07 |
| Various EDR vendors | 1 | 1 | 2026-05-03 |
| targeted EDR vendor | 1 | 0 | 2024-09-13 |
| Bitdefender | 1 | 0 | 2025-08-07 |
| Riot Games | 1 | 1 | 2025-03-02 |
| Cortex | 1 | 1 | 2023-05-31 |
| other EDR vendors | 1 | 0 | 2024-09-18 |
| Avast | 1 | 1 | 2024-09-21 |
| Trend Micro | 1 | 0 | 2025-08-07 |
| Product | Confidence | Disclosed | Source | |
|---|---|---|---|---|
| Microsoft | high | 2026-05-03 | lyrie.ai | record → |
| Various EDR vendors | high | 2026-05-03 | lyrie.ai | record → |
| CrowdStrike | high | 2026-04-05 | threatlabsnews.xcitium.com | record → |
| Microsoft | high | 2026-03-26 | github.com | record → |
| Microsoft | high | 2026-03-26 | labs.cloudsecurityalliance.org | record → |
| Kaspersky | high | 2026-03-26 | labs.cloudsecurityalliance.org | record → |
| SentinelOne | high | 2026-03-26 | labs.cloudsecurityalliance.org | record → |
| Microsoft | high | 2026-03-13 | www.healthcaredive.com | record → |
| Microsoft | high | 2026-02-24 | blog.silentforce.io | record → |
| SentinelOne | high | 2026-02-24 | blog.silentforce.io | record → |
| CrowdStrike | high | 2026-02-24 | blog.silentforce.io | record → |
| Microsoft | high | 2026-02-10 | github.com | record → |
| Palo Alto Networks | high | 2026-02-10 | www.gblock.app | record → |
| CrowdStrike | high | 2026-02-10 | www.gblock.app | record → |
| Fortinet | high | 2026-02-04 | cybersecuritynews.com | record → |
| Baidu | high | 2026-01-26 | the-hunters-ledger.com | record → |
| Elastic | high | 2025-11-21 | ashes-cybersecurity.com | record → |
| Microsoft | high | 2025-11-14 | gbhackers.com | record → |
| Microsoft | high | 2025-11-10 | github.com | record → |
| Microsoft | high | 2025-11-07 | github.com | record → |
| Microsoft | high | 2025-08-28 | radar.offseq.com | record → |
| Elastic | medium | 2025-08-16 | cybersecuritynews.com | record → |
| Microsoft | medium | 2025-08-07 | mine2.io | record → |
| Kaspersky | medium | 2025-08-07 | mine2.io | record → |
| Trend Micro | medium | 2025-08-07 | mine2.io | record → |
| SentinelOne | medium | 2025-08-07 | mine2.io | record → |
| McAfee | medium | 2025-08-07 | mine2.io | record → |
| Bitdefender | medium | 2025-08-07 | mine2.io | record → |
| Cylance | medium | 2025-08-07 | mine2.io | record → |
| F-Secure | medium | 2025-08-07 | mine2.io | record → |
| Symantec | medium | 2025-08-07 | mine2.io | record → |
| Webroot | medium | 2025-08-07 | mine2.io | record → |
| HitmanPro | medium | 2025-08-07 | mine2.io | record → |
| Carbon Black | high | 2025-07-31 | cybersecuritynews.com | record → |
| McAfee | high | 2025-05-30 | threatlabsnews.xcitium.com | record → |
| Webroot | high | 2025-05-30 | threatlabsnews.xcitium.com | record → |
| CrowdStrike | medium | 2025-05-30 | threatlabsnews.xcitium.com | record → |
| Microsoft | high | 2025-05-30 | threatlabsnews.xcitium.com | record → |
| Microsoft | high | 2025-03-16 | asec.ahnlab.com | record → |
| Riot Games | high | 2025-03-02 | github.com | record → |
| Microsoft | high | 2025-01-18 | www.zerosalarium.com | record → |
| Palo Alto Networks | high | 2024-11-01 | unit42.paloaltonetworks.com | record → |
| Avast | high | 2024-09-21 | github.com | record → |
| other EDR vendors | medium | 2024-09-18 | cybersecuritynews.com | record → |
| Microsoft | high | 2024-09-18 | cybersecuritynews.com | record → |
| targeted EDR vendor | medium | 2024-09-13 | www.levelblue.com | record → |
| Microsoft | high | 2024-08-18 | github.com | record → |
| Easy Anti-Cheat | high | 2024-07-24 | github.com | record → |
| BattlEye | high | 2024-07-24 | github.com | record → |
| SentinelOne | high | 2024-07-16 | trustedsec.com | record → |
| Symantec | high | 2024-07-16 | trustedsec.com | record → |
| Microsoft | high | 2024-07-16 | trustedsec.com | record → |
| Elastic | high | 2024-06-27 | infosecwriteups.com | record → |
| Microsoft | high | 2024-06-27 | infosecwriteups.com | record → |
| Microsoft | high | 2024-05-27 | github.com | record → |
| Microsoft | high | 2024-04-05 | github.com | record → |
| Microsoft | high | 2024-04-04 | github.com | record → |
| Zemana | high | 2024-03-14 | www.sentinelone.com | record → |
| Microsoft | high | 2024-01-12 | www.trendmicro.com | record → |
| EasyAntiCheat | high | 2023-11-05 | github.com | record → |
| Palo Alto Networks | high | 2023-09-22 | securityonline.info | record → |
| Microsoft | high | 2023-08-16 | jmp-esp.org | record → |
| Sophos | high | 2023-08-16 | jmp-esp.org | record → |
| Zemana | high | 2023-06-15 | voidsec.com | record → |
| SentinelOne | high | 2023-05-31 | www.bleepingcomputer.com | record → |
| Cylance | high | 2023-05-31 | www.bleepingcomputer.com | record → |
| Microsoft | high | 2023-05-31 | www.bleepingcomputer.com | record → |
| Cortex | high | 2023-05-31 | www.bleepingcomputer.com | record → |
| Carbon Black | high | 2023-05-31 | www.bleepingcomputer.com | record → |
| Sophos | high | 2023-05-31 | www.bleepingcomputer.com | record → |
Counts reflect distinct publicly-reported events on record; absence of an entry means no confirmed public report is on file.