From ce00ae09a30c7b1c278409058bdd21339b2d7333 Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Thu, 30 Sep 2021 09:21:35 -0700
Subject: [PATCH 1/9] xml now has parity with the current release of the
 vulnerable blocklist policy

---
 ...icrosoft-recommended-driver-block-rules.md | 652 ++++++++++++++----
 1 file changed, 500 insertions(+), 152 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 21119863f7..c749cb9925 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -59,6 +59,46 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
   <EKUs />
   <!--File Rules-->
   <FileRules>
+    <Deny ID="ID_DENY_ASIO_32_SHA1" FriendlyName="ASIO32.sys Hash Sha1" Hash="D569D4BAB86E70EFBCDFDAC9D822139D6F477B7C" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256" FriendlyName="ASIO32.sys Hash Sha256" Hash="80599708CE61EC5D6DCFC5977208A2A0BE2252820A88D9BA260D8CDF5DC7FBE4" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="80FA962BDFB76DFCB9E5D13EFC38BB3D392F2E77" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_PAGE" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="9091E044273FF624585235AC885EB2B05DFB12F3022DCF535B178FF1B2E012D1" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_1" FriendlyName="ASIO32.sys Hash Sha1" Hash="5A7DD0DA0AEE0BDEDC14C1B7831B9CE9178A0346" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_1" FriendlyName="ASIO32.sys Hash Sha256" Hash="92EDD48DFAC025D4069EB6491B9730D9D131B77CCEAA480AF9B3C32BC8C5E3A9" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE_1" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="1ACC7A486B52C5EE6619DBDC3B4210B5F48B936F" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_PAGE_1" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="F84634B5C0E83CA9BB25928DC3C4FC05D37451C23B780DBEEB1F10F056F1EEEE" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_2" FriendlyName="ASIO32.sys Hash Sha1" Hash="55AB7E27412ECA433D76513EDC7E6E03BCDD7EDA" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_2" FriendlyName="ASIO32.sys Hash Sha256" Hash="C1B41D6B91448E2409BB2F4FBF4AEB952ADF373D0DECC9D052277B89BA401407" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE_2" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="1E7C241B9A9EA79061B50FB19B3D141DEE175C27" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_PAGE_2" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="1056806F6508B4F5E8A00A6E8D07AEAC06A1BE5F9B92F1684F33682D2DA9349E" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1" FriendlyName="ASIO64.sys Hash Sha1" Hash="E5C090903A20744BA3583A8EA684D035E8CECC34" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256" FriendlyName="ASIO64.sys Hash Sha256" Hash="9DCFD796E244D0687CC35EAC9538F209F76C6DF12DE166F19DBC7D2C47FB16B3" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_PAGE" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="CA5FF4EB8CCBDE4EFF3491FD7941769E8D093D79" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_PAGE" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="D8841803F181F735D8794C82BA52D8C484B3B0A95DBBB66114314F439B75B0E9" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_1" FriendlyName="ASIO64.sys Hash Sha1" Hash="C92148D0666F2235500805975BE79738B84E48C2" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_1" FriendlyName="ASIO64.sys Hash Sha256" Hash="19C74EA0E0BAF04820E5642BD2FA224158801ED966BE1041539E3C55BD65C471" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_PAGE_1" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="F8270F774B3549079EA7D5F0D5406F307019BDFB" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_PAGE_1" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="A3C9C5625BA6A6075D365543603A4DD4D7790850753D5289FF976EB2A839910F" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_2" FriendlyName="ASIO64.sys Hash Sha1" Hash="61E1B497A5DF0797527D6D465A8F315A82AD35EB" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_2" FriendlyName="ASIO64.sys Hash Sha256" Hash="739C11FDB8673AB5B78F1A874DAF5BA3FADDB7910A6D4E0CC49ABD8B8537333F" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_PAGE_2" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="708855DB4202A792862E1139D673C3B4B713053C" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_PAGE_2" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="BE5653E4C1ED75A451BE4297FF233A22C7AAB93B2126CA428834E83CADFF5E9C" />
+    <Deny ID="ID_DENY_ASRDRV10_SHA1" FriendlyName="AsrDrv10.sys Hash Sha1" Hash="2E6D61FA32E12FE4ABF7B7D87AA6824F5F528000" />
+    <Deny ID="ID_DENY_ASRDRV10_SHA256" FriendlyName="AsrDrv10.sys Hash Sha256" Hash="C767A5895119154467AC3FCE8E82C20E6538A4E54F6C109001C61F8ABD58F9F8" />
+    <Deny ID="ID_DENY_ASRDRV10_SHA1_PAGE" FriendlyName="AsrDrv10.sys Hash Page Sha1" Hash="085529E58BE3806D396F1BB15FF078FD4C471AAB" />
+    <Deny ID="ID_DENY_ASRDRV10_SHA256_PAGE" FriendlyName="AsrDrv10.sys Hash Page Sha256" Hash="14141F03EFF7C2F44BFED93524F4EC64ABDC8F3D45D55B1BCB5701CA354319FD" />
+    <Deny ID="ID_DENY_ASRDRV101_SHA1" FriendlyName="AsrDrv101.sys Hash Sha1" Hash="D0580BFC31FAEFB7E017798121C5B8A4E68155F9" />
+    <Deny ID="ID_DENY_ASRDRV101_SHA256" FriendlyName="AsrDrv101.sys Hash Sha256" Hash="FEE4560F2160A951D83344857EB4587AB10C1CFD8C5CFC23B6F06BEF8EBCD984" />
+    <Deny ID="ID_DENY_ASRDRV101_SHA1_PAGE" FriendlyName="AsrDrv101.sys Hash Page Sha1" Hash="55A90E7822A1444FAE81371DF7296CC5642FB353" />
+    <Deny ID="ID_DENY_ASRDRV101_SHA256_PAGE" FriendlyName="AsrDrv101.sys Hash Page Sha256" Hash="B00060733F88E3897D4B1E4732DF67FF277A8D615F84E6EFAB98C79C72CBA370" />
+    <Deny ID="ID_DENY_ASRDRV102_SHA1" FriendlyName="AsrDrv102.sys Hash Sha1" Hash="5F9C7D3552FFA98C9DCF9A9B7AD1263D2AB24A2F" />
+    <Deny ID="ID_DENY_ASRDRV102_SHA256" FriendlyName="AsrDrv102.sys Hash Sha256" Hash="11EECF9E6E2447856ED4CF86EE1CB779CFE0672C808BBD5934CF2F09A62D6170" />
+    <Deny ID="ID_DENY_ASRDRV102_SHA1_PAGE" FriendlyName="AsrDrv102.sys Hash Page Sha1" Hash="B419D69A4ED8D4EABD90A155ED15C3374BEA6FFC" />
+    <Deny ID="ID_DENY_ASRDRV102_SHA256_PAGE" FriendlyName="AsrDrv102.sys Hash Page Sha256" Hash="23E39D9E40235A5C456260E03CACCC186FE79FFD7D0439AEA7530EBB0380946D" />
+    <Deny ID="ID_DENY_ASRDRV103_SHA1" FriendlyName="AsrDrv103.sys Hash Sha1" Hash="B3410021EA5A46818D9FF05A96C2809A9ABE8E4A" />
+    <Deny ID="ID_DENY_ASRDRV103_SHA256" FriendlyName="AsrDrv103.sys Hash Sha256" Hash="B6BF2460E023B1005CC60E107B14A3CFDF9284CC378A086D92E5DCDF6E432E2C" />
+    <Deny ID="ID_DENY_ASRDRV103_SHA1_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha1" Hash="490F85E291C4D9ED0AB8457CE6B424C0F3F7E7AC" />
+    <Deny ID="ID_DENY_ASRDRV103_SHA256_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha256" Hash="E22B7BA6D064C75913C3BDADAF7AADA535DDDD83175D8A47467FED5ABC56D5AC" />
     <Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
     <Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
     <Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
@@ -128,40 +168,148 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha256" Hash="4F12EE563E7496E7105D67BF64AF6B436902BE4332033AF0B5A242B206372CB7" />
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1"  FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2"  FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3"  FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4"  FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1"  FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2"  FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3"  FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4"  FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="81.sys Hash Sha1" Hash="05AC1C64CA16AB0517FE85D4499D08199E63DF26"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="b4.sys Hash Sha1" Hash="4BBB9709D5F916FE78EAA15431F622761EFC496F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="bw.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="bwrs.sys Hash Sha1" Hash="3DEBE170B5A113407F9E86EE6ED9AE00C3D82C9F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_18" FriendlyName="bwrsh.sys Hash Sha1" Hash="73857ACDD7D7C9235F3E18C503A27E7C88C5FCB0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_19" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_20" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="A2DA5C397F737FA55D8F93D3CED5EB70AE09801F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_21" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="C58B6EF848CA87AD9EC4368C45C8F1EB7FA6BD16"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_22" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_23" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="1923D1F21FAFFCD7D511E2B313FE9415E6AD90AE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_24" FriendlyName="TGSafe.sys Hash Sha1" Hash="F3E60B7B9C53315D6158F82596919209A00E1CDA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_25" FriendlyName="BlackBoneDrv10.sys Hash Sha1" Hash="AA97BF43E6BAD521F3A3D8081FB350C89382F06F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_26" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="4604A20CAE2DFE42320FE8F6AED000EC204EFA7E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_27" FriendlyName="gameink.sys Hash Sha1" Hash="60A632E4B838731AAD553650D6BC8AF3D3D80B26"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_28" FriendlyName="windows-xp-64.sys Hash Sha1" Hash="03F0DD3124EC3A4BB6D30865A488F54E74DED699"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_29" FriendlyName="windows8-10-32.sys Hash Sha1" Hash="8A50E81D6E6C45410BF13F95B1A67CADA8C82221"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_30" FriendlyName="kbdcap64.sys Hash Sha1" Hash="83660D245FE618ECAFE4900AC1E2AD0292C2DA2A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_31" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="202D5A05E546740037F9A4DC2B21F71680C39D3B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_32" FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_33" FriendlyName="d.sys Hash Sha1" Hash="7C1BA790CA2AA03F30413D02F3A812FCCA1AB29F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_34" FriendlyName="b3.sys Hash Sha1" Hash="969A945C93F54FCBF17548903131D4B86042DF7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_35" FriendlyName="2.sys Hash Sha1" Hash="64309DB7AF8665368636186805745126B8BD5BFE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_36" FriendlyName="b1.sys Hash Sha1" Hash="1F7804D9185B1910C43BD4104D58B96994FF8E49"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_37" FriendlyName="My.sys Hash Sha1" Hash="2A506E2512C9083419B7741B4499E012CDC60204"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_38" FriendlyName="Black.sys Hash Sha1" Hash="1236573A309C4EDB52E050E53E73188183C23E7E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_39" FriendlyName="WYProxy32.sys Hash Sha1" Hash="22C5E127E7E7C567D8624607A6F8F5809DEACB55"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_40" FriendlyName="WYProxy64.sys Hash Sha1" Hash="DC38CC55B84A1A7C0846FB5509B43B4FF97A9BE6"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_41" FriendlyName="Proxy64.sys Hash Sha1" Hash="AA937F73A8AFCDA98E868F4AEEB0EB81A4150075"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_42" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="481488488CF7BB5CD470B62600A3570A1711ABAA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_43" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="C58BEBEF6A92F5A5B37BE0394695E8E18A42867F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_44" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="7AA2C4C51AFC1C82BEAE55AB9CA7BA0BB588B5C0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_45" FriendlyName="ni.sys Hash Sha1" Hash="FD081F7A372B939DB8523E222D118B87450D3D19"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_46" FriendlyName="d4.sys Hash Sha1" Hash="E343AA3981393778F32DF94EFAC90FE35D6933A9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_47" FriendlyName="d2.sys Hash Sha1" Hash="002223FDDC5658EA22B7A8979984A9B54F63B316"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_48" FriendlyName="t.sys Hash Sha1" Hash="1CF3B0A2A0B47477A840ADC2B520401E18AF16D6"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_49" FriendlyName="1.sys Hash Sha1" Hash="F50B475D5FD1ED4F866BF43342676E449F779C67"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_50" FriendlyName="cpupress.sys Hash Sha1" Hash="C4FE0CBB8DA5BF1E02EC6D7A0F97D740955DDD97"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_51" FriendlyName="gameink.sys Hash Sha1" Hash="3AE56AB63230D6D9552360845B4A37B5801CC5EA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_52" FriendlyName="NetFlt.sys Hash Sha1" Hash="B04ECC8DD0D52FE4552D2C4D693D67FAE20C460F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_53" FriendlyName="ProtectS.sys Hash Sha1" Hash="710BBA7C3D6CAC7B62AB05E6B12274D1548985E6"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_54" FriendlyName="ProtectS.sys Hash Sha1" Hash="67650BC9CDF0716BC7B5664723C38FC5327EC662"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_55" FriendlyName="GameTerSafe.sys Hash Sha1" Hash="39F934078A060BAD2D58B5DBA8F8884903D697A7"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_56" FriendlyName="Lurker.sys Hash Sha1" Hash="CEC5447D0529F97C4BF4A012EA58AAB07139FFE0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_57" FriendlyName="TestBone.sys Hash Sha1" Hash="0D523E8B0B96675AC2E5AC0D56C367564B260545"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_58" FriendlyName="Proxy32.sys Hash Sha1" Hash="69D6B4032F1456506382885EBA5B396F1C36841B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_59" FriendlyName="t7.sys Hash Sha1" Hash="738CF0AFB7ECDF35A92667C8802D512A0CAF353C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_60" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_61" FriendlyName="t8.sys Hash Sha1" Hash="D85C6097A2279301222B6A06B93296ACE669A76D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_62" FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_63" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_64" FriendlyName="t3.sys Hash Sha1" Hash="0CE54B617DE11C24670064960B736EF9C47A5F15"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_65" FriendlyName="windows7-32.sys Hash Sha1" Hash="82F8D4BA137FA4B0DA20E8CD1968A7AAEA803DBC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_66" FriendlyName="NetProxyDriver.sys Hash Sha1" Hash="00B4FDC0F7F28DDECD5B4E5880A71E7F08B5F825"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_67" FriendlyName="c.sys Hash Sha1" Hash="3C20BB896FD16B5C698185FB176E820A448997B3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_68" FriendlyName="gameink.sys Hash Sha1" Hash="6A784D45517142C11D5CCA3FF9956B2ED6EAF4C9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_69" FriendlyName="gameink.sys Hash Sha1" Hash="4E5E719362CD48BB323803C1D00AFDE11D4B9D4C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="81.sys Hash Sha256" Hash="B430D3A0BDB837A5D6625D3B1CEF07ABD1953F969869FF6CF7BA398AE605431A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="b4.sys Hash Sha256" Hash="DEC8A933DBA04463ED9BB7D53338FF87F2C23CFB79E0E988449FC631252C9DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="bw.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="bwrs.sys Hash Sha256" Hash="221DFBC74BBB255B0879360CCC71A74B756B2E0F16E9386B38A9CE9D4E2E34F9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_18" FriendlyName="bwrsh.sys Hash Sha256" Hash="37DDE6BD8A7A36111C3AC57E0AC20BBB93CE3374D0852BCACC9A2C8C8C30079E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_19" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_20" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="DDD83AF2E99C2E51F2BBBB5A1FAADF9F2DDBC3E39B086935621D6846A8530D76"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_21" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="E6D0C06DEB74F0448391F2C14A08D5C1B7D263DC444ACC5C1CF57ACFE82DA6BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_22" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_23" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C174566743B47AE3C3BBB9F32D2856DE5959E06EC100B648853058EEFCDA43FA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_24" FriendlyName="TGSafe.sys Hash Sha256" Hash="3A95CC82173032B82A0FFC7D2E438DF64C13BC16B4574214C9FE3BE37250925E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_25" FriendlyName="BlackBoneDrv10.sys Hash Sha256" Hash="0BB5F2EAACD64398A66D73D4617AA0C1209D483FAFCBE99E4E12CA6C024DB2EC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_26" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="13B82D81D6EAC1A8B2E4655504DABECBD70673CDF45C244702A02F3397FDFF9A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_27" FriendlyName="gameink.sys Hash Sha256" Hash="8168304169A2453C0C3E0A285C2A07D3B3B83433E0342F6B33400C371AF86221"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_28" FriendlyName="windows-xp-64.sys Hash Sha256" Hash="DFAEFD06B680F9EA837E7815FC1CC7D1F4CC375641AC850667AB20739F46AD22"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_29" FriendlyName="windows8-10-32.sys Hash Sha256" Hash="5B9623DA9BA8E5C80C49473F40FFE7AD315DCADFFC3230AFDC9D9226D60A715A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_30" FriendlyName="kbdcap64.sys Hash Sha256" Hash="72B99147839BCFB062D29014EC09FE20A8F261748B5925B00171EF3CB849A4C1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_31" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="0391107305D76EB9DDF1A5B3B3C50DA361E8AB35B573DBD19BF9383436B9303E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_32" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_33" FriendlyName="d.sys Hash Sha256" Hash="0289FE12E675101CEE03934C1AF5CB73069A12170A88BD051E31A292B97F701B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_34" FriendlyName="b3.sys Hash Sha256" Hash="708016FBE22C813A251098F8F992B177B476BD1BBC48C2ED4A122FF74910A965"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_35" FriendlyName="2.sys Hash Sha256" Hash="9385E4CDABD0AEE2670FB756598EA977161F45B71687ECB9E43533081629F661"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_36" FriendlyName="b1.sys Hash Sha256" Hash="A3E507E713F11901017FC328186AE98E23DE7CEA5594687480229F77D45848D8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_37" FriendlyName="My.sys Hash Sha256" Hash="D25904FBF907E19F366D54962FF543D9F53B8FDFD2416C8B9796B6A8DD430E26"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_38" FriendlyName="Black.sys Hash Sha256" Hash="D5562FB90B0B3DEB633AB335BCBD82CE10953466A428B3F27CB5B226B453EAF3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_39" FriendlyName="WYProxy32.sys Hash Sha256" Hash="DE6BF572D39E2611773E7A01F0388F84FB25DA6CBA2F1F8B9B36FFBA467DE6FA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_40" FriendlyName="WYProxy64.sys Hash Sha256" Hash="FAFA1BB36F0AC34B762A10E9F327DCAB2152A6D0B16A19697362D49A31E7F566"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_41" FriendlyName="Proxy64.sys Hash Sha256" Hash="C60FCFF9C8E5243BBB22EC94618B9DCB02C59BB49B90C04D7D6AB3EBBD58DC3A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_42" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="BFCFFC82A564A2ADCD3522CD78CDF83795B6212F787230A5EA6B7EFB9F232784"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_43" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="350E15BF24DCFDC052DB117718329A03E930C17AC8C835E51D001E74BAD784E4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_44" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="DF4E25990742FC8D3AED70F6CB4D402E111E7ED08FA5F76ACA685B8C03B98B93"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_45" FriendlyName="ni.sys Hash Sha256" Hash="AE79E760C739D6214C1E314728A78A6CB6060CCE206FDE2440A69735D639A0A2"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_46" FriendlyName="d4.sys Hash Sha256" Hash="823DA894B2C73FFCD39E77366B6F1ABF0AE9604D9B20140A54E6D55053AADEBA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_47" FriendlyName="d2.sys Hash Sha256" Hash="CB57F3A7FE9E1F8E63332C563B0A319B26C944BE839EABC03E9A3277756BA612"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_48" FriendlyName="t.sys Hash Sha256" Hash="146D77E80CA70EA5CB17BFC9A5CEA92334F809CBDC87A51C2D10B8579A4B9C88"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_49" FriendlyName="1.sys Hash Sha256" Hash="64F9E664BC6D4B8F5F68616DD50AE819C3E60452EFD5E589D6604B9356841B57"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_50" FriendlyName="cpupress.sys Hash Sha256" Hash="FCDFE570E6DC6E768EF75138033D9961F78045ADCA53BEB6FDB520F6417E0DF1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_51" FriendlyName="gameink.sys Hash Sha256" Hash="E9B433A33DC72EB2622947B41F01D04A48CD71BEAC775A88F3F1E4C838090EE8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_52" FriendlyName="NetFlt.sys Hash Sha256" Hash="F8886A9C759E0426E08D55E410B02C5B05AF3C287B15970175E4874316FFAF13"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_53" FriendlyName="ProtectS.sys Hash Sha256" Hash="9D58F640C7295952B71BDCB456CAE37213BACCDCD3032C1E3AEB54E79081F395"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_54" FriendlyName="ProtectS.sys Hash Sha256" Hash="4A9093E8DBCB867E1B97A0A67CE99A8511900658F5201C34FFB8035881F2DBBE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_55" FriendlyName="GameTerSafe.sys Hash Sha256" Hash="3E9B62D2EA2BE50A2DA670746C4DBE807DB9601980AF3A1014BCD72D0248D84C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_56" FriendlyName="Lurker.sys Hash Sha256" Hash="0FD2DF82341BF5EBB8A53682E60D08978100C01ACB0BED7B6CE2876ADA80F670"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_57" FriendlyName="TestBone.sys Hash Sha256" Hash="0DE4247E72D378713BCF22D5C5D3874D079203BB4364E25F67A90D5570BDCCE8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_58" FriendlyName="Proxy32.sys Hash Sha256" Hash="49ED27460730B62403C1D2E4930573121AB0C86C442854BC0A62415CA445A810"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_59" FriendlyName="t7.sys Hash Sha256" Hash="BE03E9541F56AC6ED1E81407DCD7CC85C0FFC538C3C2C2C8A9C747EDBCF13100"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_60" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_61" FriendlyName="t8.sys Hash Sha256" Hash="258359A7FA3D975620C9810DAB3A6493972876A024135FEAF3AC8482179B2E79"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_62" FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_63" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_64" FriendlyName="t3.sys Hash Sha256" Hash="4CFF6E53430B81ECC4FAE453E59A0353BCFE73DD5780ABFC35F299C16A97998E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_65" FriendlyName="windows7-32.sys Hash Sha256" Hash="4941C4298F4560FC1E59D0F16F84BAB5C060793700B82BE2FD7C63735F1657A8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_66" FriendlyName="NetProxyDriver.sys Hash Sha256" Hash="8111085022BDA87E5F6AA4C195E743CC6DD6A3A6D41ADD475D267DC6B105A69F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_67" FriendlyName="c.sys Hash Sha256" Hash="CC383AD11E9D06047A1558ED343F389492DA3AC2B84B71462AEE502A2FA616C8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_68" FriendlyName="gameink.sys Hash Sha256" Hash="E94E8A87459DB56837D1C58F9854794AA99F36566A9DED9B398BE9D4D3A2C2AF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_69" FriendlyName="gameink.sys Hash Sha256" Hash="44A0599DEFEA351314663582DBC61069B3A095A4DDAD571BB17DD0D8B21E7FF2"/>
+    <Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" />
+    <Deny ID="ID_DENY_AMP" FriendlyName="System Mechanic CVE-2018-5701" FileName="amp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="5.4.11.1" />
+    <Deny ID="ID_DENY_ASMMAP" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_ASMMAP_64" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
     <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
     <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
@@ -174,22 +322,22 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" FriendlyName="" FileName="rtkiow8x64.sys " MinimumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
     <FileAttrib ID="ID_FILEATTRIB_BS_HWMIO64" FriendlyName="" FileName="BS_HWMIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2200" />
-    <FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys"  MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
-    <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys"  MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
-    <FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS"  MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
+    <FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
     <FileAttrib ID="ID_FILEATTRIB_SEGWINDRVX64" FriendlyName="segwindrvx64.sys FileAttribute" FileName="segwindrvx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="100.0.7.2" />
+    <FileAttrib ID="ID_FILEATTRIB_AMD_RYZEN" FriendlyName="amdryzenmaster.sys" FileName="AMDRyzenMasterDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.5.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_TREND_MICRO" FriendlyName="TmComm.sys" FileName="TmComm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_VIRAGT" FriendlyName="viragt.sys 32-bit" FileName="viragt.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.80.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_VIRAGT64" FriendlyName="viragt64.sys" FileName="viragt64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.11" />
   </FileRules>
   <!--Signers-->
   <Signers>
-     <Signer ID="ID_SIGNER_F_1" Name="VeriSign Class 3 Code Signing 2010 CA">
+    <Signer ID="ID_SIGNER_F_1" Name="VeriSign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
       <CertPublisher Value="CPUID" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
-    </Signer>
-    <Signer ID="ID_SIGNER_F_2" Name="Microsoft Windows Third Party Component CA 2014">
-      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
-      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
     </Signer>
     <Signer ID="ID_SIGNER_CPUZ" Name="DigiCert EV Code Signing CA (SHA2)">
       <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
@@ -225,7 +373,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
       <CertPublisher Value="Sokno S.R.L." />
     </Signer>
-      <Signer ID="ID_SIGNER_RWEVERY" Name="GlobalSign CodeSigning CA - G2">
+    <Signer ID="ID_SIGNER_RWEVERY" Name="GlobalSign CodeSigning CA - G2">
       <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
       <CertPublisher Value="ChongKim Chan" />
     </Signer>
@@ -247,17 +395,26 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
     </Signer>
+    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2012" Name="Microsoft Windows Third Party Component CA 2012">
+      <CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
+      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+    </Signer>
     <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2014" Name="Microsoft Windows Third Party Component CA 2014">
       <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
       <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
     </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
       <CertPublisher Value="Mitac Technology Corporation" />
       <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
-      </Signer>
+    </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
       <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
       <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
@@ -288,6 +445,42 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <CertPublisher Value="Insyde Software Corp." />
       <FileAttribRef RuleID="ID_FILEATTRIB_SEGWINDRVX64" />
     </Signer>
+    <Signer ID="ID_SIGNER_SYMANTEC_CLASS_3" Name="Symantec Class 3 SHA256 Code Signing CA">
+      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
+      <CertPublisher Value="Advanced Micro Devices INC." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_TG_SOFT" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="TG Soft S.a.s. Di Tonello Gianfranco e C." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_TG_SOFT" Name="GlobalSign CodeSigning CA - G3">
+      <CertRoot Type="TBS" Value="F478F0E790D5C8EC6056A3AB2567404A991D2837" />
+      <CertPublisher Value="TG Soft di Tonello Gianfranco ed Enrico S.r.l." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2009" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
+      <CertRoot Type="TBS" Value="d70edfa009a76bd8250d74e9ee92eb9ead7d4cb3" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2010" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
+      <CertRoot Type="TBS" Value="e5ba2abbd1dc89f143a66a3cdcda26d968758e2d" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HANDAN" Name="Handan City Congtai District LiKang  Daily Goods Department">
+      <CertRoot Type="TBS" Value="cccae21fbc083f5d1af6997bb3f29ed9915e7324" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NANJING" Name="Nanjing Zhixiao Information Technology Co.,Ltd">
+      <CertRoot Type="TBS" Value="f5e1c4d98f9ce552ead3776c16f3ad91fe5f3984" />
+    </Signer>
+    <Signer ID="ID_SIGNER_TRUST_ASIA" Name="上海域联软件技术有限公司">
+      <CertRoot Type="TBS" Value="232a71b4d1734eac2cfc6ea554c86de34f9f8b72" />
+    </Signer>
+    <Signer ID="ID_SIGNER_JEROMIN_CODY_ERIC" Name="Jeromin Cody Eric">
+      <CertRoot Type="TBS" Value="dfa6171201b51a2ec174310e8fb9f4c0fde2d365235e589ded0213c5279bea6e" />
+    </Signer>
   </Signers>
   <!--Driver Signing Scenarios-->
   <SigningScenarios>
@@ -304,10 +497,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <DeniedSigner SignerId="ID_SIGNER_CPUZ" />
           <DeniedSigner SignerId="ID_SIGNER_ELBY" />
           <DeniedSigner SignerId="ID_SIGNER_F_1" />
-          <DeniedSigner SignerId="ID_SIGNER_F_2" />
           <DeniedSigner SignerId="ID_SIGNER_REALTEK" />
           <DeniedSigner SignerId="ID_SIGNER_REALTEK_2" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004" />
+          <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2012" />
           <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2014" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_BIOSTAR" />
@@ -315,118 +508,273 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TOSHIBA" />
           <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_MICROSTAR" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_INSYDE" />
+          <DeniedSigner SignerId="ID_SIGNER_SYMANTEC_CLASS_3" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TG_SOFT" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_TG_SOFT" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2009" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
+          <DeniedSigner SignerId="ID_SIGNER_HANDAN" />
+          <DeniedSigner SignerId="ID_SIGNER_NANJING" />
+          <DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
+          <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
         </DeniedSigners>
         <FileRulesRef>        
-            <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_GDRV" />
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256C"/>
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1F" />
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1"/>
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256"/>
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GDRV" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256C" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1F" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_38"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_39"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_40"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_41"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_42"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_43"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_44"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_45"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_46"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_47"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_48"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_49"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_50"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_51"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_52"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_53"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_54"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_55"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_56"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_57"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_58"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_59"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_60"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_61"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_62"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_63"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_64"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_65"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_66"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_67"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_68"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_69"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_38"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_39"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_40"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_41"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_42"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_43"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_44"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_45"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_46"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_47"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_48"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_49"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_50"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_51"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_52"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_53"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_54"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_55"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_56"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_57"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_58"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_59"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_60"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_61"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_62"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_63"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_64"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_65"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_66"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_67"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_68"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_69"/>
+          <FileRuleRef RuleID="ID_DENY_PROCESSHACKER"/>
+          <FileRuleRef RuleID="ID_DENY_AMP"/>
+          <FileRuleRef RuleID="ID_DENY_ASMMAP"/>
+          <FileRuleRef RuleID="ID_DENY_ASMMAP_64"/>
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>
     <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="">
       <ProductSigners>
-        <FileRulesRef>
-        </FileRulesRef>
       </ProductSigners>
     </SigningScenario>
   </SigningScenarios>
@@ -441,7 +789,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Setting>
     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
       <Value>
-        <String>10.0.19565.0</String>
+        <String>10.0.22417.0</String>
       </Value>
     </Setting>
   </Settings>

From 8fc109633f3cd9c169ce109940b520df8101632c Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Thu, 30 Sep 2021 09:39:22 -0700
Subject: [PATCH 2/9] Microsoft criteria for driver blocks have been updated.
 WDSI driver submission page is now linked too.

---
 .../microsoft-recommended-driver-block-rules.md       | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index c749cb9925..f99fbc4154 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -33,10 +33,15 @@ Microsoft has strict requirements for code running in kernel. So, malicious acto
 - Hypervisor-protected code integrity (HVCI) enabled devices
 - Windows 10 in S mode (S mode) devices
 
-Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
+The vulnerable driver blocklist is designed to harden systems against 3rd party-developed drivers across the Windows ecosystem with any of the following: 
 
-> [!Note]
-> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It's recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. 
+- Known security vulnerabilities which can be exploited by attackers to elevate privileges in the Windows kernel
+- Malicious behaviors (i.e. malware) or certificates used to sign malware
+- Behaviors which are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
+
+Drivers can be submitted by IHVs, OEMs and Windows customers to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/wdsi/driversubmission).
+
+Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>

From 88ae0df07a1411380e2ccbaa3cac9b949b9a790d Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Thu, 30 Sep 2021 10:00:45 -0700
Subject: [PATCH 3/9] Fixed broken link by hardcoding locale

---
 .../microsoft-recommended-driver-block-rules.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index f99fbc4154..f88525d4c9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -39,7 +39,7 @@ The vulnerable driver blocklist is designed to harden systems against 3rd party-
 - Malicious behaviors (i.e. malware) or certificates used to sign malware
 - Behaviors which are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
 
-Drivers can be submitted by IHVs, OEMs and Windows customers to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/wdsi/driversubmission).
+Drivers can be submitted by IHVs, OEMs and Windows customers to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission).
 
 Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
 

From 230d4b44eb56335887421d9e12b684638e3de12f Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Thu, 30 Sep 2021 10:45:11 -0700
Subject: [PATCH 4/9] Added info about disputing blocks and addressed Acrolinx
 issues

---
 .../microsoft-recommended-driver-block-rules.md    | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index f88525d4c9..2339453f16 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -28,20 +28,20 @@ ms.date:
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
+Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're quickly patched and rolled out to the ecosystem. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
 
 - Hypervisor-protected code integrity (HVCI) enabled devices
 - Windows 10 in S mode (S mode) devices
 
-The vulnerable driver blocklist is designed to harden systems against 3rd party-developed drivers across the Windows ecosystem with any of the following: 
+The vulnerable driver blocklist is designed to harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes: 
 
-- Known security vulnerabilities which can be exploited by attackers to elevate privileges in the Windows kernel
-- Malicious behaviors (i.e. malware) or certificates used to sign malware
-- Behaviors which are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
+- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
+- Malicious behaviors (malware) or certificates used to sign malware
+- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
 
-Drivers can be submitted by IHVs, OEMs and Windows customers to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission).
+Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To dispute a block or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/en-us/wdsi) or submit feedback on this article. 
 
-Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
+Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>

From d8ec34075d74d4890aaa77e848304ba61d9f5c7b Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Thu, 30 Sep 2021 10:50:33 -0700
Subject: [PATCH 5/9] Update microsoft-recommended-driver-block-rules.md

---
 .../microsoft-recommended-driver-block-rules.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 2339453f16..886064a829 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -39,7 +39,7 @@ The vulnerable driver blocklist is designed to harden systems against third part
 - Malicious behaviors (malware) or certificates used to sign malware
 - Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
 
-Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To dispute a block or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/en-us/wdsi) or submit feedback on this article. 
+Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/en-us/wdsi) or submit feedback on this article. 
 
 Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
 

From e760c0de5198708ca8b71ac48619505e25e41549 Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Thu, 30 Sep 2021 10:55:11 -0700
Subject: [PATCH 6/9] removed en-us locale from wdsi link

---
 .../microsoft-recommended-driver-block-rules.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 886064a829..3d1e37428f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -39,7 +39,7 @@ The vulnerable driver blocklist is designed to harden systems against third part
 - Malicious behaviors (malware) or certificates used to sign malware
 - Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
 
-Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/en-us/wdsi) or submit feedback on this article. 
+Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi) or submit feedback on this article. 
 
 Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
 

From fc5a66769dab066abc546662636d99cedc4ba497 Mon Sep 17 00:00:00 2001
From: David Bradette <87823519+DavidBradette@users.noreply.github.com>
Date: Thu, 30 Sep 2021 15:33:53 -0600
Subject: [PATCH 7/9] Update windows-11.md

Update to document to reflect the October 5th, 2021 release date.
---
 windows/whats-new/windows-11.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11.md b/windows/whats-new/windows-11.md
index 77e2fa58a9..5780f4ac8f 100644
--- a/windows/whats-new/windows-11.md
+++ b/windows/whats-new/windows-11.md
@@ -37,7 +37,7 @@ Windows 11 is built on the same foundation as Windows 10, so the investments you
 
 ## How to get Windows 11
 
-Windows 11 will be delivered as an upgrade to eligible devices running Windows 10, beginning later in the 2021 calendar year. Windows 11 will also be available on eligible new devices.
+Windows 11 will be delivered as an upgrade to eligible devices running Windows 10, beginning on October 5th, 2021. Windows 11 will also be available on eligible new devices.
 
 For administrators managing devices on behalf of their organization, Windows 11 will be available through the same, familiar channels that you use today for Windows 10 feature updates. You will be able to use existing deployment and management tools, such as Windows Update for Business, Microsoft Endpoint Manager, and Windows Autopilot. For more information, see [Plan for Windows 11](windows-11-plan.md).
 

From ed5fbc90447f8c980e12e70b50138548d6bd64e3 Mon Sep 17 00:00:00 2001
From: David Bradette <87823519+DavidBradette@users.noreply.github.com>
Date: Fri, 1 Oct 2021 06:44:33 -0600
Subject: [PATCH 8/9] Update windows/whats-new/windows-11.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/whats-new/windows-11.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11.md b/windows/whats-new/windows-11.md
index 5780f4ac8f..e41a2d7303 100644
--- a/windows/whats-new/windows-11.md
+++ b/windows/whats-new/windows-11.md
@@ -37,7 +37,7 @@ Windows 11 is built on the same foundation as Windows 10, so the investments you
 
 ## How to get Windows 11
 
-Windows 11 will be delivered as an upgrade to eligible devices running Windows 10, beginning on October 5th, 2021. Windows 11 will also be available on eligible new devices.
+Windows 11 will be delivered as an upgrade to eligible devices running Windows 10, beginning on October 5, 2021. Windows 11 will also be available on eligible new devices.
 
 For administrators managing devices on behalf of their organization, Windows 11 will be available through the same, familiar channels that you use today for Windows 10 feature updates. You will be able to use existing deployment and management tools, such as Windows Update for Business, Microsoft Endpoint Manager, and Windows Autopilot. For more information, see [Plan for Windows 11](windows-11-plan.md).
 

From 62161ac658eed9a50b620d38f4ab29922ef73c69 Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Fri, 1 Oct 2021 10:42:43 -0700
Subject: [PATCH 9/9] Added "help" harden systems

---
 .../microsoft-recommended-driver-block-rules.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 3d1e37428f..4e5251d27d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -33,7 +33,7 @@ Microsoft has strict requirements for code running in kernel. So, malicious acto
 - Hypervisor-protected code integrity (HVCI) enabled devices
 - Windows 10 in S mode (S mode) devices
 
-The vulnerable driver blocklist is designed to harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes: 
+The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes: 
 
 - Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
 - Malicious behaviors (malware) or certificates used to sign malware