diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index 9e0d1732bd..edca458380 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -1,64 +1,76 @@
 ---
-title: Administrative Tools in Windows 
-description: Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users.
-ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8
-ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+title: Windows Tools/Administrative Tools
+description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: aczechowski
+ms.author: aaroncz
+manager: dougeby
 ms.localizationpriority: medium
-ms.date: 09/20/2021
+ms.date: 03/28/2022
 ms.topic: article
 ms.collection: highpri
 ---
 
-# Administrative Tools in Windows
-
+# Windows Tools/Administrative Tools
 
 **Applies to**
--  Windows 10
--  Windows 11
 
+- Windows 11
+- Windows 10
 
-Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users. 
+**Windows Tools** is a folder in the Windows 11 Control Panel. **Administrative Tools** is a folder in the Windows 10 Control Panel. These folders contain tools for system administrators and advanced users.
 
-![Screenshot of Control Panel.](images/admin-tools.png)
+## Windows Tools folder (Windows 11)
 
-The tools in the folder might vary depending on which edition of Windows you are using. 
+The following graphic shows the **Windows Tools** folder in Windows 11:
 
-![Screenshot of folder of admin tools.](images/admin-tools-folder.png)
+:::image type="content" source="media/win11-control-panel-windows-tools.png" alt-text="Screenshot of the Control Panel in Windows 11, highlighting the Administrative Tools folder." lightbox="media/win11-control-panel-windows-tools.png":::
 
-These tools were included in previous versions of Windows. The associated documentation for each tool should help you use these tools in Windows. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders.
+The tools in the folder might vary depending on which edition of Windows you use.
 
- 
+:::image type="content" source="media/win11-windows-tools.png" alt-text="Screenshot of the contents of the Windows Tools folder in Windows 11." lightbox="media/win11-windows-tools.png":::
 
--   [Component Services]( https://go.microsoft.com/fwlink/p/?LinkId=708489)
--   [Computer Management](https://support.microsoft.com/kb/308423)
--   [Defragment and Optimize Drives](https://go.microsoft.com/fwlink/p/?LinkId=708488)
--   [Disk Cleanup](https://go.microsoft.com/fwlink/p/?LinkID=698648)
--   [Event Viewer](/previous-versions/windows/it-pro/windows-2000-server/cc938674(v=technet.10))
--   [iSCSI Initiator](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee338476(v=ws.10))
--   [Local Security Policy](/previous-versions/tn-archive/dd277395(v=technet.10))
--   [ODBC Data Sources]( https://go.microsoft.com/fwlink/p/?LinkId=708494)
--   [Performance Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc749115(v=ws.11))
--   [Print Management](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731857(v=ws.11))
--   [Recovery Drive](https://support.microsoft.com/help/4026852/windows-create-a-recovery-drive)
--   [Registry Editor](/windows/win32/sysinfo/registry)
--   [Resource Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd883276(v=ws.10))
--   [Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772408(v=ws.11))
--   [System Configuration](https://go.microsoft.com/fwlink/p/?LinkId=708499)
--   [System Information]( https://go.microsoft.com/fwlink/p/?LinkId=708500)
--   [Task Scheduler](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766428(v=ws.11))
--   [Windows Firewall with Advanced Security](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754274(v=ws.11))
--   [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507)
+## Administrative Tools folder (Windows 10)
+
+The following graphic shows the **Administrative Tools** folder in Windows 10:
+
+![Screenshot of the Control Panel in Windows 10, highlighting the Administrative Tools folder.](images/admin-tools.png)
+
+The tools in the folder might vary depending on which edition of Windows you use.
+
+![Screenshot of the contents of the Administrative Tools folder in Windows 10.](images/admin-tools-folder.png)
+
+## Tools
+
+The tools are located in the folder `C:\Windows\System32\` or its subfolders.
+
+These tools were included in previous versions of Windows. The associated documentation for each tool can help you use them. The following list provides links to documentation for each tool.
+
+- [Component Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731901(v=ws.11))
+- [Computer Management](https://support.microsoft.com/topic/how-to-use-computer-management-in-windows-xp-d5872f93-4498-f4dd-3a34-36d6f569924f)
+- [Defragment and Optimize Drives](https://support.microsoft.com/windows/ways-to-improve-your-computer-s-performance-c6018c78-0edd-a71a-7040-02267d68ea90)
+- [Disk Cleanup](https://support.microsoft.com/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68)
+- [Event Viewer](/previous-versions/windows/it-pro/windows-2000-server/cc938674(v=technet.10))
+- [iSCSI Initiator](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee338476(v=ws.10))
+- [Local Security Policy](/previous-versions/tn-archive/dd277395(v=technet.10))
+- [ODBC Data Sources](/sql/odbc/admin/odbc-data-source-administrator)
+- [Performance Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc749115(v=ws.11))
+- [Print Management](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731857(v=ws.11))
+- [Recovery Drive](https://support.microsoft.com/windows/create-a-recovery-drive-abb4691b-5324-6d4a-8766-73fab304c246)
+- [Registry Editor](/windows/win32/sysinfo/registry)
+- [Resource Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd883276(v=ws.10))
+- [Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772408(v=ws.11))
+- [System Configuration](/troubleshoot/windows-client/performance/system-configuration-utility-troubleshoot-configuration-errors)
+- [System Information](/previous-versions/windows/it-pro/windows-2000-server/cc957818(v=technet.10))
+- [Task Scheduler](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766428(v=ws.11))
+- [Windows Firewall with Advanced Security](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754274(v=ws.11))
+- [Windows Memory Diagnostic](/previous-versions/technet-magazine/cc745953(v=msdn.10))
 
 > [!TIP]
-> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** page. Details about the information you want for a tool will help us plan future content. 
+> If the linked content in this list doesn't provide the information you need to use that tool, send feedback with the **This page** link in the **Feedback** section at the bottom of this article.
 
 ## Related topics
 
-[Diagnostic Data Viewer](/windows/privacy/diagnostic-data-viewer-overview)
-
+[Diagnostic data viewer](/windows/privacy/diagnostic-data-viewer-overview)
diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml
index 98dca1c8af..2bb8db6fd8 100644
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@@ -16,7 +16,7 @@ metadata:
   author: aczechowski
   ms.author: aaroncz
   manager: dougeby
-  ms.date: 08/05/2021 #Required; mm/dd/yyyy format.
+  ms.date: 03/28/2022 #Required; mm/dd/yyyy format.
   localization_priority: medium
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -29,7 +29,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-          - text: Administrative Tools in Windows 10
+          - text: Windows Tools/Administrative Tools
             url: administrative-tools-in-windows-10.md
           - text: Create mandatory user profiles
             url: mandatory-user-profile.md
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 64815bafdc..77b5ec67b9 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 03/25/2022
 ms.reviewer: 
 manager: dansimp
 ---
@@ -128,6 +128,8 @@ The following list shows the supported values:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -183,6 +185,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -241,6 +245,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -299,6 +305,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -357,6 +365,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -421,6 +431,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
diff --git a/windows/client-management/media/win11-control-panel-windows-tools.png b/windows/client-management/media/win11-control-panel-windows-tools.png
new file mode 100644
index 0000000000..4ecb8dcdf2
Binary files /dev/null and b/windows/client-management/media/win11-control-panel-windows-tools.png differ
diff --git a/windows/client-management/media/win11-windows-tools.png b/windows/client-management/media/win11-windows-tools.png
new file mode 100644
index 0000000000..d9a302340c
Binary files /dev/null and b/windows/client-management/media/win11-windows-tools.png differ
diff --git a/windows/client-management/toc.yml b/windows/client-management/toc.yml
index faba5b0483..92e5722e04 100644
--- a/windows/client-management/toc.yml
+++ b/windows/client-management/toc.yml
@@ -4,7 +4,7 @@ items:
   items: 
     - name: Client management tools and settings
       items:
-        - name: Administrative Tools in Windows 10
+        - name: Windows Tools/Administrative Tools
           href: administrative-tools-in-windows-10.md
         - name: Use Quick Assist to help users
           href: quick-assist.md
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index 71203dab84..9575553088 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -16,8 +16,7 @@ ms.technology: windows-sec
 
 # 4741(S): A computer account was created.
 
-
-<img src="images/event-4741.png" alt="Event 4741 illustration" width="449" height="837" hspace="10" align="left" />
+![Event 4741 illustration](images/event-4741.png)
 
 ***Subcategory:***&nbsp;[Audit Computer Account Management](audit-computer-account-management.md)
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index 383ac38442..53aae67283 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -104,10 +104,10 @@
     - name: Windows Defender Application Control operational guide
       href: windows-defender-application-control-operational-guide.md
       items: 
-        - name: Understanding Application Control event IDs
-          href: event-id-explanations.md
         - name: Understanding Application Control event tags
           href: event-tag-explanations.md
+        - name: Understanding Application Control event IDs
+          href: event-id-explanations.md
         - name: Query WDAC events with Advanced hunting
           href: querying-application-control-events-centrally-using-advanced-hunting.md
         - name: Known Issues
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index 402cadf606..557e9d9716 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -87,7 +87,29 @@ reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x
 
 ## Event ID 3099 Options
 
-The WDAC policy rule-option values can be derived from the "Options" field in the Details section of the Code integrity 3099 event. To parse the values, first convert the hex value to binary. Next, use the bit addresses and their values from the table below to determine the state of each [policy rule-option](/select-types-of-rules-to-create#table-1-windows-defender-application-control-policy---rule-options).
+The WDAC policy rule-option values can be derived from the "Options" field in the Details section of the Code integrity 3099 event. To parse the values, first convert the hex value to binary. To derive and parse these values, follow the below workflow.
+
+- Access Event Viewer.
+- Access the Code integrity 3099 event.
+- Access the details pane.
+- Identify the hex code listed in the “Options” field.
+- Convert the hex code to binary
+
+:::image type="content" source="images/event-3099-options.png" alt-text="Event 3099 Policy Rule Options":::
+
+For a simple solution for converting hex to binary, follow these steps.
+- Open the Calculator app
+- Click on the menu icon :::image type="content" source="images/calculator-menu-icon.png" alt-text="calculator menu icon example":::
+- Click Programmer mode
+- Click HEX  :::image type="content" source="images/hex-icon.png" alt-text="HEX icon example":::
+- Enter your hex code
+- Click Bit Toggling Keyboard :::image type="content" source="images/bit-toggling-keyboard-icon.png" alt-text="Bit Toggling Keyboard icon example":::
+
+:::image type="content" source="images/calculator-with-hex-in-binary.png" alt-text="An example of the calculator app in programmer mode, with a hex code converted into binary":::
+
+This view will provide the hex code in binary form, with each bit address shown separately.  The bit addresses start at 0 in the bottom right.  Each bit address correlates to a specific event policy-rule option.  If the bit address holds a value of 1, the setting is in the policy.
+
+Next, use the bit addresses and their values from the table below to determine the state of each [policy rule-option](/select-types-of-rules-to-create#table-1-windows-defender-application-control-policy---rule-options). For example, if the bit address of 16 holds a value of 1, then the “Enabled:Audit Mode (Default)” is in the policy meaning the policy is in audit mode.
 
 | Bit Address | Policy Rule Option |
 |-------|------|
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/bin-icon.png b/windows/security/threat-protection/windows-defender-application-control/images/bin-icon.png
new file mode 100644
index 0000000000..dac1240786
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-control/images/bin-icon.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/bit-toggling-keyboard-icon.png b/windows/security/threat-protection/windows-defender-application-control/images/bit-toggling-keyboard-icon.png
new file mode 100644
index 0000000000..2c042f00e5
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-control/images/bit-toggling-keyboard-icon.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/calculator-menu-icon.png b/windows/security/threat-protection/windows-defender-application-control/images/calculator-menu-icon.png
new file mode 100644
index 0000000000..268e4880fc
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-control/images/calculator-menu-icon.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/calculator-with-hex-in-binary.png b/windows/security/threat-protection/windows-defender-application-control/images/calculator-with-hex-in-binary.png
new file mode 100644
index 0000000000..67bc15e949
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-control/images/calculator-with-hex-in-binary.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3099-options.png b/windows/security/threat-protection/windows-defender-application-control/images/event-3099-options.png
new file mode 100644
index 0000000000..ee3080bdd9
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-control/images/event-3099-options.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/hex-icon.png b/windows/security/threat-protection/windows-defender-application-control/images/hex-icon.png
new file mode 100644
index 0000000000..034a9d8d5c
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-control/images/hex-icon.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index ddc5e3e2fe..1d88193ede 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -14,7 +14,6 @@ author: jgeurten
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 
 ---
 
 # Microsoft recommended driver block rules
@@ -46,7 +45,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
-  <VersionEx>10.0.25070.0</VersionEx>
+  <VersionEx>10.0.25090.0</VersionEx>
   <PolicyTypeID>{D2BDA982-CCF6-4344-AC5B-0B44427B6816}</PolicyTypeID>
   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   <Rules>
@@ -389,7 +388,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_RETLIFTEN_SHA256_70" FriendlyName="b.sys Hash Sha256" Hash="84DF20B1D9D87E305C92E5FFAE21B10B325609D59D835A954DBD8750EF5DABF4"/>
     <Deny ID="ID_DENY_RETLIFTEN_SHA256_71" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
     <Deny ID="ID_DENY_RETLIFTEN_SHA256_72" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
-    <Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" />
+    <Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.65535.65535" />
     <Deny ID="ID_DENY_AMP" FriendlyName="System Mechanic CVE-2018-5701" FileName="amp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="5.4.11.1" />
     <Deny ID="ID_DENY_ASMMAP" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_ASMMAP_64" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
@@ -422,6 +421,8 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" FriendlyName="" FileName="rtkiow8x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" FriendlyName="" FileName="rtkiow10x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_RWDRV_DRIVER" FriendlyName="" FileName="RwDrv.sys" MinimumFileVersion="65535.65535.65535.65535" />
+	<FileAttrib ID="ID_FILEATTRIB_SANDBOX_1" FriendlyName="Agnitum sandbox FileAttribute" FileName="sandbox.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_SANDBOX_2" FriendlyName="Agnitum SandBox FileAttribute" FileName="SandBox.sys"  MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_SANDRA" FriendlyName="" FileName="SANDRA" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_SANDRA_DRIVER" FriendlyName="" FileName="sandra.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_SEGWINDRVX64" FriendlyName="segwindrvx64.sys FileAttribute" FileName="segwindrvx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="100.0.7.2" />
@@ -700,6 +701,26 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <CertRoot Type="TBS" Value="13BAA039635F1C5292A8C2F36AAE7E1D25C025202E9092F5B0F53F5F752DFA9C71B3D1B8D9A6358FCEE6EC75622FABF9" />
       <CertPublisher Value="Advanced Micro Devices Inc." />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+    </Signer>
+	<Signer ID="ID_SIGNER_AGNITUM_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="Agnitum Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDBOX_2" />
+    </Signer>
+	<Signer ID="ID_SIGNER_AGNITUM_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <CertPublisher Value="Agnitum Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDBOX_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_AGNITUM_2010" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Agnitum Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDBOX_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_AGNITUM_2010_1" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
+      <CertPublisher Value="Agnitum Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDBOX_1" />
     </Signer>
     <Signer ID="ID_SIGNER_GEOTRUST_SRL_2009" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
       <CertRoot Type="TBS" Value="d70edfa009a76bd8250d74e9ee92eb9ead7d4cb3" />
@@ -721,12 +742,31 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Signer>
 	<Signer ID="ID_SIGNER_SAASAME" Name="SaaSaMe Ltd.">
       <CertRoot Type="TBS" Value="A86DE66D8198E4272859881476A6F9936034A482" />
+    </Signer>
+	<Signer ID="ID_SIGNER_NVIDIA_2007" Name="Leaked 2007 NVIDIA Corporation Verisign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="80854F578E2A3B5552EA839BA4F98DDFE94B2381" />
     </Signer>
 	<Signer ID="ID_SIGNER_NVIDIA_2011" Name="Leaked 2011 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="15C37DBEBE6FCC77108E3D7AD982676D3D5E77F7" />
     </Signer>
 	<Signer ID="ID_SIGNER_NVIDIA_2015" Name="Leaked 2015 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="F049A238763D4A90B148AB10A500F96EBF1DC436" />
+    </Signer>
+	<Signer ID="ID_SIGNER_HERMETICWIPER_1" Name="DigiCert Assured ID Code Signing CA-1">
+      <CertRoot Type="TBS" Value="47F4B9898631773231B32844EC0D49990AC4EB1E" />
+      <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_HERMETICWIPER_2" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
+      <CertPublisher Value="Chengdu Yiwo Tech Development Co., Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_HERMETICWIPER_3" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_HERMETICWIPER_4" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
     </Signer>
   </Signers>
   <!--Driver Signing Scenarios-->
@@ -734,6 +774,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DENIED_VULN_MAL_SIGNERS" FriendlyName="Signers of known vulnerable or malicious drivers">
       <ProductSigners>
         <DeniedSigners>
+		  <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2004" />
+		  <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2009" />
+		  <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2010" />
+		  <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2010_1" />
           <DeniedSigner SignerId="ID_SIGNER_AMDPP" />
           <DeniedSigner SignerId="ID_SIGNER_CAPCOM" />
           <DeniedSigner SignerId="ID_SIGNER_CHEAT_ENGINE" /> 
@@ -750,6 +794,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
           <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_TG_SOFT" />
           <DeniedSigner SignerId="ID_SIGNER_HANDAN" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_1" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_2" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_3" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_4" />
           <DeniedSigner SignerId="ID_SIGNER_HP" /> 
           <DeniedSigner SignerId="ID_SIGNER_INTEL_IQVW" />
           <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
@@ -757,6 +805,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" />
           <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_USER" />
           <DeniedSigner SignerId="ID_SIGNER_NANJING" />
+		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2007" />
 		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2011" />
 		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2015" />
           <DeniedSigner SignerId="ID_SIGNER_PHYSMEM" />
@@ -1143,7 +1192,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Setting>
     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
       <Value>
-        <String>10.0.25070.0</String>
+        <String>10.0.25090.0</String>
       </Value>
     </Setting>
   </Settings>
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md.bak b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md.bak
new file mode 100644
index 0000000000..357a184c9b
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md.bak
@@ -0,0 +1,1176 @@
+---
+title: Microsoft recommended driver block rules (Windows)
+description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.  
+keywords:  security, malware, kernel mode, driver
+ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.prod: m365-security
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+audience: ITPro
+ms.collection: M365-security-compliance
+author: jgeurten
+ms.reviewer: isbrahm
+ms.author: dansimp
+manager: dansimp
+---
+
+# Microsoft recommended driver block rules
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+
+Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're quickly patched and rolled out to the ecosystem. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
+
+- Hypervisor-protected code integrity (HVCI) enabled devices
+- Windows 10 in S mode (S mode) devices
+
+The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes: 
+
+- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
+- Malicious behaviors (malware) or certificates used to sign malware
+- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
+
+Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi) or submit feedback on this article. 
+
+Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
+  <VersionEx>10.0.25090.0</VersionEx>
+  <PolicyTypeID>{D2BDA982-CCF6-4344-AC5B-0B44427B6816}</PolicyTypeID>
+  <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
+  <Rules>
+    <Rule>
+      <Option>Enabled:Unsigned System Integrity Policy</Option>
+    </Rule>
+	<Rule>
+      <Option>Enabled:Audit Mode</Option>
+    </Rule>
+    <Rule>
+      <Option>Enabled:Advanced Boot Options Menu</Option>
+    </Rule>
+  </Rules>
+  <!--EKUS-->
+  <EKUs />
+  <!--File Rules-->
+  <FileRules>
+    <Allow ID="ID_ALLOW_ALL_1" FriendlyName="" FileName="*" />
+    <Allow ID="ID_ALLOW_ALL_2" FriendlyName="" FileName="*" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1" FriendlyName="ASIO32.sys Hash Sha1" Hash="D569D4BAB86E70EFBCDFDAC9D822139D6F477B7C" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256" FriendlyName="ASIO32.sys Hash Sha256" Hash="80599708CE61EC5D6DCFC5977208A2A0BE2252820A88D9BA260D8CDF5DC7FBE4" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="80FA962BDFB76DFCB9E5D13EFC38BB3D392F2E77" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_PAGE" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="9091E044273FF624585235AC885EB2B05DFB12F3022DCF535B178FF1B2E012D1" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_1" FriendlyName="ASIO32.sys Hash Sha1" Hash="5A7DD0DA0AEE0BDEDC14C1B7831B9CE9178A0346" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_1" FriendlyName="ASIO32.sys Hash Sha256" Hash="92EDD48DFAC025D4069EB6491B9730D9D131B77CCEAA480AF9B3C32BC8C5E3A9" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE_1" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="1ACC7A486B52C5EE6619DBDC3B4210B5F48B936F" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_PAGE_1" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="F84634B5C0E83CA9BB25928DC3C4FC05D37451C23B780DBEEB1F10F056F1EEEE" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_2" FriendlyName="ASIO32.sys Hash Sha1" Hash="55AB7E27412ECA433D76513EDC7E6E03BCDD7EDA" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_2" FriendlyName="ASIO32.sys Hash Sha256" Hash="C1B41D6B91448E2409BB2F4FBF4AEB952ADF373D0DECC9D052277B89BA401407" />
+    <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE_2" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="1E7C241B9A9EA79061B50FB19B3D141DEE175C27" />
+    <Deny ID="ID_DENY_ASIO_32_SHA256_PAGE_2" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="1056806F6508B4F5E8A00A6E8D07AEAC06A1BE5F9B92F1684F33682D2DA9349E" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1" FriendlyName="ASIO64.sys Hash Sha1" Hash="E5C090903A20744BA3583A8EA684D035E8CECC34" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256" FriendlyName="ASIO64.sys Hash Sha256" Hash="9DCFD796E244D0687CC35EAC9538F209F76C6DF12DE166F19DBC7D2C47FB16B3" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_PAGE" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="CA5FF4EB8CCBDE4EFF3491FD7941769E8D093D79" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_PAGE" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="D8841803F181F735D8794C82BA52D8C484B3B0A95DBBB66114314F439B75B0E9" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_1" FriendlyName="ASIO64.sys Hash Sha1" Hash="C92148D0666F2235500805975BE79738B84E48C2" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_1" FriendlyName="ASIO64.sys Hash Sha256" Hash="19C74EA0E0BAF04820E5642BD2FA224158801ED966BE1041539E3C55BD65C471" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_PAGE_1" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="F8270F774B3549079EA7D5F0D5406F307019BDFB" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_PAGE_1" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="A3C9C5625BA6A6075D365543603A4DD4D7790850753D5289FF976EB2A839910F" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_2" FriendlyName="ASIO64.sys Hash Sha1" Hash="61E1B497A5DF0797527D6D465A8F315A82AD35EB" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_2" FriendlyName="ASIO64.sys Hash Sha256" Hash="739C11FDB8673AB5B78F1A874DAF5BA3FADDB7910A6D4E0CC49ABD8B8537333F" />
+    <Deny ID="ID_DENY_ASIO_64_SHA1_PAGE_2" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="708855DB4202A792862E1139D673C3B4B713053C" />
+    <Deny ID="ID_DENY_ASIO_64_SHA256_PAGE_2" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="BE5653E4C1ED75A451BE4297FF233A22C7AAB93B2126CA428834E83CADFF5E9C" />
+    <Deny ID="ID_DENY_ASRDRV10_SHA1" FriendlyName="AsrDrv10.sys Hash Sha1" Hash="2E6D61FA32E12FE4ABF7B7D87AA6824F5F528000" />
+    <Deny ID="ID_DENY_ASRDRV10_SHA256" FriendlyName="AsrDrv10.sys Hash Sha256" Hash="C767A5895119154467AC3FCE8E82C20E6538A4E54F6C109001C61F8ABD58F9F8" />
+    <Deny ID="ID_DENY_ASRDRV10_SHA1_PAGE" FriendlyName="AsrDrv10.sys Hash Page Sha1" Hash="085529E58BE3806D396F1BB15FF078FD4C471AAB" />
+    <Deny ID="ID_DENY_ASRDRV10_SHA256_PAGE" FriendlyName="AsrDrv10.sys Hash Page Sha256" Hash="14141F03EFF7C2F44BFED93524F4EC64ABDC8F3D45D55B1BCB5701CA354319FD" />
+    <Deny ID="ID_DENY_ASRDRV101_SHA1" FriendlyName="AsrDrv101.sys Hash Sha1" Hash="D0580BFC31FAEFB7E017798121C5B8A4E68155F9" />
+    <Deny ID="ID_DENY_ASRDRV101_SHA256" FriendlyName="AsrDrv101.sys Hash Sha256" Hash="FEE4560F2160A951D83344857EB4587AB10C1CFD8C5CFC23B6F06BEF8EBCD984" />
+    <Deny ID="ID_DENY_ASRDRV101_SHA1_PAGE" FriendlyName="AsrDrv101.sys Hash Page Sha1" Hash="55A90E7822A1444FAE81371DF7296CC5642FB353" />
+    <Deny ID="ID_DENY_ASRDRV101_SHA256_PAGE" FriendlyName="AsrDrv101.sys Hash Page Sha256" Hash="B00060733F88E3897D4B1E4732DF67FF277A8D615F84E6EFAB98C79C72CBA370" />
+    <Deny ID="ID_DENY_ASRDRV102_SHA1" FriendlyName="AsrDrv102.sys Hash Sha1" Hash="5F9C7D3552FFA98C9DCF9A9B7AD1263D2AB24A2F" />
+    <Deny ID="ID_DENY_ASRDRV102_SHA256" FriendlyName="AsrDrv102.sys Hash Sha256" Hash="11EECF9E6E2447856ED4CF86EE1CB779CFE0672C808BBD5934CF2F09A62D6170" />
+    <Deny ID="ID_DENY_ASRDRV102_SHA1_PAGE" FriendlyName="AsrDrv102.sys Hash Page Sha1" Hash="B419D69A4ED8D4EABD90A155ED15C3374BEA6FFC" />
+    <Deny ID="ID_DENY_ASRDRV102_SHA256_PAGE" FriendlyName="AsrDrv102.sys Hash Page Sha256" Hash="23E39D9E40235A5C456260E03CACCC186FE79FFD7D0439AEA7530EBB0380946D" />
+    <Deny ID="ID_DENY_ASRDRV103_SHA1" FriendlyName="AsrDrv103.sys Hash Sha1" Hash="B3410021EA5A46818D9FF05A96C2809A9ABE8E4A" />
+    <Deny ID="ID_DENY_ASRDRV103_SHA256" FriendlyName="AsrDrv103.sys Hash Sha256" Hash="B6BF2460E023B1005CC60E107B14A3CFDF9284CC378A086D92E5DCDF6E432E2C" />
+    <Deny ID="ID_DENY_ASRDRV103_SHA1_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha1" Hash="490F85E291C4D9ED0AB8457CE6B424C0F3F7E7AC" />
+    <Deny ID="ID_DENY_ASRDRV103_SHA256_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha256" Hash="E22B7BA6D064C75913C3BDADAF7AADA535DDDD83175D8A47467FED5ABC56D5AC" />
+    <Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
+    <Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
+    <Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
+    <Deny ID="ID_DENY_BANDAI_SHA256_PAGE" FriendlyName="bandai.sys Hash Page Sha256" Hash="BB83738210650E09307CE869ACA9BFA251024D3C47B1006B94FCE2846313F56E" />
+	<Deny ID="ID_DENY_BS_RCIO64_SHA1" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha1" Hash="4BFE9E5A5A25B7CDE6C81EBE31ED4ABEB5147FAF" />
+    <Deny ID="ID_DENY_BS_RCIO64_SHA256" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha256" Hash="0381632CD236CD94FA9E64CCC958516AC50F9437F99092E231A607B1E6BE6CF8" />
+    <Deny ID="ID_DENY_BS_RCIO64_SHA1_PAGE" FriendlyName="BS_RCIO64 5651466512138240\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha1" Hash="C28B640BECA5E2834D2A373F139869CC309F6631" />
+    <Deny ID="ID_DENY_BS_RCIO64_SHA256_PAGE" FriendlyName="BS_RCIO64 5651466512138240\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha256" Hash="9378F7DFF94D9409D38FA1A125C52734D6BAEA90913FC3CEE2659FD36AB0DA29" />
+    <Deny ID="ID_DENY_CAPCOM_SHA1" FriendlyName="capcom.sys Hash Sha1" Hash="1D1CAFC73C97C6BCD2331F8777D90FDCA57125A3" />
+    <Deny ID="ID_DENY_CAPCOM_SHA256" FriendlyName="capcom.sys Hash Sha256" Hash="FAA08CB609A5B7BE6BFDB61F1E4A5E8ADF2F5A1D2492F262483DF7326934F5D4" />
+    <Deny ID="ID_DENY_CAPCOM_SHA1_PAGE" FriendlyName="capcom.sys Hash Page Sha1" Hash="69006FBBD1B150FB9404867A5BCDC04FE0FC1BAD" />
+    <Deny ID="ID_DENY_CAPCOM_SHA256_PAGE" FriendlyName="capcom.sys Hash Page Sha256" Hash="42589C7CE89941060465096C4661654B43E38C1F9D05D66239825E8FCCF52705" />
+    <Deny ID="ID_DENY_DBUTIL_32_SHA1" FriendlyName="32-bit dell dbutil.sys Hash Sha1" Hash="485C0B9710A196C7177B99EE95E5DDB35B26DDD1" />
+    <Deny ID="ID_DENY_DBUTIL_32_SHA256" FriendlyName="32-bit dell dbutil.sys Hash Sha256" Hash="96EE751F7C38731E97773E07E0F13F4DD361AF9AAA1D30B41652C2E6EFC3FB3E" />
+    <Deny ID="ID_DENY_DBUTIL_32_SHA1_PAGE" FriendlyName="32-bit dell dbutil.sys Hash Page Sha1" Hash="50E2BC41F0186FDCE970B80E2A2CB296353AF586" />
+    <Deny ID="ID_DENY_DBUTIL_32_SHA256_PAGE" FriendlyName="32-bit dell dbutil.sys Hash Page Sha256" Hash="862A262E7AF92599E6B10035B8A3C988078B92BA791A6230A85FD6D1ECEC88C7" />
+    <Deny ID="ID_DENY_DBUTIL_64_SHA1" FriendlyName="64-bit dell dbutil.sys Hash Sha1" Hash="E3C1DD569AA4758552566B0213EE4D1FE6382C4B" />
+    <Deny ID="ID_DENY_DBUTIL_64_SHA256" FriendlyName="64-bit dell dbutil.sys Hash Sha256" Hash="FE4270A61DBED978C28B2915FCC2826D011148DCB7533FA8BD072DDCE5944CEF" />
+    <Deny ID="ID_DENY_DBUTIL_64_SHA1_PAGE" FriendlyName="64-bit dell dbutil.sys Hash Page Sha1" Hash="E09B5E80805B8FE853EA27D8773E31BFF262E3F7" />
+    <Deny ID="ID_DENY_DBUTIL_64_SHA256_PAGE" FriendlyName="64-bit dell dbutil.sys Hash Page Sha256" Hash="7E2AD3D6D76F4FCD4583B865FFC12DE6C44FC16CBCBB81D480CB067F2A860422" />
+    <Deny ID="ID_DENY_FIDDRV_SHA1" FriendlyName="fiddrv.sys Hash Sha1" Hash="8CC8974A05E81678E3D28ACFE434E7804ABD019C" />
+    <Deny ID="ID_DENY_FIDDRV_SHA256" FriendlyName="fiddrv.sys Hash Sha256" Hash="97B976F7E7E5DF7AF0781BBBB33CB5F3F7A59EFDD07995253B31DE8123352A67" />
+    <Deny ID="ID_DENY_FIDDRV_SHA1_PAGE" FriendlyName="fiddrv.sys Hash Page Sha1" Hash="282BB241BDA5C4C1B8EB9BF56D018896649CA0E1" />
+    <Deny ID="ID_DENY_FIDDRV_SHA256_PAGE" FriendlyName="fiddrv.sys Hash Page Sha256" Hash="1ED9DA2DA2539284404E0701E6BA3C9EB37BE10353E826F425A194D247B8B7CE" />
+    <Deny ID="ID_DENY_FIDDRV64_SHA1" FriendlyName="fiddrv64.sys Hash Sha1" Hash="10E15BA8FF8ED926DDD3636CEC66A0F08C9860A4" />
+    <Deny ID="ID_DENY_FIDDRV64_SHA256" FriendlyName="fiddrv64.sys Hash Sha256" Hash="FEEF191064D18B6FB63B7299415D1B1E2EC8FCDD742854AA96268D0EC4A0F7B6" />
+    <Deny ID="ID_DENY_FIDDRV64_SHA1_PAGE" FriendlyName="fiddrv64.sys Hash Page Sha1" Hash="E4436C8C42BA5FFABD58A3B2256F6E86CCC907AB" />
+    <Deny ID="ID_DENY_FIDDRV64_SHA256_PAGE" FriendlyName="fiddrv64.sys Hash Page Sha256" Hash="2D48414647A7F9DEA30F19074EBF8F17E55E9031B8604794CEB88369C8C52532" />
+    <Deny ID="ID_DENY_FIDPCIDRV_SHA1" FriendlyName="fidpcidrv.sys Hash Sha1" Hash="08596732304351B311970FF96B21F451F23B1E25" />
+    <Deny ID="ID_DENY_FIDPCIDRV_SHA256" FriendlyName="fidpcidrv.sys Hash Sha256" Hash="7B7E0E1453E733050B586A6FAC91883DBB85AE0775C84C4CEB967CFC9B4EFD10" />
+    <Deny ID="ID_DENY_FIDPCIDRV_SHA1_PAGE" FriendlyName="fidpcidrv.sys Hash Page Sha1" Hash="7838FB56FDAB816BC1900A4720EEA2FC9972EF7A" />
+    <Deny ID="ID_DENY_FIDPCIDRV_SHA256_PAGE" FriendlyName="fidpcidrv.sys Hash Page Sha256" Hash="0893E186E236315FE78A7EF41ED71617E75D90D2D14FE93911E0D9344BEAF69F" />
+    <Deny ID="ID_DENY_FIDPCIDRV64_SHA1" FriendlyName="fidpcidrv64.sys Hash Sha1" Hash="4789B910023A667BEE70FF1F1A8F369CFFB10FE8" />
+    <Deny ID="ID_DENY_FIDPCIDRV64_SHA256" FriendlyName="fidpcidrv64.sys Hash Sha256" Hash="7FB0F6FC5BDD22D53F8532CB19DA666A77A66FFB1CF3919A2E22B66C13B415B7" />
+    <Deny ID="ID_DENY_FIDPCIDRV64_SHA1_PAGE" FriendlyName="fidpcidrv64.sys Hash Page Sha1" Hash="EEFF4EC4EBC12C6ACD2C930DC2EAAF877CFEC7EC" />
+    <Deny ID="ID_DENY_FIDPCIDRV64_SHA256_PAGE" FriendlyName="fidpcidrv64.sys Hash Page Sha256" Hash="B98E008DFEA10EC74C89D08F12F31C12F52234BE6FFFF06B6B9E749BFEA6CBED" />
+    <Deny ID="ID_DENY_GDRV" FriendlyName="gdrv.sys" FileName="gdrv.sys" />
+    <Deny ID="ID_DENY_GLCKIO2_SHA1" FriendlyName="GLCKIO2.sys Hash Sha1" Hash="D99B80B3269D735CAC43AF5E43483E64CA7961C3" />
+    <Deny ID="ID_DENY_GLCKIO2_SHA256" FriendlyName="GLCKIO2.sys Hash Sha256" Hash="47DBA240967FD0088BE618163672DFBDDF0138178CCCD45B54037F622B221220" />
+    <Deny ID="ID_DENY_GLCKIO2_SHA1_PAGE" FriendlyName="GLCKIO2.sys Hash Page Sha1" Hash="51E0740AAEE5AE76B0095C92908C97B817DB8BEA" />
+    <Deny ID="ID_DENY_GLCKIO2_SHA256_PAGE" FriendlyName="GLCKIO2.sys Hash Page Sha256" Hash="E7F011E9857C7DB5AACBD424612CD7E3D12C363FDC8F072DDFAF9E2E5C85F5F3" />
+    <Deny ID="ID_DENY_GVCIDRV64_SHA1" FriendlyName="GVCIDrv64.sys Hash Sha1" Hash="4EAE38E9DC262EB7B6EDE4B3D3F4AD068933845E" />
+    <Deny ID="ID_DENY_GVCIDRV64_SHA256" FriendlyName="GVCIDrv64.sys Hash Sha256" Hash="2FF09BB919A9909068166C30322C4E904BEFEBA5429E9A11D011297FB8A73C07" />
+    <Deny ID="ID_DENY_GVCIDRV64_SHA1_PAGE" FriendlyName="GVCIDrv64.sys Hash Page Sha1" Hash="6980122AEF4E2D5D7A6DDDB6DA76A166C460E0A1" />
+    <Deny ID="ID_DENY_GVCIDRV64_SHA256_PAGE" FriendlyName="GVCIDrv64.sys Hash Page Sha256" Hash="A69247025DD32DC15E06FEE362B494BCC6105D34B8D7091F7EC3D9000BD71501" />
+    <Deny ID="ID_DENY_WINFLASH64_SHA1" FriendlyName="WinFlash64.sys Hash Sha1" Hash="DA21F5889F8374C3961856D681ADEC3D663D2964" />
+    <Deny ID="ID_DENY_WINFLASH64_SHA256" FriendlyName="WinFlash64.sys Hash Sha256" Hash="F2B51FBEEAD17F5EE34D5B4A3A83C848FB76F8F0E80769212E137A7AA539A3BC" />
+    <Deny ID="ID_DENY_WINFLASH64_SHA1_PAGE" FriendlyName="WinFlash64.sys Hash Page Sha1" Hash="C5057A4FD3C9B58F4C9AB9FE356081DF8804BF98" />
+    <Deny ID="ID_DENY_WINFLASH64_SHA256_PAGE" FriendlyName="WinFlash64.sys Hash Page Sha256" Hash="C8FA1EC3D03050FBC1AA677F2C0348690521291219E8D2E94F0EA9E9174B9156" />
+    <Deny ID="ID_DENY_AMIFLDRV64_SHA1" FriendlyName="amifldrv64.sys Hash Sha1" Hash="B0EC7D971DA8AE84C0ED8F88A5D46B23996E636C" />
+    <Deny ID="ID_DENY_AMIFLDRV64_SHA256C" FriendlyName="amifldrv64.sys Hash Sha256" Hash="038F39558035292F1D794B7CF49F8E751E8633DAEC31454FE85CCCBEA83BA3FB" />
+    <Deny ID="ID_DENY_AMIFLDRV64_SHA1_PAGE" FriendlyName="amifldrv64.sys Hash Page Sha1" Hash="C9CC3779ED67755220DBF9592EC2AC0E1DE363DC" />
+    <Deny ID="ID_DENY_AMIFLDRV64_SHA256_PAGE" FriendlyName="amifldrv64.sys Hash Page Sha256" Hash="AA594D977312A944B14351C075634E7C59B42687928FBCDA8E2C4CEA46686DD9" />
+    <Deny ID="ID_DENY_ASUPIO64_SHA1" FriendlyName="AsUpIO64.sys Hash Sha1" Hash="2A95F882DD9BAFCC57F144A2708A7EC67DD7844C" />
+    <Deny ID="ID_DENY_ASUPIO64_SHA256" FriendlyName="AsUpIO64.sys Hash Sha256" Hash="7F75D91844B0C162EEB24D14BCF63B7F230E111DAA7B0A26EAA489EEB22D9057" />
+    <Deny ID="ID_DENY_ASUPIO64_SHA1_PAGE" FriendlyName="AsUpIO64.sys Hash Page Sha1" Hash="316E7872A227F0EAD483D244805E9FF4D3569F6F" />
+    <Deny ID="ID_DENY_ASUPIO64_SHA256_PAGE" FriendlyName="AsUpIO64.sys Hash Page Sha256" Hash="5958CBE6CF7170C4B66893777BDE66343F5536A98610BD188E10D47DB84BC04C" />
+    <Deny ID="ID_DENY_BSFLASH64_SHA1" FriendlyName="BS_Flash64.sys Hash Sha1" Hash="5107438A02164E1BCEDD556A786F37F59CD04231" />
+    <Deny ID="ID_DENY_BSFLASH64_SHA256" FriendlyName="BS_Flash64.sys Hash Sha256" Hash="543C3F024E4AFFD0AAFA3A229FA19DBE7A70972BB18ED6347D3492DD174EDAC5" />
+    <Deny ID="ID_DENY_BSFLASH64_SHA1_PAGE" FriendlyName="BS_Flash64.sys Hash Page Sha1" Hash="26C398B86FD33B3E6C4348F780C4CF758C99C8FD" />
+    <Deny ID="ID_DENY_BSFLASH64_SHA256_PAGE" FriendlyName="BS_Flash64.sys Hash Page Sha256" Hash="8BF958AFA751D7AB66EBB1FAE25679E6F0FDE72078AEFC09F1824EEFA526005E" />
+    <Deny ID="ID_DENY_BSHWMIO64_SHA1" FriendlyName="BS_HWMIo64.sys Hash Sha1" Hash="3281135748C9C7A9DDACE55C648C720AF810475F" />
+    <Deny ID="ID_DENY_BSHWMIO64_SHA256" FriendlyName="BS_HWMIo64.sys Hash Sha256" Hash="3DE51A3102DB7297D96B4DE5B60ACA5F3A07E8577BBBED7F755F1DE9A9C38E75" />
+    <Deny ID="ID_DENY_BSHWMIO64_SHA1_PAGE" FriendlyName="BS_HWMIo64.sys Hash Page Sha1" Hash="FC5F231383FE72E298893010A9A3714B205C4110" />
+    <Deny ID="ID_DENY_BSHWMIO64_SHA256_PAGE" FriendlyName="BS_HWMIo64.sys Hash Page Sha256" Hash="6AD3624CA1DC38ECEEC75234E50934B1BAD7C72621DC57DEAB09044D0135877D" />
+    <Deny ID="ID_DENY_DIRECTIO_12" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="E8F7E20061F9CC20583DCAB3B16054D106B8AA83" />
+    <Deny ID="ID_DENY_DIRECTIO_13" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="B8BF3BD441EBC5814C5D39D053FDCB263E8E58476CBDEE4B1226903305F547B6" />
+    <Deny ID="ID_DENY_DIRECTIO_14" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="36875A862D1E762E6CC75595EF37EA7460A1E1DF" />
+    <Deny ID="ID_DENY_DIRECTIO_15" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="AC706D9ED906B5C879F6AD59FFB56FA6BC5E1395FE9ADF7C60F7EB94D044D018" />
+    <Deny ID="ID_DENY_DIRECTIO_16" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="DCDB7BF7E237B9BDA190F60E386A49A7C3494F8D" />
+    <Deny ID="ID_DENY_DIRECTIO_17" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="F34C667C0DA3CD813E60F11B67338723252BEB9BD43FC5E0C8C7265F263D2BD9" />
+    <Deny ID="ID_DENY_DIRECTIO_18" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="179601E33B5AE4E2EA13F34FD084B1FCBD56FBCE" />
+    <Deny ID="ID_DENY_DIRECTIO_19" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="C7B193F92A943AFBC0EB57B23B5BE5E66F66574051BF838B6735E13733DA1809" />
+    <Deny ID="ID_DENY_DIRECTIO_1A" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="8B86E08D610BCC9AB7B7750F036DBB568F733BE0" />
+    <Deny ID="ID_DENY_DIRECTIO_1B" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="841F965977F33D621D126412032C47DD6118251623C380E5572F7553B620B0E1" />
+    <Deny ID="ID_DENY_DIRECTIO_1C" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="6BD3AB2E730561F7D1385DCFEF81C1FA67398C8C" />
+    <Deny ID="ID_DENY_DIRECTIO_1D" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="D3ECCD41C75046CA9A72AF273C132AEDED1D6572A20D1A64ED08337204B9DA83" />
+    <Deny ID="ID_DENY_DIRECTIO_1E" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="02A7E085631ECFE031B76AFA883A266C850ED61B" />
+    <Deny ID="ID_DENY_DIRECTIO_1F" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="FB5E65AEC819C5A91EF0CE0FEC0A957826B5E1AC9BAC559A1B4201A3870462A3" />
+    <Deny ID="ID_DENY_DIRECTIO_20" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="C3596085C90D81C2C51A75558211AD44C853C358" />
+    <Deny ID="ID_DENY_DIRECTIO_21" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="D402FE9EED2C0A26AAF2CB2311019FFF7004965AA2D22702974203A50A52C9B0" />
+    <Deny ID="ID_DENY_DIRECTIO_22" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="66941573DAFD7259CBA113C0FA9EACCD347355FD" />
+    <Deny ID="ID_DENY_DIRECTIO_23" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="A520FF5C754A1FB62BA88399A313D0C0FB99145BA2D3D91DBF4282388B77FA84" />
+    <Deny ID="ID_DENY_DIRECTIO_24" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="588A9F349E520AA5AC5BD650B75345419B28AE85" />
+    <Deny ID="ID_DENY_DIRECTIO_25" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="2E7B3C52FE1541B51F814B82FCED59513DE249B6834B4B2C94ACD97CA889477C" />
+    <Deny ID="ID_DENY_DIRECTIO_26" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="8EC43D1DEF8BB20354AEBA49A9084BACD2C02817" />
+    <Deny ID="ID_DENY_DIRECTIO_27" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="AD44CFD9C6262A6FF36EE9D03E59BA4B0524EF87F6B980CE15ABB10A35D39F88" />
+    <Deny ID="ID_DENY_DIRECTIO_28" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="708EAD1221FB176AA9594F9E0AA7F783704FB962" />
+    <Deny ID="ID_DENY_DIRECTIO_29" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="80BFD0EAD1EA54219D6A1A454242CAA6C2397FA94AF1B4E10D269B670AFDA898" />
+    <Deny ID="ID_DENY_DIRECTIO_2A" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="F1BDD3236F43338A119D74ECA730F0D464DED973" />
+    <Deny ID="ID_DENY_DIRECTIO_2B" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="96A5B3CD7C1A6DDA5B6F402E6C35BA535270467F56ADDC7448DBE4AA78428411" />
+    <Deny ID="ID_DENY_DIRECTIO_2C" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="A14331F63EC907BF3E472F1E0CB8F19DE06EF4E4" />
+    <Deny ID="ID_DENY_DIRECTIO_2D" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="7F0A28CCF0AB76964D40E063F9D4B88193B77E4BADF66E8C8F87C97127885987" />
+    <Deny ID="ID_DENY_DIRECTIO_2E" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="FCA1EE04BE5D7752A1AD717A6AAC9C143C5C8BCD" />
+    <Deny ID="ID_DENY_DIRECTIO_2F" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="E219276A4068B1EEA5CE08F83A322845DCE4ECA89E05C71A0C2417065CE48813" />
+    <Deny ID="ID_DENY_DIRECTIO_30" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="0D1DC447860DC9B9B7FA278FF16120E14064517C" />
+    <Deny ID="ID_DENY_DIRECTIO_31" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="EBFBFA7C84036A4CF0114BBB0C8017B532F37D846589AEB0004BC8B1F5F4D230" />
+    <Deny ID="ID_DENY_DIRECTIO_32" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="EBF8C7DC8292950ACC260A0E473678AE3C56B210" />
+    <Deny ID="ID_DENY_DIRECTIO_33" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="43B7715E38449BF82AD0BB6B11D03DA42150C1EE23148C5F396CC4AB1001622D" />
+    <Deny ID="ID_DENY_DIRECTIO_34" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="05E20D0274A4FCC5368F25C62174003A555917E7" />
+    <Deny ID="ID_DENY_DIRECTIO_35" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="70344F2494D6B7EE4C5716E886D912447CFFE9695D2286814DC3CE0361727BBA" />
+    <Deny ID="ID_DENY_DIRECTIO_36" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="706686F2A1EF4738A1856D01AB10EB730FC7B327" />
+    <Deny ID="ID_DENY_DIRECTIO_37" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="B74246C8CB77B0364B7CECE38BFF5F462EEC983C" />
+    <Deny ID="ID_DENY_DIRECTIO_38" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="B423CA58603513B5D3A9669736D5E13C353FD6F9" />
+    <Deny ID="ID_DENY_DIRECTIO_39" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="2FB5D7E6DB01C9090BBA92ABF580D38993E02CE9357E08FE1F224A9B18056E5A" />
+    <Deny ID="ID_DENY_DIRECTIO_3A" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="AE806CA05E141B71664D9C6F20CC2369EF26F996" />
+    <Deny ID="ID_DENY_DIRECTIO_3B" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="D0559503988DAA407FCC11E59079560CB456BB84" />
+    <Deny ID="ID_DENY_MSIO_SHA1_1" FriendlyName="MsIo.sys Hash Sha1" Hash="0CB0FD5BEA730E4EAAEC1426B0C15376CCAC6D83" />
+    <Deny ID="ID_DENY_MSIO_SHA256_1" FriendlyName="MsIo.sys Hash Sha256" Hash="0D0962DB9DC6879067270134801AD425C1F3E85B0DC39877C02AAA9C54ACA14E" />
+    <Deny ID="ID_DENY_MSIO_SHA1_PAGE_1" FriendlyName="MsIo.sys Hash Page Sha1" Hash="D4E21C205DE75CDE70CD73C52C646E1E5D333A35" />
+    <Deny ID="ID_DENY_MSIO_SHA256_PAGE_1" FriendlyName="MsIo.sys Hash Page Sha256" Hash="C1D2036235A489FDD8B3970C9EF01567443A87D17B0AD5C2A033D4C471D0ECDE" />
+    <Deny ID="ID_DENY_MSIO_SHA1_2" FriendlyName="MsIo.sys Hash Sha1" Hash="7E732ACB7CFAD9BA043A9350CDEFF25D742BECB8" />
+    <Deny ID="ID_DENY_MSIO_SHA256_2" FriendlyName="MsIo.sys Hash Sha256" Hash="7018D515A6C781EA6097CA71D0F0603AD0D689F7EC99DB27FCACD492A9E86027" />
+    <Deny ID="ID_DENY_MSIO_SHA1_PAGE_2" FriendlyName="MsIo.sys Hash Page Sha1" Hash="CDE1A50E1DF7870F8E4AFD8631E45A847C714C0A" />
+    <Deny ID="ID_DENY_MSIO_SHA256_PAGE_2" FriendlyName="MsIo.sys Hash Page Sha256" Hash="05736AB8B48DF84D81CB2CC0FBDC9D3DA34C22DB67A3E71C6F4B6B3923740DD5" />
+    <Deny ID="ID_DENY_MSIO_SHA1_3" FriendlyName="MsIo.sys Hash Sha1" Hash="07660D1867E20BE0212A96CBA6B5FE6BE7776EAF" />
+    <Deny ID="ID_DENY_MSIO_SHA256_3" FriendlyName="MsIo.sys Hash Sha256" Hash="BE0AF245444321E51F4DD8A90A19A0ABE05A060CBAD93701E23A02DF307957AE" />
+    <Deny ID="ID_DENY_MSIO_SHA1_4" FriendlyName="MsIo.sys Hash Sha1" Hash="B2CD3A63D04EAE427BEDE6C6FE8FACBA91ECECBF" />
+    <Deny ID="ID_DENY_MSIO_SHA256_4" FriendlyName="MsIo.sys Hash Sha256" Hash="D86D6732AC4D1CB41A2DCE40436B839C0DFDCEF9BA306CE5D0F97C0522ABFAC8" />
+    <Deny ID="ID_DENY_PIDDRV_SHA1" FriendlyName="piddrv.sys Hash Sha1" Hash="877C6C36A155109888FE1F9797B93CB30B4957EF" />
+    <Deny ID="ID_DENY_PIDDRV_SHA256" FriendlyName="piddrv.sys Hash Sha256" Hash="4E19D4CE649C28DD947424483796BEACE3656284FB0379D97DDDD320AA602BBC" />
+    <Deny ID="ID_DENY_PIDDRV_SHA1_PAGE" FriendlyName="piddrv.sys Hash Page Sha1" Hash="A7D827A41B2C4B7638495CD1D77926F1BA902978" />
+    <Deny ID="ID_DENY_PIDDRV_SHA256_PAGE" FriendlyName="piddrv.sys Hash Page Sha256" Hash="EAC7316089DBAF7DF79A531355547BBDA22FA0921E31BBA0D27BCC88234E9ED3" />
+    <Deny ID="ID_DENY_PIDDRV64_SHA1" FriendlyName="piddrv64.sys Hash Sha1" Hash="0C2599D738D01A82EC91725F499ACEBBCFB47CC9" />
+    <Deny ID="ID_DENY_PIDDRV64_SHA256" FriendlyName="piddrv64.sys Hash Sha256" Hash="B97F870C501714FA453CF18AE8A30C87D08FF1E6D784AFDBB0121AEA3DA2DC28" />
+    <Deny ID="ID_DENY_PIDDRV64_SHA1_PAGE" FriendlyName="piddrv64.sys Hash Page Sha1" Hash="C978063E678233C5EFB8F002FEF000FD479CC632" />
+    <Deny ID="ID_DENY_PIDDRV64_SHA256_PAGE" FriendlyName="piddrv64.sys Hash Page Sha256" Hash="1081CCD57FD35998634103AE1E736638D82351092ACD30FE75084EA6A08CA0F7" />
+    <Deny ID="ID_DENY_PHYMEMX64_SHA1" FriendlyName="phymemx64 Hash Sha1" Hash="3C9F40AC72B0202CB40627FDEB7298079187193A" />
+    <Deny ID="ID_DENY_PHYMEMX64_SHA256" FriendlyName="phymemx64 Hash Sha256" Hash="A6AE7364FD188C10D6B5A729A7FF58A3EB11E7FEB0D107D18F9133655C11FB66" />
+    <Deny ID="ID_DENY_PHYMEMX64_SHA1_PAGE" FriendlyName="phymemx64 Hash Page Sha1" Hash="6E7D8ABF7F81A2433F27B052B3952EFC4B9CC0B1" />
+    <Deny ID="ID_DENY_PHYMEMX64_SHA256_PAGE" FriendlyName="phymemx64 Hash Page Sha256" Hash="B7113B9A68E17428E2107B19BA099571AAFFC854B8FB9CBCEB79EF9E3FD1CC62" />
+    <Deny ID="ID_DENY_SEMAV6MSR64_SHA1" FriendlyName="semav6msr64.sys Hash Sha1" Hash="E3DBE2AA03847DF621591A4CAD69A5609DE5C237" />
+    <Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
+    <Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
+    <Deny ID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha256" Hash="4F12EE563E7496E7105D67BF64AF6B436902BE4332033AF0B5A242B206372CB7" />
+    <Deny ID="ID_DENY_WINRING0_SHA1" FriendlyName="WinRing0.sys Hash Sha1" Hash="12EB825418A932B1E4C6697DC7647E89AE52CF3F" />
+    <Deny ID="ID_DENY_WINRING0_SHA256" FriendlyName="WinRing0.sys Hash Sha256" Hash="4582ADB2E67EEBAFF755AE740C1F24BC3AF78E0F28E8E8DECB99F86BF155AB23" />
+    <Deny ID="ID_DENY_WINRING0_SHA1_PAGE" FriendlyName="WinRing0.sys Hash Page Sha1" Hash="497AFEB0D5B97D4B863704A2F77FFEF31220402D" />
+    <Deny ID="ID_DENY_WINRING0_SHA256_PAGE" FriendlyName="WinRing0.sys Hash Page Sha256" Hash="8D8A5696BDF11D2427016F91F9726AFF4F0C80FADBC3E6033662FA11C8B282BD" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="81.sys Hash Sha1" Hash="05AC1C64CA16AB0517FE85D4499D08199E63DF26"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="b4.sys Hash Sha1" Hash="4BBB9709D5F916FE78EAA15431F622761EFC496F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="bw.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="bwrs.sys Hash Sha1" Hash="3DEBE170B5A113407F9E86EE6ED9AE00C3D82C9F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_18" FriendlyName="bwrsh.sys Hash Sha1" Hash="73857ACDD7D7C9235F3E18C503A27E7C88C5FCB0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_19" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_20" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="A2DA5C397F737FA55D8F93D3CED5EB70AE09801F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_21" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="C58B6EF848CA87AD9EC4368C45C8F1EB7FA6BD16"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_22" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_23" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="1923D1F21FAFFCD7D511E2B313FE9415E6AD90AE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_24" FriendlyName="TGSafe.sys Hash Sha1" Hash="F3E60B7B9C53315D6158F82596919209A00E1CDA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_25" FriendlyName="BlackBoneDrv10.sys Hash Sha1" Hash="AA97BF43E6BAD521F3A3D8081FB350C89382F06F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_26" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="4604A20CAE2DFE42320FE8F6AED000EC204EFA7E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_27" FriendlyName="gameink.sys Hash Sha1" Hash="60A632E4B838731AAD553650D6BC8AF3D3D80B26"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_28" FriendlyName="windows-xp-64.sys Hash Sha1" Hash="03F0DD3124EC3A4BB6D30865A488F54E74DED699"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_29" FriendlyName="windows8-10-32.sys Hash Sha1" Hash="8A50E81D6E6C45410BF13F95B1A67CADA8C82221"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_30" FriendlyName="kbdcap64.sys Hash Sha1" Hash="83660D245FE618ECAFE4900AC1E2AD0292C2DA2A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_31" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="202D5A05E546740037F9A4DC2B21F71680C39D3B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_32" FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_33" FriendlyName="d.sys Hash Sha1" Hash="7C1BA790CA2AA03F30413D02F3A812FCCA1AB29F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_34" FriendlyName="b3.sys Hash Sha1" Hash="969A945C93F54FCBF17548903131D4B86042DF7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_35" FriendlyName="2.sys Hash Sha1" Hash="64309DB7AF8665368636186805745126B8BD5BFE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_36" FriendlyName="b1.sys Hash Sha1" Hash="1F7804D9185B1910C43BD4104D58B96994FF8E49"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_37" FriendlyName="My.sys Hash Sha1" Hash="2A506E2512C9083419B7741B4499E012CDC60204"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_38" FriendlyName="Black.sys Hash Sha1" Hash="1236573A309C4EDB52E050E53E73188183C23E7E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_39" FriendlyName="WYProxy32.sys Hash Sha1" Hash="22C5E127E7E7C567D8624607A6F8F5809DEACB55"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_40" FriendlyName="WYProxy64.sys Hash Sha1" Hash="DC38CC55B84A1A7C0846FB5509B43B4FF97A9BE6"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_41" FriendlyName="Proxy64.sys Hash Sha1" Hash="AA937F73A8AFCDA98E868F4AEEB0EB81A4150075"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_42" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="481488488CF7BB5CD470B62600A3570A1711ABAA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_43" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="C58BEBEF6A92F5A5B37BE0394695E8E18A42867F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_44" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="7AA2C4C51AFC1C82BEAE55AB9CA7BA0BB588B5C0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_45" FriendlyName="ni.sys Hash Sha1" Hash="FD081F7A372B939DB8523E222D118B87450D3D19"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_46" FriendlyName="d4.sys Hash Sha1" Hash="E343AA3981393778F32DF94EFAC90FE35D6933A9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_47" FriendlyName="d2.sys Hash Sha1" Hash="002223FDDC5658EA22B7A8979984A9B54F63B316"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_48" FriendlyName="t.sys Hash Sha1" Hash="1CF3B0A2A0B47477A840ADC2B520401E18AF16D6"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_49" FriendlyName="1.sys Hash Sha1" Hash="F50B475D5FD1ED4F866BF43342676E449F779C67"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_50" FriendlyName="cpupress.sys Hash Sha1" Hash="C4FE0CBB8DA5BF1E02EC6D7A0F97D740955DDD97"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_51" FriendlyName="gameink.sys Hash Sha1" Hash="3AE56AB63230D6D9552360845B4A37B5801CC5EA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_52" FriendlyName="NetFlt.sys Hash Sha1" Hash="B04ECC8DD0D52FE4552D2C4D693D67FAE20C460F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_53" FriendlyName="ProtectS.sys Hash Sha1" Hash="710BBA7C3D6CAC7B62AB05E6B12274D1548985E6"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_54" FriendlyName="ProtectS.sys Hash Sha1" Hash="67650BC9CDF0716BC7B5664723C38FC5327EC662"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_55" FriendlyName="GameTerSafe.sys Hash Sha1" Hash="39F934078A060BAD2D58B5DBA8F8884903D697A7"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_56" FriendlyName="Lurker.sys Hash Sha1" Hash="CEC5447D0529F97C4BF4A012EA58AAB07139FFE0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_57" FriendlyName="TestBone.sys Hash Sha1" Hash="0D523E8B0B96675AC2E5AC0D56C367564B260545"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_58" FriendlyName="Proxy32.sys Hash Sha1" Hash="69D6B4032F1456506382885EBA5B396F1C36841B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_59" FriendlyName="t7.sys Hash Sha1" Hash="738CF0AFB7ECDF35A92667C8802D512A0CAF353C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_60" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_61" FriendlyName="t8.sys Hash Sha1" Hash="D85C6097A2279301222B6A06B93296ACE669A76D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_62" FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_63" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_64" FriendlyName="t3.sys Hash Sha1" Hash="0CE54B617DE11C24670064960B736EF9C47A5F15"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_65" FriendlyName="windows7-32.sys Hash Sha1" Hash="82F8D4BA137FA4B0DA20E8CD1968A7AAEA803DBC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_66" FriendlyName="NetProxyDriver.sys Hash Sha1" Hash="00B4FDC0F7F28DDECD5B4E5880A71E7F08B5F825"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_67" FriendlyName="c.sys Hash Sha1" Hash="3C20BB896FD16B5C698185FB176E820A448997B3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_68" FriendlyName="gameink.sys Hash Sha1" Hash="6A784D45517142C11D5CCA3FF9956B2ED6EAF4C9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_69" FriendlyName="gameink.sys Hash Sha1" Hash="4E5E719362CD48BB323803C1D00AFDE11D4B9D4C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_70" FriendlyName="b.sys Hash Sha1" Hash="FD8A340CD071BC98E6EEAC9BBD4AC8A78688BC17"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_71" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_72" FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="81.sys Hash Sha256" Hash="B430D3A0BDB837A5D6625D3B1CEF07ABD1953F969869FF6CF7BA398AE605431A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="b4.sys Hash Sha256" Hash="DEC8A933DBA04463ED9BB7D53338FF87F2C23CFB79E0E988449FC631252C9DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="bw.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="bwrs.sys Hash Sha256" Hash="221DFBC74BBB255B0879360CCC71A74B756B2E0F16E9386B38A9CE9D4E2E34F9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_18" FriendlyName="bwrsh.sys Hash Sha256" Hash="37DDE6BD8A7A36111C3AC57E0AC20BBB93CE3374D0852BCACC9A2C8C8C30079E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_19" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_20" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="DDD83AF2E99C2E51F2BBBB5A1FAADF9F2DDBC3E39B086935621D6846A8530D76"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_21" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="E6D0C06DEB74F0448391F2C14A08D5C1B7D263DC444ACC5C1CF57ACFE82DA6BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_22" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_23" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C174566743B47AE3C3BBB9F32D2856DE5959E06EC100B648853058EEFCDA43FA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_24" FriendlyName="TGSafe.sys Hash Sha256" Hash="3A95CC82173032B82A0FFC7D2E438DF64C13BC16B4574214C9FE3BE37250925E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_25" FriendlyName="BlackBoneDrv10.sys Hash Sha256" Hash="0BB5F2EAACD64398A66D73D4617AA0C1209D483FAFCBE99E4E12CA6C024DB2EC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_26" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="13B82D81D6EAC1A8B2E4655504DABECBD70673CDF45C244702A02F3397FDFF9A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_27" FriendlyName="gameink.sys Hash Sha256" Hash="8168304169A2453C0C3E0A285C2A07D3B3B83433E0342F6B33400C371AF86221"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_28" FriendlyName="windows-xp-64.sys Hash Sha256" Hash="DFAEFD06B680F9EA837E7815FC1CC7D1F4CC375641AC850667AB20739F46AD22"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_29" FriendlyName="windows8-10-32.sys Hash Sha256" Hash="5B9623DA9BA8E5C80C49473F40FFE7AD315DCADFFC3230AFDC9D9226D60A715A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_30" FriendlyName="kbdcap64.sys Hash Sha256" Hash="72B99147839BCFB062D29014EC09FE20A8F261748B5925B00171EF3CB849A4C1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_31" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="0391107305D76EB9DDF1A5B3B3C50DA361E8AB35B573DBD19BF9383436B9303E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_32" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_33" FriendlyName="d.sys Hash Sha256" Hash="0289FE12E675101CEE03934C1AF5CB73069A12170A88BD051E31A292B97F701B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_34" FriendlyName="b3.sys Hash Sha256" Hash="708016FBE22C813A251098F8F992B177B476BD1BBC48C2ED4A122FF74910A965"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_35" FriendlyName="2.sys Hash Sha256" Hash="9385E4CDABD0AEE2670FB756598EA977161F45B71687ECB9E43533081629F661"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_36" FriendlyName="b1.sys Hash Sha256" Hash="A3E507E713F11901017FC328186AE98E23DE7CEA5594687480229F77D45848D8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_37" FriendlyName="My.sys Hash Sha256" Hash="D25904FBF907E19F366D54962FF543D9F53B8FDFD2416C8B9796B6A8DD430E26"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_38" FriendlyName="Black.sys Hash Sha256" Hash="D5562FB90B0B3DEB633AB335BCBD82CE10953466A428B3F27CB5B226B453EAF3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_39" FriendlyName="WYProxy32.sys Hash Sha256" Hash="DE6BF572D39E2611773E7A01F0388F84FB25DA6CBA2F1F8B9B36FFBA467DE6FA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_40" FriendlyName="WYProxy64.sys Hash Sha256" Hash="FAFA1BB36F0AC34B762A10E9F327DCAB2152A6D0B16A19697362D49A31E7F566"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_41" FriendlyName="Proxy64.sys Hash Sha256" Hash="C60FCFF9C8E5243BBB22EC94618B9DCB02C59BB49B90C04D7D6AB3EBBD58DC3A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_42" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="BFCFFC82A564A2ADCD3522CD78CDF83795B6212F787230A5EA6B7EFB9F232784"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_43" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="350E15BF24DCFDC052DB117718329A03E930C17AC8C835E51D001E74BAD784E4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_44" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="DF4E25990742FC8D3AED70F6CB4D402E111E7ED08FA5F76ACA685B8C03B98B93"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_45" FriendlyName="ni.sys Hash Sha256" Hash="AE79E760C739D6214C1E314728A78A6CB6060CCE206FDE2440A69735D639A0A2"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_46" FriendlyName="d4.sys Hash Sha256" Hash="823DA894B2C73FFCD39E77366B6F1ABF0AE9604D9B20140A54E6D55053AADEBA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_47" FriendlyName="d2.sys Hash Sha256" Hash="CB57F3A7FE9E1F8E63332C563B0A319B26C944BE839EABC03E9A3277756BA612"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_48" FriendlyName="t.sys Hash Sha256" Hash="146D77E80CA70EA5CB17BFC9A5CEA92334F809CBDC87A51C2D10B8579A4B9C88"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_49" FriendlyName="1.sys Hash Sha256" Hash="64F9E664BC6D4B8F5F68616DD50AE819C3E60452EFD5E589D6604B9356841B57"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_50" FriendlyName="cpupress.sys Hash Sha256" Hash="FCDFE570E6DC6E768EF75138033D9961F78045ADCA53BEB6FDB520F6417E0DF1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_51" FriendlyName="gameink.sys Hash Sha256" Hash="E9B433A33DC72EB2622947B41F01D04A48CD71BEAC775A88F3F1E4C838090EE8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_52" FriendlyName="NetFlt.sys Hash Sha256" Hash="F8886A9C759E0426E08D55E410B02C5B05AF3C287B15970175E4874316FFAF13"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_53" FriendlyName="ProtectS.sys Hash Sha256" Hash="9D58F640C7295952B71BDCB456CAE37213BACCDCD3032C1E3AEB54E79081F395"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_54" FriendlyName="ProtectS.sys Hash Sha256" Hash="4A9093E8DBCB867E1B97A0A67CE99A8511900658F5201C34FFB8035881F2DBBE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_55" FriendlyName="GameTerSafe.sys Hash Sha256" Hash="3E9B62D2EA2BE50A2DA670746C4DBE807DB9601980AF3A1014BCD72D0248D84C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_56" FriendlyName="Lurker.sys Hash Sha256" Hash="0FD2DF82341BF5EBB8A53682E60D08978100C01ACB0BED7B6CE2876ADA80F670"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_57" FriendlyName="TestBone.sys Hash Sha256" Hash="0DE4247E72D378713BCF22D5C5D3874D079203BB4364E25F67A90D5570BDCCE8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_58" FriendlyName="Proxy32.sys Hash Sha256" Hash="49ED27460730B62403C1D2E4930573121AB0C86C442854BC0A62415CA445A810"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_59" FriendlyName="t7.sys Hash Sha256" Hash="BE03E9541F56AC6ED1E81407DCD7CC85C0FFC538C3C2C2C8A9C747EDBCF13100"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_60" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_61" FriendlyName="t8.sys Hash Sha256" Hash="258359A7FA3D975620C9810DAB3A6493972876A024135FEAF3AC8482179B2E79"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_62" FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_63" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_64" FriendlyName="t3.sys Hash Sha256" Hash="4CFF6E53430B81ECC4FAE453E59A0353BCFE73DD5780ABFC35F299C16A97998E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_65" FriendlyName="windows7-32.sys Hash Sha256" Hash="4941C4298F4560FC1E59D0F16F84BAB5C060793700B82BE2FD7C63735F1657A8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_66" FriendlyName="NetProxyDriver.sys Hash Sha256" Hash="8111085022BDA87E5F6AA4C195E743CC6DD6A3A6D41ADD475D267DC6B105A69F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_67" FriendlyName="c.sys Hash Sha256" Hash="CC383AD11E9D06047A1558ED343F389492DA3AC2B84B71462AEE502A2FA616C8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_68" FriendlyName="gameink.sys Hash Sha256" Hash="E94E8A87459DB56837D1C58F9854794AA99F36566A9DED9B398BE9D4D3A2C2AF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_69" FriendlyName="gameink.sys Hash Sha256" Hash="44A0599DEFEA351314663582DBC61069B3A095A4DDAD571BB17DD0D8B21E7FF2"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_70" FriendlyName="b.sys Hash Sha256" Hash="84DF20B1D9D87E305C92E5FFAE21B10B325609D59D835A954DBD8750EF5DABF4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_71" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_72" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
+    <Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" />
+    <Deny ID="ID_DENY_AMP" FriendlyName="System Mechanic CVE-2018-5701" FileName="amp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="5.4.11.1" />
+    <Deny ID="ID_DENY_ASMMAP" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_ASMMAP_64" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_PHYMEMX_64" FriendlyName="Phymemx64 Memory Mapping Driver" FileName="phymemx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_DBK_32" FriendlyName="Cheat Engine Driver" FileName="dbk32.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_DBK_64" FriendlyName="Cheat Engine Driver" FileName="dbk64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_AMD_RYZEN" FriendlyName="amdryzenmaster.sys" FileName="AMDRyzenMasterDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.5.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_AMDPP" FriendlyName="AMDPowerProfiler.sys FileAttribute" FileName="AMDPowerProfiler.sys" MinimumFileVersion="6.1.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_ATSZIO" FriendlyName="ATSZIO.sys FileAttribute" FileName="ATSZIO.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
+    <FileAttrib ID="ID_FILEATTRIB_BS_HWMIO64" FriendlyName="" FileName="BS_HWMIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2200" />
+    <FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
+	<FileAttrib ID="ID_FILEATTRIB_BS_RCIO" FriendlyName="BS_RCIO.sys FileAttribute" FileName="BS_RCIO64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.0.1" />
+    <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
+    <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
+    <FileAttrib ID="ID_FILEATTRIB_HPPORTIOX64" FriendlyName="HpPortIox64.sys" FileName="HpPortIox64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.2.0.9" />
+    <FileAttrib ID="ID_FILEATTRIB_IQVW64" FriendlyName="IQVW64.sys FileAttribute" FileName="iQVW64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.4.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_KEVP64" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_LHA" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_MTCBSV64" FriendlyName="mtcBSv64.sys FileAttribute" FileName="mtcBSv64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.2.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
+	<FileAttrib ID="ID_FILEATTRIB_NCPL_DRIVER" FriendlyName="" FileName="NCPL.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NICM_DRIVER" FriendlyName="" FileName="NICM.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NSCM_DRIVER" FriendlyName="" FileName="nscm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_PHYSMEM" FriendlyName="Physmem.sys FileAttribute" FileName="physmem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIO_DRIVER" FriendlyName="" FileName="rtkio.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIO64_DRIVER" FriendlyName="" FileName="rtkio64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" FriendlyName="" FileName="rtkiow8x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" FriendlyName="" FileName="rtkiow10x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RWDRV_DRIVER" FriendlyName="" FileName="RwDrv.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_SANDRA" FriendlyName="" FileName="SANDRA" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_SANDRA_DRIVER" FriendlyName="" FileName="sandra.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_SEGWINDRVX64" FriendlyName="segwindrvx64.sys FileAttribute" FileName="segwindrvx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="100.0.7.2" />
+    <FileAttrib ID="ID_FILEATTRIB_TREND_MICRO" FriendlyName="TmComm.sys" FileName="TmComm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.0.0.0" />
+	<FileAttrib ID="ID_FILEATTRIB_VBOX" FriendlyName="VBoxDrv.sys FileAttribute" FileName="VBoxDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_VIRAGT" FriendlyName="viragt.sys 32-bit" FileName="viragt.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.80.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_VIRAGT64" FriendlyName="viragt64.sys" FileName="viragt64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.11" />
+    <FileAttrib ID="ID_FILEATTRIB_VMDRV" FriendlyName="vmdrv.sys FileAttribute" FileName="vmdrv.sys" MinimumFileVersion="10.0.10011.16384" />
+    <FileAttrib ID="ID_FILEATTRIB_WINRING0" FriendlyName="WinRing0.sys" FileName="WinRing0.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
+  </FileRules>
+  <!--Signers-->
+  <Signers>
+    <Signer ID="ID_SIGNER_VERISIGN_2010" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_KEVP64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RWDRV_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2010_2" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+    </Signer>
+    <Signer ID="ID_SIGNER_CAPCOM" Name="Symantec Class 3 SHA256 Code Signing CA">
+      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
+      <CertPublisher Value="CAPCOM Co.,Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_CHEAT_ENGINE" Name="Microsoft Windows Third Party Component CA 2014 Cheat Engine OPUS">
+      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
+      <CertOemID Value="Cheat Engine"/>
+    </Signer>
+    <Signer ID="ID_SIGNER_ENE" Name="Microsoft Windows Third Party Component CA 2014 ENE Tech OPUS">
+      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
+      <CertOemID Value="ENE Technology Inc." />
+    </Signer>
+    <Signer ID="ID_SIGNER_DIGICERT_EV" Name="DigiCert EV Code Signing CA (SHA2)">
+      <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ELBY" Name="GlobalSign Primary Object Publishing CA">
+      <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
+      <CertPublisher Value="Elaborate Bytes AG" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ELBY_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SANDRA" Name="GeoTrust TrustCenter CodeSigning CA I">
+      <CertRoot Type="TBS" Value="172F39BCA3DDA7C6D5169C96B34A5FE7E96FF0BD" />
+      <CertPublisher Value="SiSoftware Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SANDRA_THAWTE" Name="Thawte Code Signing CA">
+      <CertRoot Type="TBS" Value="F6297A00D3B2B4CE4750402B66E7EA018D54F683" />
+      <CertPublisher Value="SiSoftware Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_MIMIKATZ_KERNEL" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="Benjamin Delpy" />
+    </Signer>
+    <Signer ID="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="F6CAE0B028995EB13B1C2CCE5B5107384AB7C77279AE5560933E345061D99CC0" />
+      <CertPublisher Value="Benjamin Delpy" />
+    </Signer>
+    <Signer ID="ID_SIGNER_MIMIKATZ_USER" Name="Certum Code Signing CA SHA2">
+      <CertRoot Type="TBS" Value="F7B6EEB3A567223000A61F68C53B458193557C17E5D512D2825BCB13E5FC9BE5" />
+      <CertPublisher Value="Open Source Developer, Benjamin Delpy" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SPEEDFAN" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="Sokno S.R.L." />
+    </Signer>
+    <Signer ID="ID_SIGNER_RWEVERY" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="ChongKim Chan" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VBOX" Name="GlobalSign Primary Object Publishing CA">
+      <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
+      <CertPublisher Value="innotek GmbH" />
+    </Signer>
+	<Signer ID="ID_SIGNER_VBOX_ORCALE" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Oracle Corporation" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VBOX" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VBOX_SUN" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="Sun Microsystems, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VBOX" />
+    </Signer>
+    <Signer ID="ID_SIGNER_REALTEK" Name="DigiCert EV Code Signing CA">
+      <CertRoot Type="TBS" Value="2D54C16A8F8B69CCDEA48D0603C132F547A5CF75" />
+      <CertPublisher Value="Realtek Semiconductor Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2009_REALTEK" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <CertPublisher Value="Realtek Semiconductor Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2012" Name="Microsoft Windows Third Party Component CA 2012">
+      <CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
+      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
+    </Signer>
+    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2014" Name="Microsoft Windows Third Party Component CA 2014">
+      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
+      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_BS_RCIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
+    </Signer>
+   <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2010" Name="Microsoft Third Party Component Windows PCA 2010">
+      <CertRoot Type="TBS" Value="90C9669670E75989159E6EEF69625EB6AD17CBA6209ED56F5665D55450A05212" />
+      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2004_BIOSTAR" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2009_BIOSTAR" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2010_BIOSTAR" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_G2_MICROSTAR" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="MICRO-STAR INTERNATIONAL CO., LTD." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NTIOLIB" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_TOSHIBA" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="TOSHIBA CORPORATION" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_NOVELL" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Novell, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_MICROSTAR" Name="GlobalSign Primary Object Publishing CA">
+      <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
+      <CertPublisher Value="Micro-Star Int'l Co. Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NTIOLIB" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_INSYDE" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Insyde Software Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SEGWINDRVX64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SYMANTEC_CLASS_3" Name="Symantec Class 3 SHA256 Code Signing CA">
+      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_AMD" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Advanced Micro Devices, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_TG_SOFT" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="TG Soft S.a.s. Di Tonello Gianfranco e C." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_TG_SOFT" Name="GlobalSign CodeSigning CA - G3">
+      <CertRoot Type="TBS" Value="F478F0E790D5C8EC6056A3AB2567404A991D2837" />
+      <CertPublisher Value="TG Soft di Tonello Gianfranco ed Enrico S.r.l." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HP" Name="DigiCert SHA2 Assured ID Code Signing CA">
+      <CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
+      <CertPublisher Value="HP Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GETAC" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
+      <CertPublisher Value="Getac Technology Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_CHEAT_ENGINE" Name="GlobalSign CA Cheat Engine Publisher">
+      <CertRoot Type="TBS" Value="BD1765C56594221373893EF26D97F88C144FB0E5A0111215B45D7239C3444DF7" />
+      <CertPublisher Value="Cheat Engine" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_G2_CHEAT_ENGINE" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="Cheat Engine" />
+    </Signer>
+    <Signer ID="ID_SIGNER_PHYSMEM" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="Hilscher Gesellschaft fuer Systemautomation mbH" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PHYSMEM" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VMDRV" Name="DigiCert EV Code Signing CA (SHA2)">
+      <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
+      <CertPublisher Value="Voicemod Sociedad Limitada" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
+    </Signer>
+    <Signer ID="ID_SIGNER_INTEL_IQVW" Name="Intel External Basic Policy CA">
+      <CertRoot Type="TBS" Value="53B052BA209C525233293274854B264BC0F68B73" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_COMODO_IQVW" Name="COMODO RSA Certification Authority">
+      <CertRoot Type="TBS" Value="7CE102D63C57CB48F80A65D1A5E9B350A7A618482AA5A36775323CA933DDFCB00DEF83796A6340DEC5EBF7596CFD8E5D" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_AMDPP" Name="USERTrust RSA Certification Authority">
+      <CertRoot Type="TBS" Value="13BAA039635F1C5292A8C2F36AAE7E1D25C025202E9092F5B0F53F5F752DFA9C71B3D1B8D9A6358FCEE6EC75622FABF9" />
+      <CertPublisher Value="Advanced Micro Devices Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2009" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
+      <CertRoot Type="TBS" Value="d70edfa009a76bd8250d74e9ee92eb9ead7d4cb3" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2010" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
+      <CertRoot Type="TBS" Value="e5ba2abbd1dc89f143a66a3cdcda26d968758e2d" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HANDAN" Name="Handan City Congtai District LiKang  Daily Goods Department">
+      <CertRoot Type="TBS" Value="cccae21fbc083f5d1af6997bb3f29ed9915e7324" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NANJING" Name="Nanjing Zhixiao Information Technology Co.,Ltd">
+      <CertRoot Type="TBS" Value="f5e1c4d98f9ce552ead3776c16f3ad91fe5f3984" />
+    </Signer>
+    <Signer ID="ID_SIGNER_TRUST_ASIA" Name="上海域联软件技术有限公司">
+      <CertRoot Type="TBS" Value="232a71b4d1734eac2cfc6ea554c86de34f9f8b72" />
+    </Signer>
+    <Signer ID="ID_SIGNER_JEROMIN_CODY_ERIC" Name="Jeromin Cody Eric">
+      <CertRoot Type="TBS" Value="dfa6171201b51a2ec174310e8fb9f4c0fde2d365235e589ded0213c5279bea6e" />
+    </Signer>
+	<Signer ID="ID_SIGNER_SAASAME" Name="SaaSaMe Ltd.">
+      <CertRoot Type="TBS" Value="A86DE66D8198E4272859881476A6F9936034A482" />
+    </Signer>
+	<Signer ID="ID_SIGNER_NVIDIA_2011" Name="Leaked 2011 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="15C37DBEBE6FCC77108E3D7AD982676D3D5E77F7" />
+    </Signer>
+	<Signer ID="ID_SIGNER_NVIDIA_2015" Name="Leaked 2015 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="F049A238763D4A90B148AB10A500F96EBF1DC436" />
+    </Signer>
+	<Signer ID="ID_SIGNER_HERMETICWIPER_1" Name="DigiCert Assured ID Code Signing CA-1">
+      <CertRoot Type="TBS" Value="47F4B9898631773231B32844EC0D49990AC4EB1E" />
+      <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_HERMETICWIPER_2" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
+      <CertPublisher Value="Chengdu Yiwo Tech Development Co., Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_HERMETICWIPER_3" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_HERMETICWIPER_4" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
+    </Signer>
+  </Signers>
+  <!--Driver Signing Scenarios-->
+  <SigningScenarios>
+    <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DENIED_VULN_MAL_SIGNERS" FriendlyName="Signers of known vulnerable or malicious drivers">
+      <ProductSigners>
+        <DeniedSigners>
+          <DeniedSigner SignerId="ID_SIGNER_AMDPP" />
+          <DeniedSigner SignerId="ID_SIGNER_CAPCOM" />
+          <DeniedSigner SignerId="ID_SIGNER_CHEAT_ENGINE" /> 
+          <DeniedSigner SignerId="ID_SIGNER_COMODO_IQVW" /> 
+          <DeniedSigner SignerId="ID_SIGNER_ELBY" />
+          <DeniedSigner SignerId="ID_SIGNER_ENE" />
+          <DeniedSigner SignerId="ID_SIGNER_DIGICERT_EV" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2009" />
+          <DeniedSigner SignerId="ID_SIGNER_GETAC" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_CHEAT_ENGINE" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_G2_CHEAT_ENGINE" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_G2_MICROSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_MICROSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_TG_SOFT" />
+          <DeniedSigner SignerId="ID_SIGNER_HANDAN" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_1" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_2" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_3" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_4" />
+          <DeniedSigner SignerId="ID_SIGNER_HP" /> 
+          <DeniedSigner SignerId="ID_SIGNER_INTEL_IQVW" />
+          <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
+          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL" />
+          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" />
+          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_USER" />
+          <DeniedSigner SignerId="ID_SIGNER_NANJING" />
+		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2011" />
+		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2015" />
+          <DeniedSigner SignerId="ID_SIGNER_PHYSMEM" />
+          <DeniedSigner SignerId="ID_SIGNER_REALTEK" />
+          <DeniedSigner SignerId="ID_SIGNER_RWEVERY" />
+		  <DeniedSigner SignerId="ID_SIGNER_SAASAME" />
+          <DeniedSigner SignerId="ID_SIGNER_SANDRA" />
+          <DeniedSigner SignerId="ID_SIGNER_SANDRA_THAWTE" />
+          <DeniedSigner SignerId="ID_SIGNER_SPEEDFAN" />
+          <DeniedSigner SignerId="ID_SIGNER_SYMANTEC_CLASS_3" />
+          <DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
+          <DeniedSigner SignerId="ID_SIGNER_VBOX" />
+		  <DeniedSigner SignerId="ID_SIGNER_VBOX_ORCALE" />
+		  <DeniedSigner SignerId="ID_SIGNER_VBOX_SUN" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004_BIOSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009_BIOSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009_REALTEK" /> 
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2010" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2010_2" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2010_BIOSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_AMD" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_INSYDE" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_NOVELL" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TG_SOFT" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TOSHIBA" />
+          <DeniedSigner SignerId="ID_SIGNER_VMDRV" />
+          <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2010" />
+          <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2012" />
+          <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2014" />
+        </DeniedSigners>
+        <FileRulesRef>
+          <FileRuleRef RuleID="ID_ALLOW_ALL_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256_PAGE" />
+		  <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GDRV" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256C" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_12" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_13" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_14" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_15" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_16" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_17" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_18" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_19" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1C" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1D" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1E" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1F" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_20" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_21" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_22" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_23" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_24" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_25" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_26" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_27" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_28" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_29" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2C" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2D" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2E" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2F" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_30" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_31" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_32" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_33" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_34" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_35" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_36" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_37" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_38" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_39" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_3A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_3B" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_1" /> 		
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_PAGE_1" /> 	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_PAGE_1" />	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_2" />		
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_PAGE_2" /> 	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_PAGE_2" />	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_3" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_3" />		
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_4" />	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_4" />		
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINRING0_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_WINRING0_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_WINRING0_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINRING0_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_38"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_39"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_40"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_41"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_42"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_43"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_44"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_45"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_46"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_47"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_48"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_49"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_50"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_51"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_52"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_53"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_54"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_55"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_56"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_57"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_58"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_59"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_60"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_61"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_62"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_63"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_64"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_65"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_66"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_67"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_68"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_69"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_70"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_71"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_72"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_38"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_39"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_40"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_41"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_42"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_43"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_44"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_45"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_46"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_47"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_48"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_49"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_50"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_51"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_52"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_53"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_54"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_55"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_56"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_57"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_58"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_59"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_60"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_61"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_62"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_63"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_64"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_65"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_66"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_67"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_68"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_69"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_70"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_71"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_72"/>
+          <FileRuleRef RuleID="ID_DENY_PROCESSHACKER"/>
+          <FileRuleRef RuleID="ID_DENY_AMP"/>
+          <FileRuleRef RuleID="ID_DENY_ASMMAP"/>
+          <FileRuleRef RuleID="ID_DENY_ASMMAP_64"/> 
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX_64"/>
+          <FileRuleRef RuleID="ID_DENY_DBK_32"/>
+          <FileRuleRef RuleID="ID_DENY_DBK_64"/>
+		  </FileRulesRef>
+      </ProductSigners>
+    </SigningScenario>
+    <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="">
+      <ProductSigners>
+        <FileRulesRef>
+          <FileRuleRef RuleID="ID_ALLOW_ALL_2" />
+        </FileRulesRef>
+      </ProductSigners>
+    </SigningScenario>
+  </SigningScenarios>
+  <UpdatePolicySigners />
+  <CiSigners />
+  <HvciOptions>0</HvciOptions>
+  <Settings>
+    <Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
+      <Value>
+        <String>Microsoft Windows Driver Policy</String>
+      </Value>
+    </Setting>
+    <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
+      <Value>
+        <String>10.0.25000.0</String>
+      </Value>
+    </Setting>
+  </Settings>
+</SiPolicy>
+```
+<br />
+
+
+## More information
+
+- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index d078c538f5..94be9da4e5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -141,6 +141,9 @@ You can also use the following macros when the exact volume may vary: `%OSDRIVE%
 > [!NOTE]
 > For others to better understand the WDAC policies that has been deployed, we recommend maintaining separate ALLOW and DENY policies on Windows 10, version 1903 and later.
 
+> [!NOTE]
+> There is currently a bug where MSIs cannot be allow listed in file path rules. MSIs must be allow listed using other rule types, for example, publisher rules or file attribute rules.
+
 ## More information about hashes
 
 ### Why does scan create four hash rules per XML file?
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 578058661d..f99d35706c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -108,4 +108,4 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
 9. Validate the signed file. When complete, the commands should output a signed policy file called {PolicyID}.cip to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md).
 
 > [!NOTE]
-> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. 
+> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. 
\ No newline at end of file