Driver-Focused Trust
Keystone: Kernel driver inventory and known-risk checks
Why Kernel Drivers Matter
Kernel drivers operate at the highest privilege level in Windows. They are a common leverage point for bypassing game anti-cheat systems. Vera inventories loaded drivers and checks them against known-risk lists.
BYOVD: Bring Your Own Vulnerable Driver
Attackers often exploit legitimate but vulnerable signed drivers to gain kernel access. Vera tracks known-risk drivers that have been abused in bypass ecosystems.
What Vera Does
Inventories all loaded kernel drivers during sessions
Checks driver signing and publisher information
Compares against curated known-risk driver catalog
Flags known-risk drivers with evidence links
What Vera Does NOT Do
Does not install kernel anti-cheat or monitoring
Does not block or interfere with drivers
Does not provide verdicts, only evidence
Does not guarantee detection of all bypass methods
Evidence Levels
Driver presence is 'Observed' (captured directly). Known-risk matches are 'Correlated' (derived from catalog rules). Both require human review and context.
Conservative Language
Vera uses terms like 'risk indicator', 'requires review', and 'not a verdict'. Driver matches are flags for investigation, not accusations.