Driver-Focused Trust

Keystone: Kernel driver inventory and known-risk checks

Why Kernel Drivers Matter

Kernel drivers operate at the highest privilege level in Windows. They are a common leverage point for bypassing game anti-cheat systems. Vera inventories loaded drivers and checks them against known-risk lists.

BYOVD: Bring Your Own Vulnerable Driver

Attackers often exploit legitimate but vulnerable signed drivers to gain kernel access. Vera tracks known-risk drivers that have been abused in bypass ecosystems.

What Vera Does

• Inventories all loaded kernel drivers during sessions

• Checks driver signing and publisher information

• Compares against curated known-risk driver catalog

• Reports matches as high-confidence findings

What Vera Does NOT Do

• Does not install kernel anti-cheat or monitoring

• Does not block or interfere with drivers

• Does not provide verdicts — only evidence

• Does not guarantee detection of all bypass methods

Evidence Levels

Driver presence is 'Observed' (captured directly). Known-risk matches are 'Correlated' (derived from catalog rules). Both require human review and context.

Conservative Language

Vera uses terms like 'risk indicator', 'requires review', and 'not a verdict'. Driver matches are flags for investigation, not accusations.

← Game Sessions Trust Model →