Bypass AV for Authorized Testing

When developing drivers or low-level tools, antivirus may block or quarantine them. This post describes how to work with AV in an authorized testing or development context without violating terms of service.

Whitelisting and Exclusions

Use vendor-specific exclusion lists, code signing, and submission to VirusTotal/AV vendors for false-positive review. Document hashes and signers for your build pipeline.

Driver Signing

Signed drivers (EV or attestation) are less likely to be flagged. We discuss the driver development and signing workflow and how it reduces “bypass AV” needs in practice.

Responsible Disclosure

Any bypass research should be shared with vendors first and only used in environments you are authorized to test.