Sophos CEO Joe Levy recently attended a Microsoft-hosted summit where executives from top endpoint security vendors, including CrowdStrike, discussed the future of interactions between EDR tools and the Windows kernel. During the summit, Microsoft made it clear that it does not intend to restrict access to the kernel, despite the recent CrowdStrike-caused outage. Levy believes this will lead to the endpoint community rethinking the amount and complexity of code they introduce into their kernel drivers.