Security suites like Sophos , Avast , or AVG have been known to block WinDivert because it intercepts network packets. Try temporarily disabling your antivirus or adding the application folder to your "Exclusions" list.
Windows Security features like can block WinDivert because it is a kernel-mode driver.
Since Windows 7, Microsoft has consistently tightened driver security policies. For 64-bit versions of Windows 7, 8, 8.1, and 10, the policy is clear: any driver intending to run in the kernel must be officially signed. While modern versions of WinDivert (like WinDivert64.sys ) do possess a digital signature, some older versions used by specific applications may not. Furthermore, even a valid signature may be blocked if it doesn't meet the latest EV (Extended Validation) code signing requirements, which Microsoft has mandated for Windows 11 drivers. Consequently, Windows blocks the installation and presents this error.
sc stop WinDivert sc delete WinDivert
If a previous session crashed, the WinDivert service might be stuck in a "stop-pending" or corrupted state. You need to force-delete it. Security suites like Sophos , Avast , or
Sometimes, the problem isn't a security policy but a corrupted installation. This can happen if:
Navigate to the folder where your application (e.g., Tallow) is located.
: Corrupted system files can cause driver installation loops. Run sfc /scannow in an elevated Command Prompt to repair potential errors. Manual File Removal
Install again. If it works, add your app to the antivirus exclusion list. Since Windows 7, Microsoft has consistently tightened driver
If Windows says you need a restart, it’s likely because it’s trying to overwrite a service that’s "marked for deletion." You can force this process using the command prompt: Open as an Administrator .
The error generally boils down to a conflict between the WinDivert driver and the Windows operating system, usually related to security permissions or lingering file locks. Key causes include:
This capability makes WinDivert a critical component for a wide range of powerful networking applications, including:
Tip: Some users found that manually copying WinDivert64.sys into C:\Windows\System32 resolved persistent installation errors . 4. Clean the Registry (Last Resort) Furthermore, even a valid signature may be blocked
Aggressive Anti-Cheat software (e.g., Vanguard, Easy Anti-Cheat) or third-party Antivirus suites may block WinDivert, misidentifying its packet-injection behavior as malicious.
A previous session of the app crashed, leaving a ghost instance of the driver locked in the system memory.
The lack of clear instructions or support resources from the developer is frustrating, to say the least. It's clear that the installation process needs significant improvement.
To identify which program is currently using the driver, open Task Manager , go to the Performance tab, and open Resource Monitor . In the CPU tab, search for "WinDivert" under Associated Handles to see which apps need to be closed. WinDivert not working on Windows 10 20H2 #253 - GitHub