It’s been nearly a year since a faulty CrowdStrike update took down 8.5 million Windows-based machines around the world, and Microsoft wants to ensure such a problem never happens again. After holding a summit with security vendors last year, Microsoft is poised to release a private preview of Windows changes that will move antivirus (AV) and endpoint detection and response (EDR) apps out of the Windows kernel.

The new Windows endpoint security platform is being built in cooperation with CrowdStrike, Bitdefender, ESET, Trend Micro, and many other security vendors. “We’ve had dozens of partners supply papers to us, some of them hundreds of pages long, on how they’d like it to be designed and what the requirements are,” explains David Weston, vice president of enterprise and OS security at Microsoft, in an interview with The Verge. “I’ve been really pleased with this. It’s an industry of competitors but everyone has stepped up and said we’ve got to build a platform that all of us work on.”

Microsoft is keen to stress that it’s not setting the rules and expecting everyone to immediately follow them, but instead build the rules together. “We’re not here to tell them how the API should work, we’re here to listen and provide the security and reliability,” Weston says. “I think if we’d gone out that some of our competitors and said, ‘Here it is, take it or leave it,’ that would really be a challenge.”

For decades, Microsoft has built Windows in a way that has allowed developers to deliver security software that’s deeply rooted into Windows, running at the kernel level of Windows — the core part of an operating system that has unrestricted access to system memory and hardware. The faulty CrowdStrike update last year highlighted just how easy it is for a kernel-level driver to go wrong and take down a machine, resulting in a Blue Screen of Death (BSOD).

Microsoft now has some of its most knowledgeable Windows engineers working on these security changes. “We’ve had key developers on this, some of the kernel architects of Windows and people that don’t even traditionally work in security,” Weston says. “It’s really the biggest brains of core Windows being involved and collaborating with CrowdStrike, ESET, and all those folks.”

The private preview will give security vendors a chance to request changes. Weston says he expects a few iterations until it’s ready for vendors to make the switch. It’s also not going to solve every single kernel-level driver instance straight away. “Our goal is to start with AV and EDR, but there will likely be kernel drivers for some period as we move on to the next set of use cases.”

Another big area of Windows that uses kernel-level drivers is anti-cheating engines for games. Microsoft has been speaking with game developers about how to reduce the amount of kernel usage, but it’s a more complicated use case as cheaters often have to purposefully tamper with their machine to disable protections and get cheating engines running.

“A lot of [game developers] would love to not have to maintain kernel stuff, and they are very interested in how they do that,” Weston says. “We’ve been talking about the requirements there, and I think we’ll have more to say on that in the near future.” Riot Games told me last year that it’s willing to follow potential Windows security changes and “recede from the kernel space.”

While it’s going to take Microsoft and security vendors some time to work through these Windows changes, Microsoft is confident that it will see good adoption rates because its customers are asking for changes in the wake of the CrowdStrike incident.

Microsoft is also getting ready to release a Windows update later this summer that will include a new Quick Machine Recovery feature, which is designed to quickly restore machines that can’t boot. It prompts a device to enter the Windows Recovery Environment, where the machine can access the network and provide Microsoft with diagnostic information. “We basically built the thing we’d love to have had for the incident last year,” Weston says.

The sight of a Blue Screen of Death will also be a thing of the past, too. Microsoft is now officially redesigning its BSOD so that it’s black and not blue. More on that big change here.