@muratk5n https://www.pcmag.com/news/why-did-crowdstrike-update-only-hit-windows-blame-the-eu-microsoft-says

> As Microsoft's Chief Communications Officer, Frank X. Shaw, noted on X, a 2009 agreement between the European Commission and Microsoft required Redmond to give security software the same level of access to Windows as Microsoft itself.

By definition, the kernel does not run in a sandbox.

If you’re giving third party apps the same access as Windows, they can crash Windows.