Well, another one bit the dust but this time is more related to a third party security product – ThreatLocker (Enterprise Cybersecurity Solutions | ThreatLocker) – wrongly blocking DLL’s patched with Hotpatch.
If you have read my previous post (Intune / Windows ARM – Issue with May 2025 Patch Tuesday on ARM devices) about Hotpatch and ARM devices with the May 2025 release, this is is a bit similar but impacting all devices with ThreatLocker agent installed.
The agent is automatically blocking all DLL’s patched with Hotpatch (they usually are called xxx_hotpatch.dll).
At first your screen seems to be unusable – close to full black screen but if you have have a touch screen, you can confirm it is up and running, just not displaying anything.
This is due to the DLL related displaying interface being blocked by ThreatLocker.
Then you may have additional issue with prompt from the ThreatLocker agent telling you XXX has been blocked or requesting for elevation of privilege.
The temporary solution while ThreatLocker is working on it is either to make the device in learning mode or monitor every DLL request to approve them.
Once done, the device is going to be back to normal relatively quickly.