[mwhitfield]

The headline, as always, is disingenuous. They were asked why they couldn't lock third parties out of this level of unprotected system access, and said that the 2009 ruling prevented them from doing so. Which is simply factually correct.

[redprince]

While that is correct they could at any point in the last 15 years have implemented an API for security software which does not require to load executable code into kernel space. Kind of like Apple did: https://developer.apple.com/documentation/endpointsecurity

Then Microsoft would have proceeded to only use this documented user land API themselves for their own Defender product and thus have no undocumented API or access advantage over other security software. The EU ruling only cares about a level playing field and not about the implementation details.