Case in point: After years of fruitlessly asking AV companies to stop injecting shoddy patches into their kernel, Microsoft eventually gave up and added active countermeasures which deliberately trigger a kernel panic if certain structures are tampered with. That gave AV vendors the "encouragement" required to move to the sanctioned APIs.

https://en.wikipedia.org/wiki/Kernel_Patch_Protection