But always try the reboot first. In the world of kernel drivers, it is rarely a placebo.
Open regedit , navigate to: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager Look for a multi-string value named PendingFileRenameOperations . If it contains references to WinDivert.sys , you can delete the entire value (not the key). Reboot immediately after. Exclude the WinDivert installer and C:\Windows\System32\drivers\WinDivert.sys from real-time scanning. Install, then re-enable. When to Avoid Reboot (The Exception) In rare, time-sensitive scenarios—such as a live digital forensics capture or an uptime-critical server—a reboot might be impossible. In these cases, an alternative is to use a different packet capture driver (like the older NPF from WinPcap) or to run the application requiring WinDivert in a lightweight VM where you can freely reboot the guest OS. Neither is ideal, but both avoid breaking uptime. Conclusion The message "WinDivert driver cannot be installed. You must restart your computer" is Windows’ way of saying: “The state required to safely load this driver is corrupted or locked in the current session.” For most users, a single restart is the fastest, safest resolution—not a deferral of the problem, but a deliberate reset of the driver ecosystem. But always try the reboot first
In this zombie state, Windows refuses to load a new instance—even of the same version—because the kernel considers the driver name and service already "in use." If it contains references to WinDivert
This is a detailed technical piece on the error message: "WinDivert driver cannot be installed. You must restart your computer." For users of network analysis tools, VPN clients, packet sniffers, and gaming proxies, the Windows Divert (WinDivert) driver is a silent workhorse. It allows user-mode applications to capture, modify, and re-inject network packets from the Windows network stack—a capability essential for software like Npcap , Windscribe , Proxifier , and various penetration testing suites. Install, then re-enable