• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

[Update] FanControl (and other different monitoring software) blocked by Defender due to Winring0 vulnerability

Chomiq

Chomiq

Joined
Feb 23, 2019
Messages
6,406 (2.85/day)
Location
Poland
System Specs
Processor Ryzen 7 5800X3D
Motherboard Gigabyte X570 Aorus Elite
Cooling Thermalright Phantom Spirit 120 SE
Memory 2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3600 CL14
Video Card(s) RTX3080 Ti FE
Storage SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s) LG 34GN850P-B
Case SilverStone Primera PM01 RGB
Audio Device(s) SoundBlaster G6 | Fidelio X2 | Sennheiser 6XX
Power Supply SeaSonic Focus Plus Gold 750W
Mouse Endgame Gear XM1R
Keyboard Wooting Two HE
github.com

FanControl tracked as virus by Windows Defender - HackTool:Win32/Winring0 · Issue #3016 · Rem0o/FanControl.Releases

If you are experiencing a crash Link the relevant/associated Windows EventViewer logs, and also FanControl's own log.txt. The R0FanControl service failed to start due to the following error: Operat...
github.com github.com

Looks like a bunch of other monitoring software got affected by this after the latest Defender definition update.

Some detailed explanation:
https://www.reddit.com/r/FanControl/comments/1j93doq
So far confirmed for:
- FanControl
- Steelseries GG
- PBO2 Tuner
- Gigabyte Aurora and RGBFusion software
- Open Hardware Monitor
- Sidebar Diagnostics

Update:
Checked after work, it looks like MS has run some sort of background definition update and Defender is no longer flagging this as malicious. Here's hoping FanControl dev will actually work on switching to alternative library that doesn't use the unsigned driver.

Update 2:
1741795880988.png
 
Last edited:
R-T-B

R-T-B

Supporter
Joined
Aug 20, 2007
Messages
22,107 (3.43/day)
Location
Olympia, WA
System Specs
System Name Pioneer
Processor Ryzen 9 9950X
Motherboard MSI MAG X670E Tomahawk Wifi
Cooling Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory 128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4000(Running 1:1:1 w/FCLK)
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64
Small nitpick but I believe WinRing0 IS a signed driver, just a vulnerable-to-exploit one precisely because it accesses low level hardware in ring0. Microsoft kinda frowns upon that as of late.
 
Shihab

Shihab

Joined
Jan 10, 2011
Messages
1,589 (0.30/day)
Location
[Formerly] Khartoum, Sudan.
System Specs
System Name 192.168.1.1~192.168.1.100
Processor AMD Ryzen5 5600G.
Motherboard Gigabyte B550m DS3H.
Cooling AMD Wraith Stealth.
Memory 16GB Crucial DDR4.
Video Card(s) Gigabyte GTX 1080 OC (Underclocked, underpowered).
Storage Samsung 980 NVME 500GB && Assortment of SSDs.
Display(s) ViewSonic VA2406-MH 75Hz
Case Bitfenix Nova Midi
Audio Device(s) On-Board.
Power Supply SeaSonic CORE GM-650.
Mouse Logitech G300s
Keyboard Kingston HyperX Alloy FPS.
VR HMD A pair of OP spectacles.
Software Ubuntu 24.04 LTS.
Benchmark Scores Me no know English. What bench mean? Bench like one sit on?
First off, as a computer scientist it pains me to see people's knee jerk reaction is to override their operating system's security systems. It's there to protect you, yes it can make mistakes, but you should generally wait for an official response or similar understanding and you shouldn't do it blindly. Your security means nothing if you override your security when it's inconvenient.

It's kind of like taking the carbon monoxide alarm off the wall because you don't like that it's beeping super loudly.
Click to expand...
Having this "pet peeve" and surfing tech forums/reddits is just begging for an aneurysm.

R-T-B said:
Small nitpick but I believe WinRing0 IS a signed driver, just a vulnerable-to-exploit one precisely because it accesses low level hardware in ring0. Microsoft kinda frowns upon that as of late.
Click to expand...
Abstraction can be good. But abstraction without providing safe ways for controlled access under the hood to what should be accessible is just asking for people to start digging (most of the time their own graves).

Funny how, after years of strapping LEDs to everything within the 3m radius of a computer, no one figured perhaps they should have a standard way of accessing these things without *checks notes* giving everyone read/write access to the entire bloody memory!
:laugh:
 
You must log in or register to reply here.
Top