• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

[Update] FanControl (and other different monitoring software) blocked by Defender due to Winring0 vulnerability

Chomiq

Chomiq

Joined
Feb 23, 2019
Messages
6,460 (2.84/day)
Location
Poland
System Specs
Processor Ryzen 7 5800X3D
Motherboard Gigabyte X570 Aorus Elite
Cooling Thermalright Phantom Spirit 120 SE
Memory 2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3600 CL14
Video Card(s) RTX3080 Ti FE
Storage SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s) LG 34GN850P-B
Case SilverStone Primera PM01 RGB
Audio Device(s) SoundBlaster G6 | Fidelio X2 | Sennheiser 6XX
Power Supply SeaSonic Focus Plus Gold 750W
Mouse Endgame Gear XM1R
Keyboard Wooting Two HE
github.com

FanControl tracked as virus by Windows Defender - HackTool:Win32/Winring0 · Issue #3016 · Rem0o/FanControl.Releases

If you are experiencing a crash Link the relevant/associated Windows EventViewer logs, and also FanControl's own log.txt. The R0FanControl service failed to start due to the following error: Operat...
github.com github.com

Looks like a bunch of other monitoring software got affected by this after the latest Defender definition update.

Some detailed explanation:
https://www.reddit.com/r/FanControl/comments/1j93doq

So far confirmed for:
- FanControl
- Steelseries GG
- PBO2 Tuner
- Gigabyte Aurora and RGBFusion software
- Open Hardware Monitor
- Sidebar Diagnostics

Update:
Checked after work, it looks like MS has run some sort of background definition update and Defender is no longer flagging this as malicious. Here's hoping FanControl dev will actually work on switching to alternative library that doesn't use the unsigned driver.

Update 2:
1741795880988.png
 
Last edited:
Small nitpick but I believe WinRing0 IS a signed driver, just a vulnerable-to-exploit one precisely because it accesses low level hardware in ring0. Microsoft kinda frowns upon that as of late.
 
First off, as a computer scientist it pains me to see people's knee jerk reaction is to override their operating system's security systems. It's there to protect you, yes it can make mistakes, but you should generally wait for an official response or similar understanding and you shouldn't do it blindly. Your security means nothing if you override your security when it's inconvenient.

It's kind of like taking the carbon monoxide alarm off the wall because you don't like that it's beeping super loudly.
Click to expand...
Having this "pet peeve" and surfing tech forums/reddits is just begging for an aneurysm.

R-T-B said:
Small nitpick but I believe WinRing0 IS a signed driver, just a vulnerable-to-exploit one precisely because it accesses low level hardware in ring0. Microsoft kinda frowns upon that as of late.
Click to expand...
Abstraction can be good. But abstraction without providing safe ways for controlled access under the hood to what should be accessible is just asking for people to start digging (most of the time their own graves).

Funny how, after years of strapping LEDs to everything within the 3m radius of a computer, no one figured perhaps they should have a standard way of accessing these things without *checks notes* giving everyone read/write access to the entire bloody memory!
:laugh:
 
You must log in or register to reply here.
Back
Top