FanControl.Releases icon indicating copy to clipboard operation
FanControl.Releases copied to clipboard
verified publisher icon Rem0o

Windows Defender can remove FanControl.sys

Open hl2guide opened this issue 3 years ago • 5 comments

Describe the bug Windows Defender can detect FanControl.sys and remove it so the app no longer works.

With no ability to restore or exclude other than using complex options.

Screenshot: 1

Docs: Offical MS Docs for Troubleshoot attack surface reduction rules

hl2guide avatar Nov 03 '22 13:11 hl2guide

"Your administrator has....", so you are not admin on that machine or you are part of an enterprise domain?

Rem0o avatar Nov 03 '22 13:11 Rem0o

I noticed that too, the user is Admin. Windows Defender just acts and deletes the suspected file.

hl2guide avatar Nov 03 '22 16:11 hl2guide

Can't you whitelist it?

Rem0o avatar Nov 07 '22 01:11 Rem0o

Nope, no easy option for that except for complex manual methods: Add exclusions for a false positive.

hl2guide avatar Nov 12 '22 03:11 hl2guide

The problem still exists in V186 on Windows 10. https://www.defenderui.com/ - ASR - Change the "Block abuse of exploited vulnerable signed drivers" to audit mode seem fix it.

yfdyh000 avatar Apr 08 '24 12:04 yfdyh000