SMUDebugTool icon indicating copy to clipboard operation
SMUDebugTool copied to clipboard
verified publisher icon irusanov

SMUDebugtool flagged as Virus by Windows Defender

Open kurdology opened this issue 2 months ago • 6 comments

Trojan:Win32/Vigorf.A

ZenStates-Core.sys is being flagged, sometimes WinReg driver too

kurdology avatar Oct 13 '25 07:10 kurdology

Hi, Yes, that is expected now when Microsoft blocked WinRing0 driver. ZenStates-Core.sys is just WinRing0x64.sys, but extracted on launch with the name of the DLL (ZenStates-Core.dll).

I'm working on replacing WinRing0 with PawnIO driver, however there's a huge difference in the supported features (or more accurately the allowed features), so it's not possible to port the debug tool with the new driver at the moment.

It will probably remain using WinRing0. I know people use the PBO functionality, so maybe I will release something like PBO2 Tuner with this function only, once the new driver modules allow reading and writing PBO CO values.

irusanov avatar Oct 13 '25 15:10 irusanov

Hi Ivan,

thank you very much for the quick response. I hope a new driver replacing winreg can be signed at some point, so that work arounds wont be needed. Personally, from my perspective and from that of my friends, a very basic PBO2Tuner (e.g. the actual undervolt and the limits for power) would suffice for 99% of people and usecases.

Anyhow, I want to thank you for working on this and making this project happen. Best of everything to you.

kurdology avatar Oct 14 '25 08:10 kurdology

Ideally I wanted a new version of ZenStates with this functionality, but that is not possible at the moment and those projects will have to wait and continue using WinRing0 for those who really want to use them. I still use ZenStates when overclocking for hwbot, but that is on stripped benching OS, so it doesn't really matter (no Windows Defender or other AV).

The DebugTool might continue using WinRing0 "forever" as I need it to debug various things on every new Ryzen without restrictions. Which means I might keep it for myself from now on. But some sort of a PBO tuner will be availabale at some point as there is a demand for such app.

irusanov avatar Oct 14 '25 13:10 irusanov

Hey,

there is definitely demand for a PBOTuner App. A lot of people like me are simply out of luck (I'm on an Asus b450-f and don't have any type of CO). I think in one of the other issues you said that you could build such an app (meaning that only has CO) quickly. That would be insane if that would be possible. Right now, I'm trying to decide whether to use SMU and allow it in the windows defender or not. I know that it is safe in itself, but I'm afraid of exploits mostly at this point.

kurdology avatar Oct 15 '25 11:10 kurdology

Creating such an app isn't a big task, but the problem is current driver modules don't support any of the smu functions, including getting and setting CO values.

irusanov avatar Oct 15 '25 11:10 irusanov

I understand. I am looking at a workaround for my motherboard right now. As far as I have tested, it is possible to load a bios profile from a cpu that has CO enabled (in my case 5600x), and then load said bios profile when the 5800x3d is installed. I am able to adjust CO that way, there might be a way to bridge this so that a 5600x isn't needed at all.

kurdology avatar Oct 15 '25 12:10 kurdology