zhongyang219
TrafficMonitor.sys - VulnerableDriver:WinNT/Wnring0.G
Prerequisites
- [x] I have searched for related issues in the issues list.
- [x] I have read the FAQ in detail and searched for related issues in FAQ list.
Current TrafficMonitor Version
1.85.1
Current Operating System Version
Windows 10 (10.0.19045)
What happened?
Windows Defender recognizes your driver as vulnerable and wants to remove it!
TrafficMonitor.sys - VulnerableDriver:WinNT/Wnring0.G.
Details: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=VulnerableDriver%3AWinNT%2FWinring0.G&threatid=2147947097
Log Output
Additional Information
No response
Same happening here. From Virustotal (https://www.virustotal.com/gui/file/11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5/community), here are some comments:
"File is flagged because it is the WinRing0x64.sys driver, used by many software suites for accessing hardware at Ring 0. Primarily for RGB and Fan Control on PCs. Driver itself is considered vulnerable by many if malicious programs hook into it, but the file/driver itself is not malicious.
Use with caution."
"This is a "vulnerable driver" from the byovd list. The file itself is not malicious, but it's a signed driver that when installed, allows unlimited system access. Probably not what you want. Therefore this file is also included in various malware code. Google for "byovd" to find out more."
Maybe the program can switch to using this when it's released? It's closed source though. I'm going to use only TrafficMonitor lite until this is fixed.
