Jump to content

ESET is detecting file from C:\OEM folder


Recommended Posts

Hello, today I am receiving mails, telling me that "file:///C:/OEM/Factory/amifldrv64.sys" has been detected as a potentially insecure application and ESET has deleted it.

Is it a false positive? I think that OEM folder is related about recovering system.

Thanks, regards.

Link to comment
Share on other sites

  • Administrators

Please provide the appropriate record from the Detections log. Most likely it's a detection of a vulnerable driver.

Link to comment
Share on other sites

49 minutes ago, Marcos said:

As expected, it's a correct detection of a vulnerable AMI driver:

The driver may be vulnerable, but is OK for ESET to delete a driver????  What if , by deleting a drive the PC is not bootable anymore????

Link to comment
Share on other sites

4 hours ago, rotaru said:

The driver may be vulnerable, but is OK for ESET to delete a driver????  What if , by deleting a drive the PC is not bootable anymore????

If Win 10 Pro+ is installed and HVCI - Memory Integrity - enabled, Windows would have blocked the driver from loading: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules .

Additional ref. article here: https://www.dell.com/community/Alienware/m17-R2-BIOS-installer-blocked-vulnerable-driver-amifldrv64-sys/td-p/8293332

5 hours ago, IggyAl said:

I think that OEM folder is related about recovering system.

Appears the vulnerable driver Eset is detecting is the one used by PC vendor restore provided processing; not the the same driver currently present in C:\Windows\System32\drivers. Appears the solution is to contact PC manufacture about an update of their recovery software.

Link to comment
Share on other sites

Link to comment
Share on other sites

6 hours ago, SeriousHoax said:

ESET also detected an AMD Driver on my system. 

This one as: "Win64/AMD.C potentially unsafe application" 

https://www.virustotal.com/gui/file/77955af8a8bcea8998f4046c2f8534f6fb1959c71de049ca2f4298ba47d8f23a/detection

Looks like driver is related to AMD Master Utility used for over-clocking Radeon graphics: https://www.amd.com/system/files/documents/ryzen-master-quick-reference-guide.pdf . Since one "can live" w/o over-clocked graphics, appears the best solution is to uninstall the utility. Since this vulnerable driver ver. dates to 5/2023, doubt that AMD has an update for it.

Link to comment
Share on other sites

9 hours ago, itman said:

Looks like driver is related to AMD Master Utility used for over-clocking Radeon graphics: https://www.amd.com/system/files/documents/ryzen-master-quick-reference-guide.pdf . Since one "can live" w/o over-clocked graphics, appears the best solution is to uninstall the utility. Since this vulnerable driver ver. dates to 5/2023, doubt that AMD has an update for it.

Yeah, but it's not easy to uninstall it because it comes with AMD's display driver by default. 

I use this tool to pre-remove stuff that I don't need when a new driver comes out. But the last time I forgot to uncheck Ryzen Master. 

https://github.com/GSDragoon/RadeonSoftwareSlimmer

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   1 member

×
×
  • Create New...