IggyAl 0 Posted June 15, 2023 Share Posted June 15, 2023 Hello, today I am receiving mails, telling me that "file:///C:/OEM/Factory/amifldrv64.sys" has been detected as a potentially insecure application and ESET has deleted it. Is it a false positive? I think that OEM folder is related about recovering system. Thanks, regards. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted June 15, 2023 Administrators Share Posted June 15, 2023 Please provide the appropriate record from the Detections log. Most likely it's a detection of a vulnerable driver. Link to comment Share on other sites More sharing options...
IggyAl 0 Posted June 15, 2023 Author Share Posted June 15, 2023 Hello, how can I export this log? Screenshot attached. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted June 15, 2023 Administrators Share Posted June 15, 2023 As expected, it's a correct detection of a vulnerable AMI driver: https://www.loldrivers.io/drivers/6d4b0025-7910-483a-ba73-03970995edc3/ Link to comment Share on other sites More sharing options...
rotaru 10 Posted June 15, 2023 Share Posted June 15, 2023 49 minutes ago, Marcos said: As expected, it's a correct detection of a vulnerable AMI driver: The driver may be vulnerable, but is OK for ESET to delete a driver???? What if , by deleting a drive the PC is not bootable anymore???? Link to comment Share on other sites More sharing options...
itman 1,749 Posted June 15, 2023 Share Posted June 15, 2023 4 hours ago, rotaru said: The driver may be vulnerable, but is OK for ESET to delete a driver???? What if , by deleting a drive the PC is not bootable anymore???? If Win 10 Pro+ is installed and HVCI - Memory Integrity - enabled, Windows would have blocked the driver from loading: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules . Additional ref. article here: https://www.dell.com/community/Alienware/m17-R2-BIOS-installer-blocked-vulnerable-driver-amifldrv64-sys/td-p/8293332 5 hours ago, IggyAl said: I think that OEM folder is related about recovering system. Appears the vulnerable driver Eset is detecting is the one used by PC vendor restore provided processing; not the the same driver currently present in C:\Windows\System32\drivers. Appears the solution is to contact PC manufacture about an update of their recovery software. Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted June 17, 2023 Share Posted June 17, 2023 ESET also detected an AMD Driver on my system. This one as: "Win64/AMD.C potentially unsafe application" https://www.virustotal.com/gui/file/77955af8a8bcea8998f4046c2f8534f6fb1959c71de049ca2f4298ba47d8f23a/detection I see that it's present here: https://www.loldrivers.io/drivers/13973a71-412f-4a18-a2a6-476d3853f8de/?query=amdryzenmasterdriver.sys#:~:text=cec887f20ab468caa1c99fcbe7fbdfab25fadf39 Link to comment Share on other sites More sharing options...
itman 1,749 Posted June 17, 2023 Share Posted June 17, 2023 6 hours ago, SeriousHoax said: ESET also detected an AMD Driver on my system. This one as: "Win64/AMD.C potentially unsafe application" https://www.virustotal.com/gui/file/77955af8a8bcea8998f4046c2f8534f6fb1959c71de049ca2f4298ba47d8f23a/detection Looks like driver is related to AMD Master Utility used for over-clocking Radeon graphics: https://www.amd.com/system/files/documents/ryzen-master-quick-reference-guide.pdf . Since one "can live" w/o over-clocked graphics, appears the best solution is to uninstall the utility. Since this vulnerable driver ver. dates to 5/2023, doubt that AMD has an update for it. Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted June 18, 2023 Share Posted June 18, 2023 9 hours ago, itman said: Looks like driver is related to AMD Master Utility used for over-clocking Radeon graphics: https://www.amd.com/system/files/documents/ryzen-master-quick-reference-guide.pdf . Since one "can live" w/o over-clocked graphics, appears the best solution is to uninstall the utility. Since this vulnerable driver ver. dates to 5/2023, doubt that AMD has an update for it. Yeah, but it's not easy to uninstall it because it comes with AMD's display driver by default. I use this tool to pre-remove stuff that I don't need when a new driver comes out. But the last time I forgot to uncheck Ryzen Master. https://github.com/GSDragoon/RadeonSoftwareSlimmer Link to comment Share on other sites More sharing options...
Recommended Posts