Jump to content

PUA found


Go to solution Solved by itman,

Recommended Posts

ESET detected PUA as you can see in the picture. What is happening? What should I do? Ignore or clean?

 

ESET.thumb.jpg.04df883131f7d4437424e71659ac0f2c.jpg

Link to comment
Share on other sites

  • Administrators

It's a vulnerable driver detected as a potentially unsafe application. Try updating AMD Control Center to the latest version. Should it still contain the vulnerable driver, create a detection exclusion with path and detection name.

Link to comment
Share on other sites

5 hours ago, Marcos said:

It's a vulnerable driver detected as a potentially unsafe application. Try updating AMD Control Center to the latest version. Should it still contain the vulnerable driver, create a detection exclusion with path and detection name.

Thanks for the reply. There was no new update from AMD Control Center so I did a clean install of the program but it still detects it. This is what I gathered from log file.

Removed this when got detected upon installation:

C:\Program Files (x86)\ControlCenter\AMDF13C.tmp;Win64/AMD.A

Occurred on a new file created by the program:

C:\Users\Administratör\AppData\Local\Temp\{3B25E1EA-51CE-4BAB-8F19-406A458C925E}\setup.exe(E8097A19212621C551CABDB7D318ADC6A2B42721).;0646729BBA0B6D3018E31A5B5F918CC0443FED18

Added this to quarantine:

C:\Windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\AMDRyzenMasterDriver.sys;Win64/AMD.A

 

Should I leave it this way or should I restore it from quarantine and create a detection exclusion and a detection name?

 

Link to comment
Share on other sites

2 hours ago, ESSPUSR said:

Added this to quarantine:

C:\Windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\AMDRyzenMasterDriver.sys;Win64/AMD.A

Based on this detection, Eset is detecting the driver used by the AMD Ryzen Master utility program. You can download the latest version for it here: https://www.amd.com/en/technologies/ryzen-master .

Also and important is Eset PUA detection is triggered on MalwareBytes AntiMalware MBAMService.exe execution of the AMD driver. If you are running MBAM in real-time mode concurrent with Eset, problems can occur with conflicts between two AV solutions running in real-time mode. You need to either uninstall MBAM or disable its real-time scanning feature.

Edited by itman
Link to comment
Share on other sites

2 hours ago, itman said:

Based on this detection, Eset is detecting the driver used by the AMD Ryzen Master utility program. You can download the latest version for it here: https://www.amd.com/en/technologies/ryzen-master .

Also and important is Eset PUA detection is triggered on MalwareBytes AntiMalware MBAMService.exe execution of the AMD driver. If you are running MBAM in real-time mode concurrent with Eset, problems can occur with conflicts between two AV solutions running in real-time mode. You need to either uninstall MBAM or disable its real-time scanning feature.

Got it. Thanks. By the way, the AMD link you posted is for overclocking? I dont need it then because I use Control Center software mostly for FAN control so I would not need to download it?

Link to comment
Share on other sites

  • Solution
1 hour ago, ESSPUSR said:

By the way, the AMD link you posted is for overclocking?

Correct. However as far as I can tell it is the only AMD utility that uses the AMDRyzenMasterDriver.sys driver as noted below;

Quote

 

amdryzenmasterdriver.sys is part of AMD Ryzen Master Service Driver and developed by Advanced Micro Devices according to the amdryzenmasterdriver.sys version information.

amdryzenmasterdriver.sys's description is "AMD Ryzen Master Service Driver"

amdryzenmasterdriver.sys is digitally signed by Advanced Micro Devices Inc..

amdryzenmasterdriver.sys is usually located in the 'c:\program files\amd\ryzenmaster\bin\' folder.

 

If your system is not experiencing any issues, I would just leave the driver file in Eset Quarantine.

Link to comment
Share on other sites

On 1/6/2024 at 9:32 PM, itman said:

Correct. However as far as I can tell it is the only AMD utility that uses the AMDRyzenMasterDriver.sys driver as noted below;

If your system is not experiencing any issues, I would just leave the driver file in Eset Quarantine.

Thank you. I leave it as it because I dont experiencing any issues.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...