ESSPUSR 2 Posted January 6 Share Posted January 6 ESET detected PUA as you can see in the picture. What is happening? What should I do? Ignore or clean? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted January 6 Administrators Share Posted January 6 It's a vulnerable driver detected as a potentially unsafe application. Try updating AMD Control Center to the latest version. Should it still contain the vulnerable driver, create a detection exclusion with path and detection name. Link to comment Share on other sites More sharing options...
ESSPUSR 2 Posted January 6 Author Share Posted January 6 5 hours ago, Marcos said: It's a vulnerable driver detected as a potentially unsafe application. Try updating AMD Control Center to the latest version. Should it still contain the vulnerable driver, create a detection exclusion with path and detection name. Thanks for the reply. There was no new update from AMD Control Center so I did a clean install of the program but it still detects it. This is what I gathered from log file. Removed this when got detected upon installation: C:\Program Files (x86)\ControlCenter\AMDF13C.tmp;Win64/AMD.A Occurred on a new file created by the program: C:\Users\Administratör\AppData\Local\Temp\{3B25E1EA-51CE-4BAB-8F19-406A458C925E}\setup.exe(E8097A19212621C551CABDB7D318ADC6A2B42721).;0646729BBA0B6D3018E31A5B5F918CC0443FED18 Added this to quarantine: C:\Windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\AMDRyzenMasterDriver.sys;Win64/AMD.A Should I leave it this way or should I restore it from quarantine and create a detection exclusion and a detection name? Link to comment Share on other sites More sharing options...
itman 1,748 Posted January 6 Share Posted January 6 (edited) 2 hours ago, ESSPUSR said: Added this to quarantine: C:\Windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\AMDRyzenMasterDriver.sys;Win64/AMD.A Based on this detection, Eset is detecting the driver used by the AMD Ryzen Master utility program. You can download the latest version for it here: https://www.amd.com/en/technologies/ryzen-master . Also and important is Eset PUA detection is triggered on MalwareBytes AntiMalware MBAMService.exe execution of the AMD driver. If you are running MBAM in real-time mode concurrent with Eset, problems can occur with conflicts between two AV solutions running in real-time mode. You need to either uninstall MBAM or disable its real-time scanning feature. Edited January 6 by itman Link to comment Share on other sites More sharing options...
ESSPUSR 2 Posted January 6 Author Share Posted January 6 2 hours ago, itman said: Based on this detection, Eset is detecting the driver used by the AMD Ryzen Master utility program. You can download the latest version for it here: https://www.amd.com/en/technologies/ryzen-master . Also and important is Eset PUA detection is triggered on MalwareBytes AntiMalware MBAMService.exe execution of the AMD driver. If you are running MBAM in real-time mode concurrent with Eset, problems can occur with conflicts between two AV solutions running in real-time mode. You need to either uninstall MBAM or disable its real-time scanning feature. Got it. Thanks. By the way, the AMD link you posted is for overclocking? I dont need it then because I use Control Center software mostly for FAN control so I would not need to download it? Link to comment Share on other sites More sharing options...
Solution itman 1,748 Posted January 6 Solution Share Posted January 6 1 hour ago, ESSPUSR said: By the way, the AMD link you posted is for overclocking? Correct. However as far as I can tell it is the only AMD utility that uses the AMDRyzenMasterDriver.sys driver as noted below; Quote amdryzenmasterdriver.sys is part of AMD Ryzen Master Service Driver and developed by Advanced Micro Devices according to the amdryzenmasterdriver.sys version information. amdryzenmasterdriver.sys's description is "AMD Ryzen Master Service Driver" amdryzenmasterdriver.sys is digitally signed by Advanced Micro Devices Inc.. amdryzenmasterdriver.sys is usually located in the 'c:\program files\amd\ryzenmaster\bin\' folder. If your system is not experiencing any issues, I would just leave the driver file in Eset Quarantine. Link to comment Share on other sites More sharing options...
ESSPUSR 2 Posted January 12 Author Share Posted January 12 On 1/6/2024 at 9:32 PM, itman said: Correct. However as far as I can tell it is the only AMD utility that uses the AMDRyzenMasterDriver.sys driver as noted below; If your system is not experiencing any issues, I would just leave the driver file in Eset Quarantine. Thank you. I leave it as it because I dont experiencing any issues. Link to comment Share on other sites More sharing options...
Recommended Posts