Jump to content

PUA found


Go to solution Solved by itman,

Recommended Posts

  • Administrators

It's a vulnerable driver detected as a potentially unsafe application. Try updating AMD Control Center to the latest version. Should it still contain the vulnerable driver, create a detection exclusion with path and detection name.

Link to comment
Share on other sites

5 hours ago, Marcos said:

It's a vulnerable driver detected as a potentially unsafe application. Try updating AMD Control Center to the latest version. Should it still contain the vulnerable driver, create a detection exclusion with path and detection name.

Thanks for the reply. There was no new update from AMD Control Center so I did a clean install of the program but it still detects it. This is what I gathered from log file.

Removed this when got detected upon installation:

C:\Program Files (x86)\ControlCenter\AMDF13C.tmp;Win64/AMD.A

Occurred on a new file created by the program:

C:\Users\Administratör\AppData\Local\Temp\{3B25E1EA-51CE-4BAB-8F19-406A458C925E}\setup.exe(E8097A19212621C551CABDB7D318ADC6A2B42721).;0646729BBA0B6D3018E31A5B5F918CC0443FED18

Added this to quarantine:

C:\Windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\AMDRyzenMasterDriver.sys;Win64/AMD.A

 

Should I leave it this way or should I restore it from quarantine and create a detection exclusion and a detection name?

 

Link to comment
Share on other sites

2 hours ago, ESSPUSR said:

Added this to quarantine:

C:\Windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\AMDRyzenMasterDriver.sys;Win64/AMD.A

Based on this detection, Eset is detecting the driver used by the AMD Ryzen Master utility program. You can download the latest version for it here: https://www.amd.com/en/technologies/ryzen-master .

Also and important is Eset PUA detection is triggered on MalwareBytes AntiMalware MBAMService.exe execution of the AMD driver. If you are running MBAM in real-time mode concurrent with Eset, problems can occur with conflicts between two AV solutions running in real-time mode. You need to either uninstall MBAM or disable its real-time scanning feature.

Edited by itman
Link to comment
Share on other sites

2 hours ago, itman said:

Based on this detection, Eset is detecting the driver used by the AMD Ryzen Master utility program. You can download the latest version for it here: https://www.amd.com/en/technologies/ryzen-master .

Also and important is Eset PUA detection is triggered on MalwareBytes AntiMalware MBAMService.exe execution of the AMD driver. If you are running MBAM in real-time mode concurrent with Eset, problems can occur with conflicts between two AV solutions running in real-time mode. You need to either uninstall MBAM or disable its real-time scanning feature.

Got it. Thanks. By the way, the AMD link you posted is for overclocking? I dont need it then because I use Control Center software mostly for FAN control so I would not need to download it?

Link to comment
Share on other sites

  • Solution
1 hour ago, ESSPUSR said:

By the way, the AMD link you posted is for overclocking?

Correct. However as far as I can tell it is the only AMD utility that uses the AMDRyzenMasterDriver.sys driver as noted below;

Quote

 

amdryzenmasterdriver.sys is part of AMD Ryzen Master Service Driver and developed by Advanced Micro Devices according to the amdryzenmasterdriver.sys version information.

amdryzenmasterdriver.sys's description is "AMD Ryzen Master Service Driver"

amdryzenmasterdriver.sys is digitally signed by Advanced Micro Devices Inc..

amdryzenmasterdriver.sys is usually located in the 'c:\program files\amd\ryzenmaster\bin\' folder.

 

If your system is not experiencing any issues, I would just leave the driver file in Eset Quarantine.

Link to comment
Share on other sites

On 1/6/2024 at 9:32 PM, itman said:

Correct. However as far as I can tell it is the only AMD utility that uses the AMDRyzenMasterDriver.sys driver as noted below;

If your system is not experiencing any issues, I would just leave the driver file in Eset Quarantine.

Thank you. I leave it as it because I dont experiencing any issues.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...