Avast WEBforum
Other => Viruses and worms => Topic started by: gamepro1212 on April 03, 2020, 01:31:08 AM
-
AVAST Self Defense is falsely blocking a file known as gdrv64.sys in \\.\GLOBALROOTSystem. This is a legitimate file required for software from GIGABYTE, a manufacturer of gaming computer hardware, to run. Until this false positive is resolved, I have to disable Self Defense for these programs to run.
I couldn't find the specific file on my hard drive, and I don't know where "\\.\GLOBALROOTSystem" is.
-
File already has been detected by AdwCleaner as with adware since 2012 (reported in France).
Are the results PUP results (potential unwanted program)?
Else file an FP, read how here: https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
polonus
-
I am unable to submit a false positive as a search of my hard drive doesn't find the file in question. If I can't find it, I can't upload it. I also don't know where the listed directory is.
-
Is file moved to avast chest ? (quarantine) if so you can send it from avast chest ... see the guide polonus linked to
-
Nope. Not in the chest.
-
AVAST Self Defense is falsely blocking a file known as gdrv64.sys in \\.\GLOBALROOTSystem. This is a legitimate file required for software from GIGABYTE, a manufacturer of gaming computer hardware, to run. Until this false positive is resolved, I have to disable Self Defense for these programs to run.
I couldn't find the specific file on my hard drive, and I don't know where "\\.\GLOBALROOTSystem" is.
Hello, i've exacly the same problem the message appears at windows startup and i finally found it was EasyTune utilities program from Gygabyte. I can't find the file to put it in exceptions. And the trouble cames yesterday with last Avast update. All was fine before.
-
ENG: I also have this problem as you have since the latest update the appcenter program and related to it (everything from the gigabyte company [the installer was included in the box in part from the computer]) does not work because avast blocks them
(if google translator not work good)
PL:ja też mam ten problem co wy od najnowszej aktualizacji program appcenter i powiązane z nim ( wszystko od firmy gigabyte [instalatory były na płycie w pudełku po częściach od PC]) nie działa bo avast je blokuje
-
Witam Slugerku,
Google translator works fine. Also some people here also have a fair command of the Polish language,
one of the most difficult languages in the world. ;)
Wait for an avast team member to comment on that detection and whether it is a genuine FP.
AV works out bad when it interferes with Windows system files with installation tools of third parties,
that then eventually also can create BSOD problems.
Such detections will create some of the worst of errors on any OS, here in hidden Windows system files
So wait for a final verdict of an avast team member. Hope they solve it in the new week.
You could also have a look here: https://www.pconlife.com/viewfileinfo/gdrv-sys/
pozdrawiam,
polonus (Bądźmy razem w domu)
-
Same problem to me after latest Avast update.
I add the whole Gigabyte directory in exception list, but it doesn't work.
Avast keeps blocking the .exe.
Please fix it.
-
Hi there,
Glad to see I'm not the only one with this problem, I got exactly the same message after updating avast just now. I had to uninstall Gigabyte system information viewer (SIV) as I kept getting an infinite series of open driver handle messages which could only be closed via task manager. I also cannot find the file in question either and it isn't in the virus chest, Hope there is a fix for this.
-
Just some precisions.
- As said gamepro1212 (http://"https://forum.avast.com/index.php?topic=233157.msg1541116#msg1541116"), the message come from AVAST Self Defense.
- The problem appears at Windows startup because App Center utilities from Gigabyte manufacturer is launched at startup.
- As said Sluger (http://"https://forum.avast.com/index.php?topic=233157.msg1541435#msg1541435"), the problem concern certainly all utilities of Gigabyte installed, and it append for my part for AppCenter and EasyTune (not tried others), but also SIV as Sluger told.
- As said EH4472 (http://"https://forum.avast.com/index.php?topic=233157.msg1541489#msg1541489"), and i've the same behaviour, a pop-up from Gigabyte utilities loops infinitely when a such utility is launch and it need to be killed with the Task manager.
- When uninstall Gigabyte utilities there's no more message at startup.
- When reinstall then launch Gigabyte App Center when Avast is disabled, Avast Self Defense still block with the same message.
- Utilities from Gigabyte are quite specific for different motherboard models and for my part i've a AM3+ chipset, and there's no more recent utilities for this chipset. Versions are B15.0916.1 for the AppCenter and B16.0822.1 for EasyTune 6.
- More recent utilities seems not have the problem (i tried to install for testing), but they doesn't function.
Cordially.
-
Hello,
same by me.
In Registry HKLM/.../Runonce/ I have this 2 programs: "C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe" and "C:\Program Files (x86)\Gigabyte\SIV\sivro.exe".
If I try to start it manually, it comes message "Open driver handle failure" and message from Avast: "Sebeobranný modul programu Avast zablokoval: gdrv64.sys (\\.\GLOBALROOTSystem)"
Which means "Selfdefence modul of Avast blocked: gdrv64.sys (\\.\GLOBALROOTSystem).
I couldn't find gdrv64.sys on C-Drive so I couldn't make a exception for this file.
Pavel
-
L.S.
We do not see a particular case for a qualified malware remover here:
http://www.geekstogo.com/forum/topic/368593-windows-10-64bit-infection/
Especially the part on the open evaluated command prompt is interesting, but cleansing should be done guided by a qualified remover,
so wait for someone to appear here, whenever it is proven here that this is not a genuine false positive. (and only then).
Online you see warnings as SIVRO.EXE classified Win.SIVRO.EXE. SIVRO.EXE may be quite dangerous for your computer!
Technical Information:
Full path on a computer= %PROGRAM FILES%\\GIGABYTE\\SIV\\SIVRO.EXE
This might be complete fear mongering as we also have these info: https://www.freefixer.com/library/file/sivro.exe-229711/
https://www.freefixer.com/library/file/sivro.exe-229711/#vtreport
also: http://startups.glarysoft.com/SIV/sivro.exe/224859/
So, yes, we really have to wait for the final verdict from avast team members as to what this is, and when there will be a fix.
polonus
-
gdrv64.sys also cannot be found in registry. In Devices looks also everything OK.
Since new Version of Avast the external disks via eSATA are not working.
I don't need sivro.exe or etro.exe, but it looks like I really need gdrv64.sys.
I deactivated Self defence of Avast and eSATA works again.
-
Hello,
I have exactly the same problem too for few days now.
I was googling it and I found this post.
Any solution yet ?
-
I'm also having this issue too.
Cannot seem to find any fix for this so really hoping Avast can get this sorted soon.
-
I had this problem too but since today it seems to have been resolved. Can anyone else confirm?
EDIT: It is back don't know why it didn't happen for a bit.
-
I had this problem too but since today it seems to have been resolved. Can anyone else confirm?
The problem is still here for me. I forced avast updating to be sure i've the last version. I tried to reinstall Gigabyte App Center utility and i've still messages ang blockage when i launch the utility.
My avast versions are :
- Viral database : 12 april 2020 at 19:32 (ver. 200411-0)
- Antivirus application : 1 april 2020 9:55 (ver 20.2.2401 - version 20.2.5130.568)
-
Good morning,
same problem here.
The file is essential to run "Gigabyte easy tune" application, that runs on background. It gets shut down during start of the computer and it is not possible to start it manually.
Please, solve it. It is obvious that the same problem will have everybody that runs Gigabyte based system and has this app installed.
Thank you.
-
I am having the same problem.
Is there any solution yet?
-
Hi guys, I forwarded it...
-
I think for me this started after the product update on 1st April.
I know this probably isn't recommended but I did a System Restore on my PC to the end of March so that it was still running the previous update. I've had no issues since doing this and I'm trying to avoid updating it again until this has been fixed.
-
Hi guys,
this is not a false positive, gdrv.sys/gdrv64.sys of version 5.2.3790.1830 is blocked from load, as it has known vulnerability inside, which is already used to remove security software: https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/. Please update Gigabyte software to get fixed gdrv driver, they have fixed version already (with name gdrv2.sys). The name of blocked driver file can be different.
-
Thanks for the update.
Unfortunately, I am unable to find any updated version on Gigabyte website, other than the one installed on my PC, and that one still has a problem with this file.
The last version description is as follows:
APP Center
(Note) Support Intel 300/200/100/X299/C246 series and AMD TRX40/AM4/X399 series motherboards (support may vary by model).
(Note) Please install Microsoft .NET Framework 4.5 first before install APP Center utility.
Version :B19.1021.1
OS : Windows 10 64bit , Windows 7 32bit , Windows 7 64bit
-
Hi RoyC, can you please attach your GDRV.SYS driver, which is blocked? It should be present in C:\Windows\gdrv.sys. This must be some remnant of a previous installation. I have installed APP center B19.1021.1 and there is no vulnerable driver...
Thanks for the update.
Unfortunately, I am unable to find any updated version on Gigabyte website, other than the one installed on my PC, and that one still has a problem with this file.
The last version description is as follows:
APP Center
(Note) Support Intel 300/200/100/X299/C246 series and AMD TRX40/AM4/X399 series motherboards (support may vary by model).
(Note) Please install Microsoft .NET Framework 4.5 first before install APP Center utility.
Version :B19.1021.1
OS : Windows 10 64bit , Windows 7 32bit , Windows 7 64bit
-
OK, I did as suggested, and everything seems to work properly. At least, for now.
But I have to say that I am quite unhappy with your approach. App that is installed on many computers and you simply decide to block it. Nothing else. No information why, no suggested solution, no possibility to keep the app running. Especially when the problem is vulnerability. It is not malware.
This is not what I have been paying for all those years.
Next time inform your users better before you kill their apps, that they use on every day basis.
Thanks
-
Hi Tronmkiheda, thank you for your opinion. Frankly, I didn't expect so many of our users to have such obsolete driver. The certificate used to sign this driver is revoked already, so it shouldn't be loadable at all. But Windows still allow to load this (not on systems with active EFI secure boot).
-
hi Spec8472~
I am running an very old PC mainboard so that there is no way to get any support/patch from GigaByte.
And I do need this tool to monitor my PC healthy information.
Is it possible to release a Avast patch to let user decide to block this gdrv.sys or not?
Since it's vulnerability , I will take the risks.
gdrv.sys version in my PC: 5.00.2195.1620
Thanks.
-
hi Spec8472~
I am running an very old PC mainboard so that there is no way to get any support/patch from GigaByte.
And I do need this tool to monitor my PC healthy information.
Is it possible to release a Avast patch to let user decide to block this gdrv.sys or not?
Since it's vulnerability , I will take the risks.
gdrv.sys version in my PC: 5.00.2195.1620
Thanks.
It seems a bit strange to possibly compromise your system to allow something to monitor it's health?
-
hi Spec8472~
I am running an very old PC mainboard so that there is no way to get any support/patch from GigaByte.
And I do need this tool to monitor my PC healthy information.
Is it possible to release a Avast patch to let user decide to block this gdrv.sys or not?
Since it's vulnerability , I will take the risks.
gdrv.sys version in my PC: 5.00.2195.1620
Thanks.
It seems a bit strange to possibly compromise your system to allow something to monitor it's health?
well~
GigaByte provide a tiny tool called [EasyTune] , to monitor the CPU temperature or setup the CPU fan speed.
And this tool need gdrv.sys......
F.Y.I.
-
You might find one of these helpful and eliminate the need for using what's no longer safe.
https://www.tech21century.com/best-cpu-temperature-monitor/ (https://www.tech21century.com/best-cpu-temperature-monitor/)
-
@Spec8472
Please find the file attached to this post. Please note I had to change the extension of the file to .txt as .sys files are allowed to be uploaded.
Thank you for your reply and support.
-
You might find one of these helpful and eliminate the need for using what's no longer safe.
https://www.tech21century.com/best-cpu-temperature-monitor/ (https://www.tech21century.com/best-cpu-temperature-monitor/)
I also use EasyTune to overclock the CPU/RAM...
for end user point , some workable tool crash after Avast upgrading...
-
This thread comes to show how tricky it can be when an av-solution decides to mingle with essential system files or files that are essential for proper driver functioning with a particular OS. The appropriate party should be the developer in full cooperation with that particular Operating System team, e.g. a patch to tackle the problems/flaws should be issued.
Whenever those parties involved are not helping out, I can imagine an av-solution steps in with all the consequences we see now.
polonus
-
Hi guys,
latest Gigabyte utilities from https://www.gigabyte.com/Support/Utility do not contain the vulnerable driver. We are going to release a patch to suspend this blockage until more user configurable system is implemented (like with exceptions support).
-
Hi guys,
latest Gigabyte utilities from https://www.gigabyte.com/Support/Utility do not contain the vulnerable driver. We are going to release a patch to suspend this blockage until more user configurable system is implemented (like with exceptions support).
Thank you, much appreciated!
-
hi Spec8472~
I am running an very old PC mainboard so that there is no way to get any support/patch from GigaByte.
And I do need this tool to monitor my PC healthy information.
Is it possible to release a Avast patch to let user decide to block this gdrv.sys or not?
Since it's vulnerability , I will take the risks.
gdrv.sys version in my PC: 5.00.2195.1620
Thanks.
It seems a bit strange to possibly compromise your system to allow something to monitor it's health?
well~
GigaByte provide a tiny tool called [EasyTune] , to monitor the CPU temperature or setup the CPU fan speed.
And this tool need gdrv.sys......
F.Y.I.
Yep same boat here. I tried the newer versions but they don't work with older gigabyte mobos... I don't know what to do.
-
Hi guys,
latest Gigabyte utilities from https://www.gigabyte.com/Support/Utility do not contain the vulnerable driver. We are going to release a patch to suspend this blockage until more user configurable system is implemented (like with exceptions support).
Thank you, much appreciated!
To update:
Uninstalled App Centre
Installed again, downloading the new version from the vendor's website.
The app center now runs smoothly without any notification from Avast.
Thank you for your support. Much appreciated.
-
At last news, Gigabyte utilities can now be launched, i tried, it works and there's no more blocking messages from Avast.
Thank you.
-
still waiting for the Avast patch.
new version tool from https://www.gigabyte.com/Support/Utility , is not compatible with old main-board.
or please tell me how to rollback the Avast to previous version temporary?
-
Hi guys,
latest Gigabyte utilities from https://www.gigabyte.com/Support/Utility do not contain the vulnerable driver. We are going to release a patch to suspend this blockage until more user configurable system is implemented (like with exceptions support).
well, I saw Avast had upgraded the version,
but didn't see any option to suspend the blockage?
any update for this?
Thanks.
-
After some trouble shooting , finally I can run GigaByte ET6 and Avast now.
Thanks!!!
Hi guys,
latest Gigabyte utilities from https://www.gigabyte.com/Support/Utility do not contain the vulnerable driver. We are going to release a patch to suspend this blockage until more user configurable system is implemented (like with exceptions support).
well, I saw Avast had upgraded the version,
but didn't see any option to suspend the blockage?
any update for this?
Thanks.
-
Hi Scotty33,
How did you manage to run ET6 with old mobo together with Avast?
Thanks :)
Edit: After the latest update, the self defense problem is no more. ;)