Self Defense false positive - "gdrv64.sys"

[gamepro1212]

AVAST Self Defense is falsely blocking a file known as gdrv64.sys in \\.\GLOBALROOTSystem. This is a legitimate file required for software from GIGABYTE, a manufacturer of gaming computer hardware, to run. Until this false positive is resolved, I have to disable Self Defense for these programs to run.

I couldn't find the specific file on my hard drive, and I don't know where "\\.\GLOBALROOTSystem" is.

[polonus]

File already has been detected by AdwCleaner as with adware since 2012 (reported in France).
Are the results PUP results (potential unwanted program)?

Else file an FP, read how here: https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

polonus

[gamepro1212]

I am unable to submit a false positive as a search of my hard drive doesn't find the file in question. If I can't find it, I can't upload it. I also don't know where the listed directory is.

[Pondus]

Is file moved to avast chest ? (quarantine) if so you can send it from avast chest ... see the guide polonus linked to

[gamepro1212]

Nope. Not in the chest.

[netimagus]

AVAST Self Defense is falsely blocking a file known as gdrv64.sys in \\.\GLOBALROOTSystem. This is a legitimate file required for software from GIGABYTE, a manufacturer of gaming computer hardware, to run. Until this false positive is resolved, I have to disable Self Defense for these programs to run.

I couldn't find the specific file on my hard drive, and I don't know where "\\.\GLOBALROOTSystem" is.

Hello, i've exacly the same problem the message appears at windows startup and i finally found it was EasyTune utilities program from Gygabyte. I can't find the file to put it in exceptions. And the trouble cames yesterday with last Avast update. All was fine before.

[Sluger]

ENG: I also have this problem as you have since the latest update the appcenter program and related to it (everything from the gigabyte company [the installer was included in the box in part from the computer]) does not work because avast blocks them

(if google translator not work good)
 PL:ja też mam ten problem co wy od najnowszej aktualizacji program appcenter i powiązane z nim ( wszystko od firmy  gigabyte  [instalatory były na płycie w pudełku po częściach od PC])  nie działa bo avast je blokuje

[polonus]

Witam Slugerku,

Google translator works fine. Also some people here also have a fair command of the Polish language,
one of the most difficult languages in the world.

Wait for an avast team member to comment on that detection and whether it is a genuine FP.

AV works out bad when it interferes with Windows system files with installation tools of third parties,
that then eventually also can create BSOD problems.
Such detections will create some of the worst of errors on any OS, here in hidden Windows system files
So wait for a final verdict of an avast team member. Hope they solve it in the new week.

You could also have a look here: https://www.pconlife.com/viewfileinfo/gdrv-sys/

pozdrawiam,

polonus (Bądźmy razem w domu)

[jorjo.satiros]

Same problem to me after latest Avast update.
I add the whole Gigabyte directory in exception list, but it doesn't work.
Avast keeps blocking the .exe.
Please fix it.

[EH4472]

Hi there,

Glad to see I'm not the only one with this problem, I got exactly the same message after updating avast just now. I had to uninstall Gigabyte system information viewer (SIV) as I kept getting an infinite series of open driver handle messages which could only be closed via task manager. I also cannot find the file in question either and it isn't in the virus chest, Hope there is a fix for this.

[netimagus]

Just some precisions.

- As said gamepro1212, the message come from AVAST Self Defense.
- The problem appears at Windows startup because App Center utilities from Gigabyte manufacturer is launched at startup.
- As said Sluger, the problem concern certainly all utilities of Gigabyte installed, and it append for my part for AppCenter and EasyTune (not tried others), but also SIV as Sluger told.
- As said EH4472, and i've the same behaviour, a pop-up from Gigabyte utilities loops infinitely when a such utility is launch and it need to be killed with the Task manager.
- When uninstall Gigabyte utilities there's no more message at startup.
- When reinstall then launch Gigabyte App Center when Avast is disabled, Avast Self Defense still block with the same message.
- Utilities from Gigabyte are quite specific for different motherboard models and for my part i've a AM3+ chipset, and there's no more recent utilities for this chipset. Versions are B15.0916.1 for the AppCenter and B16.0822.1 for EasyTune 6.
- More recent utilities seems not have the problem (i tried to install for testing), but they doesn't function.

Cordially.

[Pavel1111]

Hello,

same by me.
In Registry HKLM/.../Runonce/ I have this 2 programs: "C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe" and "C:\Program Files (x86)\Gigabyte\SIV\sivro.exe".
If I try to start it manually, it comes message "Open driver handle failure" and message from Avast: "Sebeobranný modul programu Avast zablokoval: gdrv64.sys (\\.\GLOBALROOTSystem)"
Which means "Selfdefence modul of Avast blocked: gdrv64.sys (\\.\GLOBALROOTSystem).
I couldn't find gdrv64.sys on C-Drive so I couldn't make a exception for this file.

Pavel

[polonus]

L.S.

We do not see a particular case for a qualified malware remover here:
http://www.geekstogo.com/forum/topic/368593-windows-10-64bit-infection/
Especially the part on the open evaluated command prompt is interesting, but cleansing should be done guided by a qualified remover,
so wait for someone to appear here, whenever it is proven here that this is not a genuine false positive. (and only then).

Online you see warnings as SIVRO.EXE classified Win.SIVRO.EXE. SIVRO.EXE may be quite dangerous for your computer!
 Technical Information:
Full path on a computer= %PROGRAM FILES%\\GIGABYTE\\SIV\\SIVRO.EXE

This might be complete fear mongering as we also have these info: https://www.freefixer.com/library/file/sivro.exe-229711/
https://www.freefixer.com/library/file/sivro.exe-229711/#vtreport
also: http://startups.glarysoft.com/SIV/sivro.exe/224859/

So, yes, we really have to wait for the final verdict from avast team members as to what this is, and when there will be a fix.

polonus

[Pavel1111]

gdrv64.sys also cannot be found in registry. In Devices looks also everything OK.
Since new Version of Avast the external disks via eSATA are not working.
I don't need sivro.exe or etro.exe, but it looks like I really need gdrv64.sys.

I deactivated Self defence of Avast and eSATA works again.

[abreak]

Hello,

I have exactly the same problem too for few days now.

I was googling it and I found this post.

Any solution yet ?