Winring0x64.sys Blocked

[CJR2053]

Hi all.
Is anyone able to shed some light as to why everytime I start my system Avast keeps giving me a virus popup saying:

"Avast blocked a vulnerable driver
The driver winring0x64.sys has been blocked due to vulnerablities that could cause your PC's operating system instability"

I've read that this file is possibly part of a trojan. Is this correct? I haven't visited any sites I wouldn't normally such as Youtube and Facebook nor installed any now programs for several months.

This popup has only been happeining for a couple of days. I have run virus scans and malware removal programs and neither have picked up anything suspicious with that system file.

All help and suggestions are welcome, thanks!

[rocksteady]

See this thread: https://forum.avast.com/index.php?topic=322571.0

[CJR2053]

Thanks for the reply but it hasnt helped. I can't seem to add an exception to this.
Thanks for the help.

[DavidR]

First let me stat I don't work for Avast, but am an Avast User just like you.
The driver is vulnerable as stated in the other topic, the best solution would be to update the driver, how I don't know. I rarely if ever have needed to do this as most are OS related.  So nothing would be found in any antivirus scan that you do as such, however when the program that uses it calls it avast would alert on the vulnerability. 

I don't know if the program that uses this driver has an updated version or if this needs to be an OS/Driver update issue

There was a request for more information in the previous topic link.

Has anyone run the support package as requested ?

The revert of the "Block vulnerable kernel drivers" setting on reboot is not reproducible, can you please provide a support package?

https://support.avast.com/en-us/article/submit-support-file/#pc

I don't know if this is something that can be set in Avast or if it is an OS related setting:

Hello jamesmilton,

this driver is indeed vulnerable: https://nvd.nist.gov/vuln/detail/CVE-2020-14979
Any malware running under any user account (even non admin) can connect to this driver (if loaded) and control whole system from kernel. There is no option to exclude single driver, but you can disable vulnerable driver blocking completely.

The highlighting in the above quite is mine.  However as mentioned previously that would leave your system vulnerable.
See this search - https://www.google.co.uk/search?q=+disable+vulnerable+driver+blocking
If you choose to go down this route, it is entirely at your own risk as it could be opening the door to many such vulnerable drivers, not just this one.

[rxc]

I have the same problem.  I am just trying to run RealTemp, which gives me CPU temperatures.  I started with an old version - 4 years ago, but updated to the latest version, and no joy.  Avast insists that since this driver is "vulnerable", it won't load it, and I can't find anything else to substitute for it.

Anyone who has succeeded, please post a response.  I am disappointed that Avast does not have any more info about this.  Just saying that something is "vulnerable" is not a good explanation.

[Pondus]

I am disappointed that Avast does not have any more info about this.  Just saying that something is "vulnerable" is not a good explanation.

and you have of course Uploaded and checked file at www.virustotal.com

[Nom]

Turn off the "Block vulnerable drivers" checkbox in the "Troubleshooting" tab and do not suffer. For example, I always disable this check mark immediately after installing avast. Because blunt blocking of drivers without the possibility of some flexible configuration is not an acceptable solution. The danger of using this driver is only potential. Someone has to run an exploit on your computer in order to exploit this vulnerability. But Avast also has a file screen and protection against exploits. And this functionality does the job perfectly. There is a firewall, NAT, and so on, which will also prevent an attacker from connecting to you from outside. So you need to work hard to exploit this vulnerability. And if the driver cannot be updated, then avast leaves no other choice but to disable blocking of vulnerable drivers.