AVAST antivirus detects FanControl as virus

[snokman]

Avast antivirus blocks FanControl because its detected as malicious driver.

[Hun73rdk]

Avast detect everything as virus even my damn php code.

[ghost]

At least with AVG (same company) it's detecting it as a vulnerable kernel driver (fancontrol.sys) then blocking it from running, it's not a virus. So I've had to disable a specific feature that leaves my system open to malware attacks. What's even worse they don't let you whitelist the file either you have to disable that feature. I tried sending them a false positive message but they always seem to sit on it for a very long time or totally ignore it. It's still AVGs fault but it's frustrating too when they do stuff like this

[gitishi]

I had this happen multiple times now, always after a windows update. It always stopped after fancontrol got an update. So I would assume fancontrol needs to be adjusted for changes to the OS. I'm on V146 and win11 pro 22H2. I was on the previous version that was pushed to the auto updater when I encountered the issue. fancontrol still starts after a while but has no access to the sensors

[someOwen]

so this is strang? about 30mins ago i had this isuse,,, but it was after i updated some intel drivers " I\O & engine management "

after restarting avast wouldnt shut or let OpenFan run with out the sys file. had to disable the driver options in avast..

im not supper worred. eveyrthings 2auth anyways

[louis-lowlight]

I have the same issue, how did you guys solved your problem ? @someOwen @gitishi @omega-tuna @Hun73rdk

[Ragmon88]

There is a short post on the avast site for this... nothing useful. https://forum.avast.com/index.php?topic=322571.0

[Hun73rdk]

I stopped using Avast long time ago it got to intrusive for me to use. i am using malwarebytes right now.

[louis-lowlight]

There is a short post on the avast site for this... nothing useful. https://forum.avast.com/index.php?topic=322571.0

The link doesn't work for me. It says 'An error occurred while processing your request.'

[louis-lowlight]

I stopped using Avast long time ago it got to intrusive for me to use. i am using malwarebytes right now.

I had Malwarebytes but the free trial period ended long time ago. I think I'd prefer to stick with free softwares.

[Ghastleigh]

apparently this is the problem: https://nvd.nist.gov/vuln/detail/CVE-2020-14979 I noticed also the same thing in Open Hardware Monitor which uses the same drivers I guess. Also, it seem to keep crashing my AMD Software like crazy.

Only solution currently is to turn off kernel protection, which I cannot recommend. Damn it, I set up Fan Control so nice, and now this.

I would like to hear @Rem0o - is there anything reasonable that can be done at this moment to solve this?

[Rem0o]

@Ghastleigh I’m all hears for a solution, but indeed it seems like it is blocking Winring0, which is a kernel level driver that powers the whole software. I don’t have any control over avg or avast, so if their software decides any software that uses winring0 is a threat, well that’s on them. Isn’t there a manual submission possible for analysis on their end to whitelist it?

[Ghastleigh]

@Ghastleigh I’m all hears for a solution, but indeed it seems like it is blocking Winring0, which is a kernel level driver that powers the whole software. I don’t have any control over avg or avast, so if their software decides any software that uses winring0 is a threat, well that’s on them. Isn’t there a manual submission possible for analysis on their end to whitelist it?

I don't know, maybe report false positive as a dev to Avast through their form here: https://www.avast.com/false-positive-file-form.php#pc

[Rem0o]

@Ghastleigh sent the app. We'll see.

[Rem0o]

Update by the Avast team:

FanControl uses LHM, which uses Winring0, an "old" kernel driver. That driver has been declared vulnerable by Avast, and it won't be whitelisted.

[InfernoDigital]

Dang, that's rough. Just had the same thing happen to me today.

[AxelXyfer]

Having exact same issue... I don't want to switch either program, having a proper dilemma rn :c Saw some articles online elsewhere about people having the problem in the past but it goes away with an update for FanControl... Doubt that's the case this time?

[Quad-Gamer]

Yeah this is the response I got from Avast:

"I see you have questions about the Avast vulnerable kernel drivers detection, which I want to clarify.

I've discussed the situation with Avast developers, and the detection is correct. The vulnerability is related to CVE-2020-14979. We don't recommend using the application until its developers provide a fix.

There isn't any other workaround than disabling the "Block vulnerable kernel drivers" feature if you want to use the application despite our recommendations.

Avast Premium Security -> Menu -> Settings -> General -> Troubleshooting -> Enable Self-Defense -> Block vulnerable kernel drivers. But I don't recommend this. "

[AxelXyfer]

Yeah this is the response I got from Avast:

"I see you have questions about the Avast vulnerable kernel drivers detection, which I want to clarify.

I've discussed the situation with Avast developers, and the detection is correct. The vulnerability is related to CVE-2020-14979. We don't recommend using the application until its developers provide a fix.

There isn't any other workaround than disabling the "Block vulnerable kernel drivers" feature if you want to use the application despite our recommendations.

Avast Premium Security -> Menu -> Settings -> General -> Troubleshooting -> Enable Self-Defense -> Block vulnerable kernel drivers. But I don't recommend this. "

Yeah... Doing that for now, but i'd rather not obviously. Anyway we can get a bump somewhere to let us know when it's fixed so we can re-enable the "block vulnerable kernel drivers" feature? Here's hoping it gets fixed soon without too much headache ^-^

[Quad-Gamer]

Yeah... Doing that for now, but i'd rather not obviously. Anyway we can get a bump somewhere to let us know when it's fixed so we can re-enable the "block vulnerable kernel drivers" feature? Here's hoping it gets fixed soon without too much headache ^-^

Yeah I have no idea how to fix a kernel driver or how much work it would take to fix, but hopefully whoever wrote Winring0 knows how to fix the vulnerability and is happy to do it.

[OfficiallyCrazy]

It seems like a solution has already existed for a while. Unfortunately, I would not blame avast. Avast is doing their job by protecting our computers. https://posts.specterops.io/cve-2020-14979-local-privilege-escalation-in-evga-precisionx1-cf63c6b95896

I am nowhere near of being a programmer. But from the research I did. It seems like you should be able to update Winring0.

[Rem0o]

@OfficiallyCrazy see https://github.com/LibreHardwareMonitor/LibreHardwareMonitor/issues/984

Changing the code is the easy part. Making it run on any other Windows computer is the real issue.

[nonamed46]

is there any chance that the issue gets fixed soon, even if i have to rebuild it myself? I'd love to keep using fan control but allowing vulnerable drivers is not worth the risk for me personally.

Does this issue persist across all versions or is it a new thing?

[Rem0o]

@nonamed46 since there is no updated version of the driver available with an EV code signing certificate, I don’t see an easy solution.

[AxelXyfer]

Any alternatives then? Any work being done on any solution?

---

From: Rem0o @.> Sent: Thursday, March 9, 2023 2:20:06 PM To: Rem0o/FanControl.Releases @.> Cc: AxelXyfer @.>; Comment @.> Subject: Re: [Rem0o/FanControl.Releases] AVAST antivirus detects FanControl as virus (Issue #1521)

@nonamed46https://github.com/nonamed46 since there is no updated version of the driver available with an EV code signing certificate, I don’t see an easy solution.

— Reply to this email directly, view it on GitHubhttps://github.com/Rem0o/FanControl.Releases/issues/1521#issuecomment-1462144519, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AN6H6SQKK5EYHWIPWDXMUYDW3HRJNANCNFSM6AAAAAAUWDUM6E. You are receiving this because you commented.Message ID: @.***>

[Rem0o]

@AxelXyfer

No alternative in sight. The old driver worked because back then Microsoft restrictions for signing kernel drivers were much looser, and they kept those old drivers compatible to not break current apps still using them. Nowadays to make a kernel driver, you basically must be a registered company with everything that goes with it to make it validated by Microsoft, and we ain't got that.

[AxelXyfer]

So what's the solution then?.... Nothing? 😂

---

From: Rem0o @.> Sent: Thursday, March 9, 2023 6:21:27 PM To: Rem0o/FanControl.Releases @.> Cc: AxelXyfer @.>; Mention @.> Subject: Re: [Rem0o/FanControl.Releases] AVAST antivirus detects FanControl as virus (Issue #1521)

@AxelXyferhttps://github.com/AxelXyfer

No alternative in sight. The old driver worked because back then Microsoft restrictions for signing kernel drivers were much looser, and they kept those old drivers compatible to not break current apps still using them. Nowadays to make a kernel driver, you basically must be a registered company with everything that goes with it to make it validated by Microsoft, and we ain't got that.

— Reply to this email directly, view it on GitHubhttps://github.com/Rem0o/FanControl.Releases/issues/1521#issuecomment-1462557425, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AN6H6SXG7TTTMQMILHOSM43W3INSPANCNFSM6AAAAAAUWDUM6E. You are receiving this because you were mentioned.Message ID: @.***>

[Ghastleigh]

this bums me out completely. A lot of cool programs use winring0 driver, including Fan Control which made me so happy when I discovered it. It was just the exact thing I needed. It's also nuts that avast doesn't allow exceptions for things like this.

Can we do something to help? Any other devs that have same issues? Two head are better than one, etc.

[Ragmon88]

I'm not sure what it means, but Fan Control is running normally, even is the FanControl.sys file is missing. Funny thing is that Avast keeps finding the FanControl.sys file every time windows starts up.

[OfficiallyCrazy]

RemOO

Is the driver's being signed completely mandatory? Can't we allow an un-assigned Kernel program run?

At least the updated version will not have the vulnerability. And we could tell windows to stop complaining about Winring0.

On Thu, Mar 9, 2023, 10:21 AM Rem0o @.***> wrote:

@AxelXyfer https://github.com/AxelXyfer

No alternative in sight. The old driver worked because back then Microsoft restrictions for signing kernel drivers were much looser, and they kept those old drivers compatible to not break current apps still using them. Nowadays to make a kernel driver, you basically must be a registered company with everything that goes with it to make it validated by Microsoft, and we ain't got that.

— Reply to this email directly, view it on GitHub https://github.com/Rem0o/FanControl.Releases/issues/1521#issuecomment-1462557425, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMRAKMXP3R2DYZNHTIDBXM3W3INSPANCNFSM6AAAAAAUWDUM6E . You are receiving this because you were mentioned.Message ID: @.***>

[Rem0o]

@OfficiallyCrazy you can't. You must boot Windows into "no-sign required" mode, which isn't something you want to do on the daily.

Microsoft really made it a pain.

[OfficiallyCrazy]

So the only current solution would be to code everything from the ground up using a different kernal-mode driver?

If that's the case, you could start a Patreon and let us give you support to recreate it.

On Thu, Mar 9, 2023, 1:41 PM Rem0o @.***> wrote:

@OfficiallyCrazy https://github.com/OfficiallyCrazy you can't. You must boot Windows into "no-sign required" mode, which isn't something you want to do on the daily.

Microsoft really made it a pain.

— Reply to this email directly, view it on GitHub https://github.com/Rem0o/FanControl.Releases/issues/1521#issuecomment-1462863090, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMRAKMS3EH5ZYBOV2THID53W3JFCJANCNFSM6AAAAAAUWDUM6E . You are receiving this because you were mentioned.Message ID: @.***>

[AxelXyfer]

Seconded!

[Rem0o]

^ It ain't that simple. Coding the kernel driver takes 10 minutes. That's the easy part. The complicated part is the code signing stuff.

To get a kernel driver signed on Windows, by Microsoft, I would need to be incorporated, aka a registered company. An individual dev like me cannot.

In my country, incorporation requires a ton of yearly of documentation, cost, taxes paper done every year by an office, and so on.

That's quite the paradigm shift from a part-time, no hassle solo project, and I don't want to dig down that rabbit hole for now, for Avast of all things.

I would love an alternative to LHM, but right now there is none that I can see. Looked into CPUID SDK, but that's still in progress, and not a simple upgrade either.

[AxelXyfer]

So, it's not going to be fixed then?..

---

From: Rem0o @.> Sent: Friday, March 10, 2023 12:16:21 AM To: Rem0o/FanControl.Releases @.> Cc: AxelXyfer @.>; Mention @.> Subject: Re: [Rem0o/FanControl.Releases] AVAST antivirus detects FanControl as virus (Issue #1521)

^ It ain't that simple.

To get a kernel driver signed, I would need to be incorporated, aka a registered company. In my country, that requires a tons yearly of documentation, cost, and so on. That's quite the paradigm shift from a part-time, no hassle solo project.

— Reply to this email directly, view it on GitHubhttps://github.com/Rem0o/FanControl.Releases/issues/1521#issuecomment-1463023762, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AN6H6SS64YZMBJVOPM2GHB3W3JXFLANCNFSM6AAAAAAUWDUM6E. You are receiving this because you were mentioned.Message ID: @.***>

[OfficiallyCrazy]

Understandable. But are there no already existing, registered, and patched kernels you could use?

On Thu, Mar 9, 2023, 4:16 PM Rem0o @.***> wrote:

^ It ain't that simple.

To get a kernel driver signed, I would need to be incorporated, aka a registered company. In my country, that requires a tons yearly of documentation, cost, and so on. That's quite the paradigm shift from a part-time, no hassle solo project.

— Reply to this email directly, view it on GitHub https://github.com/Rem0o/FanControl.Releases/issues/1521#issuecomment-1463023762, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMRAKMSS4REY7XOJW46KVPDW3JXFLANCNFSM6AAAAAAUWDUM6E . You are receiving this because you were mentioned.Message ID: @.***>

[Rem0o]

@OfficiallyCrazy Not AFAIK. There is only 1 signed version of WinRing0 floating around the web.

[Ghastleigh]

lmao, chatgpt to the rescue, maybe:

[Zalzator]

Workaround I've found (not that it is fun) - disable the block vulnerable kernel drivers - start up fan control; then turn the protection back on. It is a pain to need to do it. However, if you only need to do it after an update or when you restart your PC... well... maybe not that bad.

[CrazyKidJack]

In my country, incorporation requires a ton of yearly of documentation, cost, taxes paper done every year by an office, and so on.

@Rem0o I also replied to you on the LibreHardwareMonitor issue. However, (this is all assuming you live in the US) I wanted to explicitly mention here that you don't have to be "incorporated" (which you corrected stated costs lots of money) in order to get an EV cert. You can get an EV cert as a sole proprietorship (which in many states in the US is free to create) and if that sole proprietorship does not have any expenses or revenue, then you also do not have to pay additional taxes (or even file any additional tax forms) in many US states.

You would probably have to "officially" register the sole proprietorship for the EV cert validation process, but even that is usually not required for a sole proprietorship... you'd only have to do it in this case for the validation process. The official registration might cost a small fee depending on where you live.

[SolarVampire]

I'm going to chime in for an opinion. I believe that, at a certain point, low level access is required for fan control. I also believe that sacrificing security, any level of it, for a fan controller is not worth it. I really appreciate the software and it's usability, clean ui and amazing features. However, I will also be uninstalling the software and awaiting a more secure solution. I wish you the best of luck, I really do enjoy the product, but I can't do this. This is like one of those breakups you don't want to have, but need to have. It's like "honey, I love you, but you keep leaving the front door open overnight and so I'm going to need to end the relationship". Please do send me a DM if you find a workaround.

[AxelXyfer]

Exactly the same here, I bet a lot of people are gonna do this too.

---

From: SolarVampire @.> Sent: Sunday, March 19, 2023 4:37:45 AM To: Rem0o/FanControl.Releases @.> Cc: AxelXyfer @.>; Mention @.> Subject: Re: [Rem0o/FanControl.Releases] AVAST antivirus detects FanControl as virus (Issue #1521)

I'm going to chime in for an opinion. I believe that at a certain point, low level access is required for fan control. I also believe that sacrificing security (any level of it) for a fan controller is not worth it. I really appreciate the software and it's usability, clean ui and amazing features, however I will also be uninstalling the software and awaiting a more secure solution. I wish you the best of luck, I really do enjoy the product, but I can't do this. This is like one of those breakups you don't want to have, but need to have. It's like "honey, I love you, but you keep leaving the front door open overnight and so I'm going to need to end the relationship". Please do send me a DM if you find a workaround.

— Reply to this email directly, view it on GitHubhttps://github.com/Rem0o/FanControl.Releases/issues/1521#issuecomment-1475101306, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AN6H6SUMZJ7CCJFXTKVGI2LW42ERTANCNFSM6AAAAAAUWDUM6E. You are receiving this because you were mentioned.Message ID: @.***>

[Quad-Gamer]

Quick question, how do you uninstall / remove it? It's not listed under programs and there is no uninstall under the FanControl directory?

[Rem0o]

There is nothing to uninstall. It's a stand-alone application. You can just delete the files. If you got it to start with windows, uncheck the checkbox first, then leave the app, then delete.

[Quad-Gamer]

Thanks Rem0o, greatly appreciated. It's a shame because the app is brilliant and the best fan control software available. I can't find another app control my fans and the bios control on my MB sucks lol.

[louis-lowlight]

It is a shot in the dark but, can't we talk about this issue to Jayztwocents? Maybe he could find a solution. Because yes, so far, this is the best fan control software so far. And it's a shame this kind of problem makes people stop using it.

[OfficiallyCrazy]

You mean that the fans would find a solution. Also I don't think RemOo would like to expose that his program has a vulnerability to the general public.

On Thu, Mar 23, 2023, 3:29 AM louis-lowlight @.***> wrote:

It is a shot in the dark but, can't we talk about this issue to Jayztwocents? Maybe he could find a solution. Because yes, so far, this is the best fan control software so far. And it's a shame this kind of problem makes people stop using it.

— Reply to this email directly, view it on GitHub https://github.com/Rem0o/FanControl.Releases/issues/1521#issuecomment-1480945067, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMRAKMU6CCGQIUSATM3LACTW5QQ2NANCNFSM6AAAAAAUWDUM6E . You are receiving this because you were mentioned.Message ID: @.***>

[gitishi]

Microsoft is implementing RGB controls into win11 maybe they do something like that fro fan controls too, then there would maybe also be a build in API that could enable a software like this to work with... idk that's a double maybe 😅

[louis-lowlight]

You mean that the fans would find a solution. Also I don't think RemOo would like to expose that his program has a vulnerability to the general public. […]

I would appreciate if you don't extrapolate my words, thank you. ;) There is a much clever way to contact someone and ask for help. I'm not talking about his community nor exposing RemOo. The glass is not half empty by the way.

[DspiRaluk]

No need to stop using FanControl. I just dropped Avast and went with Avira. Avast should make it possible for us to make an exception for fancontrol. Until they do I won't be using Avast.

[xeophyte]

Avast should make it possible for us to make an exception for fancontrol.

You can add Fan Control as a program or just the sys file to exceptions, but it doesn't work. Avast still scans it.