In the past few hours, Microsoft Defender has started flagging WinRing0x64.sys, a common driver used by various system monitoring and customization tools, as HackTool:Win32/Winring0. This unexpected detection has caused confusion among users who rely on tools like MSI Afterburner, OpenRGB, FanCtrl, CapFrameX, SteelSeries Engine, ZenTimings, and more for hardware monitoring and customization.
But is this a real security threat, or just another false positive? Let’s break it down.
What’s Happening?
Microsoft Defender has begun identifying WinRing0x64.sys as a potential security risk, preventing users from running applications that rely on this driver. This has led to widespread frustration, as these tools are commonly used for monitoring CPU and GPU performance, controlling RGB lighting, and managing fan speeds.
Reddit users across multiple tech-related communities have reported similar experiences:
- r/techsupport – Users reporting sudden detection
- r/OpenRGB – Discussions on whether it’s safe
- r/antivirus – Concerns about false positives
- r/msp – IT professionals discussing the issue
These reports suggest that this is a widespread issue, affecting various users across different software applications.
Is WinRing0x64.sys Actually a Threat?
The WinRing0x64.sys driver has long been known to have a theoretical security vulnerability because it allows low-level access to system hardware. However, no recent changes have made it more dangerous than it was before. The sudden classification of it as a HackTool is likely a false positive by Microsoft Defender.
Developers of affected tools, such as CapFrameX, have reassured users that this driver has not become inherently more or less secure overnight.
How to Fix the Issue? (Temporary Workaround)
If you trust the software using WinRing0x64.sys and need it to function properly, you can manually set an exception in Microsoft Defender to bypass the false positive detection. Here’s how:
- Open Windows Security
- Go to Virus & threat protection
- Click on Manage settings under Virus & threat protection settings
- Scroll down to Exclusions and click Add or remove exclusions
- Add the affected file or folder as an exclusion
This should allow your monitoring or RGB software to function normally while keeping the rest of your system protected.
Has Microsoft Responded?
As of now, Microsoft has not officially commented on this issue. However, we are closely monitoring for any statements or updates from Microsoft regarding a fix or clarification.
(UPDATE: If Microsoft provides an official response, it will be added here.)
Watch Our Video for More Details!
For a more detailed breakdown of the issue and a step-by-step guide on fixing it, check out our latest YouTube video where we dive deeper into what’s happening and what you can do to resolve it!
