Microsoft’s attention to WinRing0 has finally come to fruition and Defender is flagging it as severe and subjecting it to quarantine. However, one can restore it and it’ll be an allowed threat.
WinRIng0 is a kernel driver released to the Open Source community by OpenLibSys.org about 20 years ago. It loads as WinRing0_1_2_0 (v1.2.0.5) and abandoned by its creator, Noriyuki Miyazaki, a long time ago.
There is a reddit thread focused on a popular EVGA product, but the dialogue for WinRing0, regardless of product, is universal and exhaustive.
Why does Defender hate Fan Control? An explanation of Windows Drivers, WinRing0.sys, and its 7.8 CVE score:
https://www.reddit.com/r/FanControl/comments/1j93doq/why_does_defender_hate_fan_control_an_explanation/
gringrant’s conclusion is ominous: “If you choose to override Defender, know that your OS’s front door is open, and any program you run can use it for whatever they wish.”
I have two apps, OpenHardwareMonitor and as Open Source Developer, Noriyuki Miyazaki, CrystalDiskInfo 8, with the former Allow App Launch, the others Add Rule and the latter all Ad Rule.
-
Would SpyShelter now protect from any behavior evoked by WinRing0? I would think that’d be under System Integrity Control. High is my custom setting.
-
If not, is it something it could do in a hopefully soon update?