Windows Defender and other antivirus software (repeatedly) detect the AquaComputerService.sys file as a threat or virus.



This is not a virus!

This file is a driver that aquasuite has been using for many years for hardware monitoring (e.g. CPU temperature). The exact same driver is also used by numerous other, far more popular programs and companies.

A security vulnerability (CVE-2020-14979) has been known to exist in this driver for some time. The problem is that the driver lacks a security descriptor and can be accessed with user rights. Since the driver has deep access to the system, it is possible to execute malicious code.

Regardless of the version, aquasuite applies a security descriptor when installing the driver, which restricts access to system and admin rights. Based on current knowledge and our own tests, the attack scenario is no longer feasible.

Please note: If any other application installs the driver before aquasuite without a corresponding security descriptor, the driver is vulnerable. In this case, this is a failure on the part of the corresponding application.

We are already working on a solution by creating our own customized version of the driver and having it certified by Microsoft. However, this is a complex process and will therefore take some time.

If you do not see any problems with using the driver, you can define it as an exception. Alternatively, you can deactivate all hardware monitor modules in aquasuite via the aquasuite -> Service tab. This will prevent aquasuite from loading the corresponding driver. System data can still be transferred to aquasuite via HWiNFO or AIDA64 if required.