• 01.11.2025, 13:12
  • Registrieren
  • Anmelden

  • Sie sind nicht angemeldet.

 

Hacktool in AquaComputerService.sys

Willock

Newbie

Hacktool in AquaComputerService.sys

Dienstag, 11. März 2025, 10:30

I woke up to this popup this morning:



Wth is this, AquaComputer? I didn't spend £200 on an overpriced reservoir to get a virus!
Edit: Turns out a bunch of software using Winring0 are getting these flagged with the latest Windows Defender update. Including stuff like Fan Control and RGB Software. So potentially nothing to worry about?

Dieser Beitrag wurde bereits 1 mal editiert, zuletzt von »Willock« (11. März 2025, 10:43)

Shoggy

Sven - Admin

Dienstag, 11. März 2025, 12:29

Yes, it is a well known false positive.

You can define the file as an exception or alternatively disable hardware monitoring in the aquasuite. In this case, this driver will not be loaded.

Stephan

Administrator

Mittwoch, 12. März 2025, 11:12

Until now we have a used a open source driver for communication with hardware monitoring chips. It loooks like this dirver has some security issues which needs to be solved.
We are currently working at a new driver but after we have finished this Kernel-Driver it needs to be certified by Microsoft. So this will take some time.

Kernel-Driver have high requirements for security and the process to sign them and certify these drivers with Microsoft takes much more afford than Software. That's why many companys are using drivers that are available and also used this one.

FaktorX

Junior Member

Donnerstag, 4. September 2025, 19:11

Is there any update regarding this? I received this warning also.

f1fan07

Newbie

Donnerstag, 4. September 2025, 19:36

looks like a there is a new FP for the Aquasuite driver:
»f1fan07« hat folgendes Bild angehängt:
  • Defender Aquasuite FP.png

cptninc

Full Member

Donnerstag, 4. September 2025, 19:53

I also got the new notice just now. Is this a confirmed false positive or are we just assuming at this moment?

Remayz

Senior Member

Donnerstag, 4. September 2025, 22:56

Zitat von »f1fan07«

looks like a there is a new FP for the Aquasuite driver:
Fancontrol gives the same. It seems to still be related to winring0... probably.
I do not use Aquasuite hardware monitoring and i never have had the warning.

Speedy-VI

Senior Member

Freitag, 5. September 2025, 02:33

I asked about this in April in THIS POST when Microsoft said they were going to crack down on Winring0, which is an unsigned Kernel mode driver. I was directed to a March 12th POST FROM AQUACOMPUTER that said they were developing their own driver which they were going to get certified. I use HWINFO and SIV to poll system sensors. The authors of both programs have written Kernel mode drivers and got them certified by Microsoft. HWiNFO64A.sys is HLK tested and fully WHQL Certified. SIVX64.sys is Attestation-signed by Microsoft.

Getting a driver through HLK testing to get WHQL is an involved process, but getting a driver Attestation-signed by Microsoft is an automated process that only takes a few days. With Windows 10 support ending in October, more people will be moving to Windows 11 with Secure Boot + HVCI (Core Isolation) enabled, Winring0 is going to be blocked from loading, which is going to stop Aquasuite's hardware monitoring from functioning. Aquacomputer needs to get their driver signed and stop using Winring0 ASAP.

Ähnliche Themen