Why Windows identifies random apps as threats

Some Windows PC owners woke up earlier this week to find their computers suddenly receiving spam messages from Windows Defender warning them about a new “HackTool” called WinRing0. While these warnings are certainly concerning, chances are your computer isn’t actually under attack—at least not yet. But that doesn’t mean you should ignore the warnings.

Why WinRing0 started activating Windows Defender

The problem with random alerts like this is that it's not always clear what the threat is or why Defender considers it a threat. In the case of WinRing0, it's because an exploit in that kernel-level software has previously been linked to dangerous malware (as BleepingComputer reported).

Having kernel-level access essentially means that WinRing0 has access to core components and resources of the operating system. That's a dangerous gamble if the software can be exploited in some way, and it appears that WinRing0 has become the primary driver behind how the SteelFox malware operates and gains access to infected systems.

Even if you've taken the effort to harden your Windows PC's security with Defender, malware like SteelFox can still use the vulnerability found in WinRing0 to bypass your protections.

Another big problem with software like WinRing0 is that it tends to find its way into a lot of different software. That’s the case with this latest Windows Defender warning, which The Verge reports is part of a number of widely used PC fan control apps, including Fan Control, which was mentioned a few years ago.

Windows Defender also seems to trigger the warning if you have other third-party monitoring software installed, including Libre Hardware Monitor, MSI Afterburner , SteelSeries Engine, Razer Synapse, OmenMon, etc.

This is not surprising.

The overall impact of this on monitoring software like Afterburner and Fan Control is clear. Unless Microsoft provides some way for these apps to access these low-level permissions in the future, you’re taking a huge security risk by installing and using any of them.

The move isn’t entirely unexpected, however. Last year’s massive CrowdStrike breach had dire consequences for many companies, including some in the healthcare industry. Since then, Microsoft has been under a lot of pressure to close security holes that shouldn’t exist, like the one WinRing0 used to gain kernel-level access.

It’s unclear why it took Microsoft so long to address WinRing0. That doesn’t mean that software that uses it is completely useless, though. You can still use it if you want. But you’re likely putting your system at risk by doing so.

Why Windows identifies random apps as threats
Run Windows Defender Scan in Windows Security settings

Unfortunately, there is a workaround, but it’s unlikely to work. According to comments on GitHub, the vulnerability found in WinRing0 has been patched. However, getting it approved and signed by Microsoft is unlikely, as the open source community behind it doesn’t believe they have the resources to get Microsoft to sign the latest version. And without Microsoft’s signature, you won’t be able to install it on your Windows system.

The only other alternative is for each of these application developers to create their own software to access kernel-level permissions. But that is an expensive endeavor that many of them cannot afford. Even if they did, it would likely result in additional costs for users of their software through software purchases.

If you use any of the monitoring software mentioned above, or if you notice Windows Defender warning you about WinRing0 on your system, then there’s probably nothing to worry about at the moment. However, it’s always better to be safe than sorry, especially when it comes to software with kernel-level access like this.

Sign up and earn $1000 a day ⋙

Leave a Comment

Word now supports summarizing super long documents

Word now supports summarizing super long documents

Microsoft has officially announced a very useful new feature for Word users, allowing for easier processing of long documents with the help of AI.

How to check computer CPU temperature?

How to check computer CPU temperature?

Let's learn with WebTech360 how to check your computer's CPU temperature in the article below!

Microsoft Edge Game Assist is now available, whats new?

Microsoft Edge Game Assist is now available, whats new?

Back in late November 2024, Microsoft announced Edge Game Assist—a new feature that makes it easier to browse the internet while playing games on your computer.

Instructions for changing computer wallpaper for Windows

Instructions for changing computer wallpaper for Windows

With the default wallpapers on Windows sometimes make us bored. So instead of using those default wallpapers, refresh and change them to bring newness to work and affirm your own personality through the wallpaper of this computer.

Microsoft allows users to use Office applications on Windows for free, but with some limitations.

Microsoft allows users to use Office applications on Windows for free, but with some limitations.

Microsoft recently raised the price of its Microsoft 365 subscription, justifying the change by adding more AI experiences to the service.

Microsoft is making Windows the ideal operating system for music makers.

Microsoft is making Windows the ideal operating system for music makers.

At the Qualcomm Snapdragon Summit on October 22, Microsoft announced a series of improvements coming to Windows PCs that will improve the overall experience for musicians, music producers, and other audio professionals.

Customize Default User Profile in Windows 7 – Part 1

Customize Default User Profile in Windows 7 – Part 1

In this series of articles we will introduce you to how to customize the default user profile in Windows 7.

New Vulkan SDK Released, Allowing Developers to Build Native Vulkan API Apps for Windows on Arm Platforms

New Vulkan SDK Released, Allowing Developers to Build Native Vulkan API Apps for Windows on Arm Platforms

The launch of the new Copilot+ series of PCs powered by the Snapdragon X Elite processor based on Arm architecture is driving increased interest from developers in building native games and apps specifically for this emerging market segment.

How to run multiple instances of a Windows program

How to run multiple instances of a Windows program

There are a number of ways you can run a different version of the same application. The following guide will explain which method is best for a particular type of program.

Windows Mail is going away, what should I know?

Windows Mail is going away, what should I know?

After a long period of “living on the sidelines,” the Windows Mail, Calendar, and People apps are slowly approaching the end of their lifecycles. Microsoft recently updated its official documentation to clarify that the aforementioned apps will be completely retired on December 31, 2024.

Clipboard History: One of Windows Most Useful and Often Overlooked Features

Clipboard History: One of Windows Most Useful and Often Overlooked Features

Perhaps many of us have used Windows PCs for decades, but are completely unaware of Clipboard and how to take advantage of this useful feature to improve our work performance.

5 ways to quickly launch programs on Windows

5 ways to quickly launch programs on Windows

Windows has a few built-in tricks that allow you to quickly launch applications without having to hunt for the application icon on the desktop. You can even try some third-party launchers like Launchy. These third-party programs offer more features than the search engine on St.

Microsoft Begins Disabling NTLM Authentication in Windows

Microsoft Begins Disabling NTLM Authentication in Windows

NTLM is an older authentication protocol from Microsoft and was replaced by Kerberos in Windows 2000.

Microsoft ActiveX will be disabled by default in Office 2024

Microsoft ActiveX will be disabled by default in Office 2024

ActiveX is a framework library for defining reusable software components in a programming language in an independent manner.

How to turn Windows Security notifications on and off on Windows

How to turn Windows Security notifications on and off on Windows

In case you do not need to receive notifications from Windows Security, you can completely turn it off and turn it back on whenever you need.

Windows 11 taskbar has a hidden End Task feature, heres how to enable it

Windows 11 taskbar has a hidden End Task feature, heres how to enable it

End Task is a feature in Windows Task Manager that allows users to close any responding or unresponsive program.

5 easiest and fastest ways to take screenshots on Win 10

5 easiest and fastest ways to take screenshots on Win 10

Take a full Win 10 screenshot or take a partial screenshot using a shortcut key, using Win 10 computer screenshot software or built-in tools in the operating system. In the article below, we will show you the 4 most popular ways to take a screenshot of a Windows 10 computer.

6 Apps That Bring macOS Features to Windows PCs

6 Apps That Bring macOS Features to Windows PCs

Luckily, you can use these apps to bring popular macOS features to your Windows PC.

How to Check Crash Logs on Windows 11

How to Check Crash Logs on Windows 11

Windows creates a log file for all crashes, regardless of whether you have fixed the problem or not. This is extremely useful when you want to find out why your computer is having a problem.

How to Check RAM, GPU, and CPU Usage in Windows 11

How to Check RAM, GPU, and CPU Usage in Windows 11

If you're using Windows, there are tools built into the operating system that allow you to quickly look up how much RAM, CPU, and GPU are being used by a particular process.

How to uninstall and reinstall WiFi driver on Windows 11

How to uninstall and reinstall WiFi driver on Windows 11

When troubleshooting network issues, you will need to look for your computer's WiFi drivers. If you determine that an invalid driver is causing your network issues, you can reinstall the WiFi driver to fix the problem.

AI is the future of Windows 11

AI is the future of Windows 11

Microsoft first started pushing the idea of ​​an AI-powered Windows in 2024 under the name of the New Era of Work - but what is Windows 11 AI? It's a complex mix of innovations and includes AI-powered PCs, built-in Copilot, and Windows AI Studio.

How to Turn Windows 11 into macOS

How to Turn Windows 11 into macOS

Windows 11 computers will be transformed into macOS interface to become more novel.

The “original” version of Windows 11 is about to die

The “original” version of Windows 11 is about to die

Not long ago, Microsoft stopped providing support for Windows 10 version 21H2, which means version 22H2 becomes the only supported Windows 10 release at the moment.

How to Fix No Audio Output Device Is Installed Error on Windows

How to Fix No Audio Output Device Is Installed Error on Windows

Sometimes you may get the error message “No Audio Output Device Is Installed” when hovering over the sound icon. This error occurs when Windows does not detect your connected audio devices.

Turn off Windows Defender (Windows Security) on Windows 10, Windows 11

Turn off Windows Defender (Windows Security) on Windows 10, Windows 11

How to completely disable Windows Defender on Windows 10? There are several ways to disable Windows Defender on Windows 10, please see the detailed instructions below.

How to Install Paint 3D on Windows 10 and 11

How to Install Paint 3D on Windows 10 and 11

Paint 3D is no longer available in the Microsoft Store, but that doesn't mean you won't have another chance to try it out.

Tips to turn photos into works of art on Photos Windows 11

Tips to turn photos into works of art on Photos Windows 11

In the Windows 11 Photos app, Restyle Image is an AI feature that lets you transform photos into various artistic styles with just a quick click.

How to verify MD5, SHA-1 and SHA-256 checksums in Windows

How to verify MD5, SHA-1 and SHA-256 checksums in Windows

By checking the MD5, SHA-1, or SHA-256 checksum of a file, you can verify the integrity of the file and ensure that it has not been corrupted or changed.