I've been having an issue with my computer where Microsoft Defender keeps alerting me about a file called "WinRing0x64.sys" being a potential threat. After doing some research, I discovered it's linked to hardware performance testing tools, particularly from Crystal Disk Info, which I uninstalled after noticing the alerts. My concern is that despite uninstalling the program, that file keeps coming back in the System32 directory. Is it possible that there's malware involved, or is it just a leftover file? Do I need to consider a clean install of Windows 11, or is there a better solution?
3 Answers
Microsoft flags the WinRing0x64.sys file as dangerous, but it's actually used by various legitimate programs. Check out the Microsoft's page explaining it. You can follow their advice and exclude it from scans if you believe it's safe.
It is important to note that while WinRing0x64.sys is seen as a vulnerable driver, simply having it on your system isn't necessarily harmful unless paired with malware. You can either remove it and any connected programs or keep it and adjust Defender's settings not to show alerts anymore. If you've removed the program that needed it, you can safely quarantine it and see how your system performs afterwards.
From what I've read, that file isn't malicious by itself, but the fact that it keeps returning is odd. You might still have leftover components of the uninstalled program that depend on it. Try looking for any residual services or scheduled tasks that might be causing it to reappear. Running a full Defender scan could help, too, just to be safe before considering a Windows reinstall.
I've noticed developers are shifting to other systems, but older programs that rely on WinRing0x64 will break if you remove it!