AMDRSServ.exe controlled folder acces \Device\HarddiskVolume2 is this malware?

Expanding on Sumit D - IA's comments.
 
AMDRSServ.exe is part of the AMD Radeon software package which includes drivers required for CPU processors, graphics and accelerators. AMDRSServ.exe is more specifically a service responsible for managing AMD graphics cards and the Radeon ReLive feature which allows users to capture, stream and share gameplay videos and screenshots. ReLive is currently supported on systems with AMD Graphics Core Next (GCN) Architecture-based Desktop Graphics.

Hi Sem,

I'm Sumit, here to answer your query at the Microsoft Community.

Apologies for any inconvenience you are experiencing. I am happy to help you today.

It is not malware - Controlled folder access blocks any kind of activity happening from an unrecognised app, thinking that Ransomware is attacking it.

It can be the following behaviours:

• An app isn’t yet recognised (new or unsigned build)

• It performs bulk file changes, renames, deletes or encryption-style I/O

• It uses scripting engines (PowerShell, Office macros) or unusual hooks

I see AMDRSSrv is related to AMD service, which is a legitimate app from AMD. You can add the app to the whitelist using these steps, or simply allow it from the menu.

Press ? Win, type Windows Security and press Enter.

Click Virus & threat protection.

Under Ransomware protection click Manage ransomware protection.

Under Controlled folder access click Allow an app through Controlled folder access.

Click Add an allowed app → Browse all apps.

Navigate to and select the executable you want to whitelist, then click Open. In this case, it is at C:/program files\AMD\CNext/CNext\AMDRSServ.exe

Verify the app appears in the allowed-apps list.

I hope this information is helpful. If you have any further questions, please feel free to reach out to us. Good luck!

Anytime you come across a suspicious file, a detected threat, suspect a file detection may be a possible false positive or you want a second opinion, submit it to one of the online services that analyzes suspicious files for possible malware.

• Comprehensive List of Online File, URL analyzers & services

The consensus among most experts is that if 90%+ of the results of an online file analysis (e.g. VirusTotal, Jotti's virusscan, MetaDefender, Hybrid-Analysis) indicate a file submission is clean, then you can disregard the other detection(s) as a false positive...especially if the detection is more generic, suspicious, potentially unwanted (PUPs) and/or was made by any of the lesser known security vendors. This is typically due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware.

Hi, for the past few months ive been getting windows defender messages about conntrolled folder acces:

some of the names are:

League of Legends.exe - \Device\HarddiskVolume2

AMDRSServ.exe - \Device\HarddiskVolume2

nightreign.exe - \Device\HarddiskVolume2

i use all of these apps / software, but i cant seem to figure out if they are safe or not, and is there a way to find out

Also my Pc's performance has been a bit bad since ive had issues with controlled folder acces