Share via

How to Fix VulnerableDriver:WinNT/Winring0

Spore222 20 Reputation points
2026-03-20T20:18:41.0733333+00:00

So this keeps popping up when I load into a game and prompts me to restart. I looked up on google and it says it may be a false positive. is there a way to update this so it doesn't show as a threat?User's image

Windows for home | Windows 11 | Security and privacy
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-20T20:19:10.13+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The VulnerableDriver:WinNT/Winring0 alert is not a false positive. Microsoft Defender Antivirus is correctly detecting the WinRing0 driver as vulnerable, as documented in CVE-2020-14979. Some gaming and hardware monitoring tools bundle this driver, which is why the alert appears when starting games or related utilities.

    To stop the alert while understanding the risk, there are two options:

    1. Remove or update the affected app
    • Identify which app uses WinRing0 (for example, tools like CapFrameX, EVGA Precision X1 (older versions), FanCtrl, HWiNFO, Libre Hardware Monitor, MSI Afterburner, Open Hardware Monitor, OpenRGB, OmenMon, Panorama9, SteelSeries Engine, ZenTimings, and others may be affected).
    • Uninstall that app or update it to a version that no longer uses the vulnerable WinRing0 driver, if the vendor provides one.
    • This is the safest way to prevent the alert.
    1. Temporarily exclude the app from Microsoft Defender Antivirus (not recommended, higher risk) If the app is trusted and must be used, the alert can be suppressed by adding an exclusion. This lowers protection and should only be done at personal risk.

    Windows 11:

    1. Select Start > Settings > Privacy & security > Windows Security (or Start > Settings > Update & security > Windows Security depending on build).
    2. Select Virus & threat protection.
    3. Under Virus & threat protection settings, select Manage settings.
    4. Scroll to Exclusions and select Add or remove exclusions.
    5. Select Add an exclusion, then choose the specific file or folder for the affected application.

    Warning: Adding an exclusion may make the device more vulnerable to attack by malicious software. Use this workaround only if fully comfortable with the risk.

    If the alert continues after removing or updating the app, keep Defender enabled and avoid adding exclusions; the detection indicates the vulnerable driver is still present.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.