Avast false positive detection?

Hi, i have problem. I have AMD Cpu that i want to undervolt and for that i need really popular app called PBO2 tuner but i have problem that my (Avast Free Version) keep blocking it with message “zenstates-core.sys blocked avast”, i tried to add whole PBO2 tuner folder as exceptions and even disable protection for 10 minutes in order to run the app but i still get sammge message. When i click on settings it’s say that i need to disable " Block vulnerable kernel drivers" option but i don’t want to do that. Is there any way around it or is there way for avast programers to fix this problem? Everybody using that app for Ryzen procesors, other AV progams on my friends pc-s not triggering anything from that app and yes i donwloaded it from official site. Thank you.
Screenshot_1

In addition to blocking the launch of old vulnerable drivers, this function does not protect you in any way. Therefore, look at the version of your driver and try to find a newer one on the manufacturer’s website, or feel free to disable this feature.
Vulnerability means the potential for hacking. But other antivirus components protect against hacking. Firewall, file, internet and other screens. So you are not defenseless.

It seems “zenstates-core.sys” is a renamed version of “WinRing0.sys”, which is considered as vulnerable. It have to be fixed by corresponding developers, not Avast.

Why you can say that? It’s an additional defense layer like other shields.

Yes, but all it does is detect and block the launch of a vulnerable driver. This is just the essence of this protection. It’s like chopping off a dirty hand. If a vulnerable driver is found, then this protection turns a potential problem into a real one. And it does not provide any options except “me or her”. The driver is usually more important. It would be nice to have just a notification or manual mode, but there is none.

It seems it’s a matter of opinions, in my view it’s “better than nothing” feature, while you seem not.

BTW, exclusions for certain drivers seems considered unreasonable by Avast devs.

I can’t agree with that. Each vulnerability needs its own malware. If you ignore only one vulnerability, then the rest are closed and the attack field is much smaller.
But this is in the case of several vulnerable drivers, when one cannot be updated, and the second can. You find a driver that cannot be updated. Few people will want to give up using it. If there is no possibility of ignoring, then you have to turn off everything without options, opinions and wishes. Therefore, you will not learn about new vulnerable drivers that may be able to be updated. Therefore, the user must decide, just as in the case of other detected threats.
But you need to be able to take advantage of vulnerability and bypass all other obstacles at the same time. And there are a lot of them. Therefore, I think that it is possible to live without such protection. Moreover, all the software is full of vulnerabilities. Otherwise, there would be no antiviruses.

I won’t comment any further as it’s becoming off-topic.

In any case, there are only 2 choices for now: giving up using that software and keep protection, or disable driver blocking with some risks. That is how it works now.

That’s exactly what I wrote about. :slightly_smiling_face: