AVAST Self Defense is falsely blocking a file known as gdrv64.sys in \.\GLOBALROOTSystem. This is a legitimate file required for software from GIGABYTE, a manufacturer of gaming computer hardware, to run. Until this false positive is resolved, I have to disable Self Defense for these programs to run.
I couldn’t find the specific file on my hard drive, and I don’t know where “\.\GLOBALROOTSystem” is.
File already has been detected by AdwCleaner as with adware since 2012 (reported in France).
Are the results PUP results (potential unwanted program)?
Else file an FP, read how here: https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
polonus
I am unable to submit a false positive as a search of my hard drive doesn’t find the file in question. If I can’t find it, I can’t upload it. I also don’t know where the listed directory is.
Is file moved to avast chest ? (quarantine) if so you can send it from avast chest … see the guide polonus linked to
Nope. Not in the chest.
Hello, i’ve exacly the same problem the message appears at windows startup and i finally found it was EasyTune utilities program from Gygabyte. I can’t find the file to put it in exceptions. And the trouble cames yesterday with last Avast update. All was fine before.
ENG: I also have this problem as you have since the latest update the appcenter program and related to it (everything from the gigabyte company [the installer was included in the box in part from the computer]) does not work because avast blocks them
(if google translator not work good)
PL:ja też mam ten problem co wy od najnowszej aktualizacji program appcenter i powiązane z nim ( wszystko od firmy gigabyte [instalatory były na płycie w pudełku po częściach od PC]) nie działa bo avast je blokuje
Witam Slugerku,
Google translator works fine. Also some people here also have a fair command of the Polish language,
one of the most difficult languages in the world. 
Wait for an avast team member to comment on that detection and whether it is a genuine FP.
AV works out bad when it interferes with Windows system files with installation tools of third parties,
that then eventually also can create BSOD problems.
Such detections will create some of the worst of errors on any OS, here in hidden Windows system files
So wait for a final verdict of an avast team member. Hope they solve it in the new week.
You could also have a look here: https://www.pconlife.com/viewfileinfo/gdrv-sys/
pozdrawiam,
polonus (Bądźmy razem w domu)
Same problem to me after latest Avast update.
I add the whole Gigabyte directory in exception list, but it doesn’t work.
Avast keeps blocking the .exe.
Please fix it.
Hi there,
Glad to see I’m not the only one with this problem, I got exactly the same message after updating avast just now. I had to uninstall Gigabyte system information viewer (SIV) as I kept getting an infinite series of open driver handle messages which could only be closed via task manager. I also cannot find the file in question either and it isn’t in the virus chest, Hope there is a fix for this.
Just some precisions.
Cordially.
Hello,
same by me.
In Registry HKLM/…/Runonce/ I have this 2 programs: “C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe” and “C:\Program Files (x86)\Gigabyte\SIV\sivro.exe”.
If I try to start it manually, it comes message “Open driver handle failure” and message from Avast: “Sebeobranný modul programu Avast zablokoval: gdrv64.sys (\.\GLOBALROOTSystem)”
Which means "Selfdefence modul of Avast blocked: gdrv64.sys (\.\GLOBALROOTSystem).
I couldn’t find gdrv64.sys on C-Drive so I couldn’t make a exception for this file.
Pavel
L.S.
We do not see a particular case for a qualified malware remover here:
http://www.geekstogo.com/forum/topic/368593-windows-10-64bit-infection/
Especially the part on the open evaluated command prompt is interesting, but cleansing should be done guided by a qualified remover,
so wait for someone to appear here, whenever it is proven here that this is not a genuine false positive. (and only then).
Online you see warnings as SIVRO.EXE classified Win.SIVRO.EXE. SIVRO.EXE may be quite dangerous for your computer!
Technical Information:
Full path on a computer= %PROGRAM FILES%\GIGABYTE\SIV\SIVRO.EXE
This might be complete fear mongering as we also have these info: https://www.freefixer.com/library/file/sivro.exe-229711/
https://www.freefixer.com/library/file/sivro.exe-229711/#vtreport
also: http://startups.glarysoft.com/SIV/sivro.exe/224859/
So, yes, we really have to wait for the final verdict from avast team members as to what this is, and when there will be a fix.
polonus
gdrv64.sys also cannot be found in registry. In Devices looks also everything OK.
Since new Version of Avast the external disks via eSATA are not working.
I don’t need sivro.exe or etro.exe, but it looks like I really need gdrv64.sys.
I deactivated Self defence of Avast and eSATA works again.
Hello,
I have exactly the same problem too for few days now.
I was googling it and I found this post.
Any solution yet ?
I’m also having this issue too.
Cannot seem to find any fix for this so really hoping Avast can get this sorted soon.
I had this problem too but since today it seems to have been resolved. Can anyone else confirm?
EDIT: It is back don’t know why it didn’t happen for a bit.
The problem is still here for me. I forced avast updating to be sure i’ve the last version. I tried to reinstall Gigabyte App Center utility and i’ve still messages ang blockage when i launch the utility.
My avast versions are :
Good morning,
same problem here.
The file is essential to run “Gigabyte easy tune” application, that runs on background. It gets shut down during start of the computer and it is not possible to start it manually.
Please, solve it. It is obvious that the same problem will have everybody that runs Gigabyte based system and has this app installed.
Thank you.
I am having the same problem.
Is there any solution yet?