Question Is inpoutx64.sys safe?

Please provide comments and solutions that are helpful to the author of this topic.
pvsurfer

pvsurfer

Level 2
Thread author
Verified
Oct 20, 2019
66
204
66
I'm in the U.S.A. so because of our government's recent Kaspersky ban, 10-days ago I replaced Kaspersky Free with Bitdefender Free on my 8 year old laptop, now running Win11 (23H2). Since then, Bitdefender keeps notifying me about "inpoutx64.sys", inside Windows\system 32\drivers, suggesting it be quarantined. The thing is, Kaspersky never reported a problem with "inpoutx64.sys"!

I tried sending "inpoutx64.sys" (complete path) to VirusTotal but received an error message that the file could not be opened. So should I allow BD to quarantine it, or ignore it?
 
Last edited:
  • Like
Reactions: SeriousHoax and simmerskool
"inpoutx64.sys" is typically a legitimate file associated with hardware input-output operations. It's possible that Bitdefender is giving a false positive. However, it's also possible that malware is disguising itself as this file. If VirusTotal can't open it, try uploading the file to another online scanner like Jotti's malware scan. If all scans come back negative, it's likely safe. Always ensure to keep your antivirus software updated for accurate detection.
 
  • Like
Reactions: pvsurfer and simmerskool
The genuine inpoutx64.sys file is usually located in the C:\Windows\System32\drivers folder.

Right-click on the file, select "Properties", and check the following:

File version: Compare it to the version information available online for the legitimate file.

Digital signature: Ensure it's signed by a trusted publisher (usually Microsoft).

Date modified: Check if the modification date seems unusual.
 
  • Like
  • Hundred Points
  • Thanks
Reactions: roger_m, brambedkar59, Jonny Quest and 4 others
Bitdefender is a great antivirus, but it has false positives, I recommend you keep "Rescan quarantine after threat information update" option enabled in Bitdefender quarantine settings, it will help even if it quarantined a legitimate file.

bitdefender-quarantine-settings.png

from Bitdefender customer support page:
It is advisable to keep this option active to automatically scan quarantined files after each threat information database is updated. Cleaned files are automatically moved back to their original location.
Click to expand...
 
  • Like
  • +Reputation
  • Thanks
Reactions: SeriousHoax, pvsurfer, brambedkar59 and 3 others
If I were you I'd report it to BD support. If it is FP, they will whitelist it.

Edit

May I ask what component of BD is reacting to this file?
 
  • +Reputation
Reactions: pvsurfer
Feature:Antivirus
The app C:\Windows\System32\drivers\inpoutx64.sys has been detected as a potentially unwanted application and was blocked. Detection name: Gen:Application.Venus.Ganymede.Inpoutx.6ay1@a4SbT2hi
 
  • Like
Reactions: SeriousHoax and Divine_Barakah
lokamoka820 said:
Bitdefender is a great antivirus, but it has false positives, I recommend you keep "Rescan quarantine after threat information update" option enabled in Bitdefender quarantine settings, it will help even if it quarantined a legitimate file.

View attachment 284810

from Bitdefender customer support page:
Click to expand...
Thanks for the tip, but exactly where do I find Quarantine Settings?
 
pvsurfer said:
Feature:Antivirus
The app C:\Windows\System32\drivers\inpoutx64.sys has been detected as a potentially unwanted application and was blocked. Detection name: Gen:Application.Venus.Ganymede.Inpoutx.6ay1@a4SbT2hi
Click to expand...
I checked my system and didn't find this as a windows' installation component, so it maybe installed by other software, I searched about it and find that it detected as "potentially dangerous application" by ESET Smart Security too:
forum.eset.com

inpoutx64.sys potentially dangerous application

Why does eset report Win64/HighRez.A threat in file C:\windows\system32\drivers\inpoutx64.sys application path c:\Widnows\system32\compattelrunner.exe. ? Regards
forum.eset.com forum.eset.com
So I checked more and find that the driver is in the list of known vulnerable drivers, which allows privileged users to access kernel-land:

91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f

inpoutx64.sys Description inpoutx64.sys is a vulnerable driver and more information will be added as found. UUID: 91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f Created: 2023-01-09 Author: Michael Haag DownloadBlock This download link contains the vulnerable driver! Commands sc.exe create inpoutx64.sys...
www.loldrivers.io www.loldrivers.io
I recommend you to scan your system with some second opinion scanners because it looks that Kaspersky missed it, not a false positive of Bitdefender.
 
  • Like
Reactions: SeriousHoax
lokamoka820 said:
I checked my system and didn't find this as a windows' installation component, so it maybe installed by other software, I searched about it and find that it detected as "potentially dangerous application" by ESET Smart Security too:
forum.eset.com

inpoutx64.sys potentially dangerous application

Why does eset report Win64/HighRez.A threat in file C:\windows\system32\drivers\inpoutx64.sys application path c:\Widnows\system32\compattelrunner.exe. ? Regards
forum.eset.com forum.eset.com
So I checked more and find that the driver is in the list of known vulnerable drivers, which allows privileged users to access kernel-land:

91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f

inpoutx64.sys Description inpoutx64.sys is a vulnerable driver and more information will be added as found. UUID: 91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f Created: 2023-01-09 Author: Michael Haag DownloadBlock This download link contains the vulnerable driver! Commands sc.exe create inpoutx64.sys...
www.loldrivers.io www.loldrivers.io
I recommend you to scan your system with some second opinion scanners because it looks that Kaspersky missed it, not a false positive of Bitdefender.
Click to expand...
No, inpoutx64.sys is not a standard part of the Windows operating system.

It's a third-party driver, often associated with:

RGB lighting control: Many gaming peripherals and PC components use this driver to manage their RGB lighting effects.

Fan control software: Some third-party fan control applications rely on this driver for specific hardware interactions.
 
  • Like
Reactions: harlan4096
Lynx said:
No, inpoutx64.sys is not a standard part of the Windows operating system.

It's a third-party driver, often associated with:

RGB lighting control: Many gaming peripherals and PC components use this driver to manage their RGB lighting effects.

Fan control software: Some third-party fan control applications rely on this driver for specific hardware interactions.
Click to expand...
So it will depend on his installed software if it needs it or not?
 
pvsurfer said:
I tried sending "inpoutx64.sys" (complete path) to VirusTotal but received an error message that the file could not be opened. So should I allow BD to quarantine it, or ignore it?
Click to expand...
You don't need to send the complete path, you need to upload the file itself to VirusTotal to be scanned:
  1. Visit VirusTotal.
  2. Click choose file and use the file explorer window to go through the path of "inpoutx64.sys", or drag and drop "inpoutx64.sys" file on VirusTotal window, both methods will work.
  3. Wait for the scan results, which will display a comprehensive report.
 
lokamoka820 said:
So it will depend on his installed software if it needs it or not?
Click to expand...
Inpout64.sys is a system driver, not a user-level application.

Whether or not a user needs Inpout64.sys depends solely on whether they have hardware that requires it (like RGB keyboards, mice, or other peripherals). The installed software doesn't influence its necessity.

Inpout64.sys can indeed conflict with security applications.

This is primarily due to the following reasons:

Low-level access: As a system driver, it operates at a low level, which can raise flags for security software that is designed to protect against malicious activities.

False positives: Overly aggressive security software might mistakenly identify Inpout64.sys as a threat, leading to conflicts.
 
  • Like
Reactions: SeriousHoax, pvsurfer and harlan4096
A related question: Over the short time that I've been using Bitdefender Free it has found and quarantined several FPs. Every time I attempt to restore an FP Bitdefender reports "Failed to find the specified path" (see example below)! So how do I go about restoring a quarantined FP?

bd_fp_2024-08-07 110733.png
 
Last edited:
  • Like
Reactions: SeriousHoax
pvsurfer said:
A related question: Over the short time that I've been using Bitdefender Free it has found and quarantined several FPs. Every time I attempt to restore an FP Bitdefender reports "Failed to find the specified path" (see example below)! So how do I go about restoring a quarantined FP?

View attachment 284840
Click to expand...
Is the file still in the quarantine? Because this is not a file, this is a registry key.
 
Last edited:
  • Sad
Reactions: pvsurfer
It's a vulnerable driver so the detection is not surprising. The detection name "Gen:Application.Venus.Ganymede.Inpoutx.6ay1@a4SbT2hi" clearly shows that it's not random genetic signature rather an exact signature/heuristic for the "Inpoutx" driver.
Some vendors like ESET create file-based signature for every vulnerable driver even if part of a safe program and usually detect them as PUA. Others sometimes do not create a file-based signatures for drivers (especially if the driver is part of a known good program) but would stop any exploit attempt by the AVs other protection layer (Avast, BD, Kaspersky, etc).
If you don't need this driver, then don't restore it. If you really need it, then restore and add to exclusion. But excluding drivers may not always prevent detection (Happens with Avast).
pvsurfer said:
A related question: Over the short time that I've been using Bitdefender Free it has found and quarantined several FPs. Every time I attempt to restore an FP Bitdefender reports "Failed to find the specified path" (see example below)! So how do I go about restoring a quarantined FP?

View attachment 284840
Click to expand...
Search Bitdefender on start menu, right-click and run as administrator, it should launch the BD UI, and you should be able to restore.
 
  • +Reputation
Reactions: Trident, brambedkar59, roger_m and 3 others

You may also like...