Question Is inpoutx64.sys safe?

Please provide comments and solutions that are helpful to the author of this topic.

pvsurfer

pvsurfer

Level 2
Thread author
Verified
Oct 20, 2019
64
I'm in the U.S.A. so because of our government's recent Kaspersky ban, 10-days ago I replaced Kaspersky Free with Bitdefender Free on my 8 year old laptop, now running Win11 (23H2). Since then, Bitdefender keeps notifying me about "inpoutx64.sys", inside Windows\system 32\drivers, suggesting it be quarantined. The thing is, Kaspersky never reported a problem with "inpoutx64.sys"!

I tried sending "inpoutx64.sys" (complete path) to VirusTotal but received an error message that the file could not be opened. So should I allow BD to quarantine it, or ignore it?
 
Last edited:
  • Like
Reactions: SeriousHoax and simmerskool
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,315
"inpoutx64.sys" is typically a legitimate file associated with hardware input-output operations. It's possible that Bitdefender is giving a false positive. However, it's also possible that malware is disguising itself as this file. If VirusTotal can't open it, try uploading the file to another online scanner like Jotti's malware scan. If all scans come back negative, it's likely safe. Always ensure to keep your antivirus software updated for accurate detection.
 
  • Like
Reactions: pvsurfer and simmerskool
F

ForgottenSeer 114834

The genuine inpoutx64.sys file is usually located in the C:\Windows\System32\drivers folder.

Right-click on the file, select "Properties", and check the following:

File version: Compare it to the version information available online for the legitimate file.

Digital signature: Ensure it's signed by a trusted publisher (usually Microsoft).

Date modified: Check if the modification date seems unusual.
 
  • Like
  • Hundred Points
  • Thanks
Reactions: roger_m, brambedkar59, Jonny Quest and 4 others
lokamoka820

lokamoka820

Level 21
Mar 1, 2024
1,060
Bitdefender is a great antivirus, but it has false positives, I recommend you keep "Rescan quarantine after threat information update" option enabled in Bitdefender quarantine settings, it will help even if it quarantined a legitimate file.

bitdefender-quarantine-settings.png

from Bitdefender customer support page:
It is advisable to keep this option active to automatically scan quarantined files after each threat information database is updated. Cleaned files are automatically moved back to their original location.
Click to expand...
 
  • Like
  • +Reputation
  • Thanks
Reactions: SeriousHoax, pvsurfer, brambedkar59 and 3 others
Divine_Barakah

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
If I were you I'd report it to BD support. If it is FP, they will whitelist it.

Edit

May I ask what component of BD is reacting to this file?
 
  • +Reputation
Reactions: pvsurfer
pvsurfer

pvsurfer

Level 2
Thread author
Verified
Oct 20, 2019
64
Feature:Antivirus
The app C:\Windows\System32\drivers\inpoutx64.sys has been detected as a potentially unwanted application and was blocked. Detection name: Gen:Application.Venus.Ganymede.Inpoutx.6ay1@a4SbT2hi
 
  • Like
Reactions: SeriousHoax and Divine_Barakah
pvsurfer

pvsurfer

Level 2
Thread author
Verified
Oct 20, 2019
64
lokamoka820 said:
Bitdefender is a great antivirus, but it has false positives, I recommend you keep "Rescan quarantine after threat information update" option enabled in Bitdefender quarantine settings, it will help even if it quarantined a legitimate file.

View attachment 284810

from Bitdefender customer support page:
Click to expand...
Thanks for the tip, but exactly where do I find Quarantine Settings?
 
lokamoka820

lokamoka820

Level 21
Mar 1, 2024
1,060
pvsurfer said:
Feature:Antivirus
The app C:\Windows\System32\drivers\inpoutx64.sys has been detected as a potentially unwanted application and was blocked. Detection name: Gen:Application.Venus.Ganymede.Inpoutx.6ay1@a4SbT2hi
Click to expand...
I checked my system and didn't find this as a windows' installation component, so it maybe installed by other software, I searched about it and find that it detected as "potentially dangerous application" by ESET Smart Security too:
forum.eset.com

inpoutx64.sys potentially dangerous application

Why does eset report Win64/HighRez.A threat in file C:\windows\system32\drivers\inpoutx64.sys application path c:\Widnows\system32\compattelrunner.exe. ? Regards
forum.eset.com forum.eset.com
So I checked more and find that the driver is in the list of known vulnerable drivers, which allows privileged users to access kernel-land:

91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f

inpoutx64.sys Description inpoutx64.sys is a vulnerable driver and more information will be added as found. UUID: 91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f Created: 2023-01-09 Author: Michael Haag Acknowledgement: | DownloadBlock This download link contains the vulnerable driver! Commands sc.exe...
www.loldrivers.io www.loldrivers.io
I recommend you to scan your system with some second opinion scanners because it looks that Kaspersky missed it, not a false positive of Bitdefender.
 
  • Like
Reactions: SeriousHoax
F

ForgottenSeer 114834

lokamoka820 said:
I checked my system and didn't find this as a windows' installation component, so it maybe installed by other software, I searched about it and find that it detected as "potentially dangerous application" by ESET Smart Security too:
forum.eset.com

inpoutx64.sys potentially dangerous application

Why does eset report Win64/HighRez.A threat in file C:\windows\system32\drivers\inpoutx64.sys application path c:\Widnows\system32\compattelrunner.exe. ? Regards
forum.eset.com forum.eset.com
So I checked more and find that the driver is in the list of known vulnerable drivers, which allows privileged users to access kernel-land:

91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f

inpoutx64.sys Description inpoutx64.sys is a vulnerable driver and more information will be added as found. UUID: 91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f Created: 2023-01-09 Author: Michael Haag Acknowledgement: | DownloadBlock This download link contains the vulnerable driver! Commands sc.exe...
www.loldrivers.io www.loldrivers.io
I recommend you to scan your system with some second opinion scanners because it looks that Kaspersky missed it, not a false positive of Bitdefender.
Click to expand...
No, inpoutx64.sys is not a standard part of the Windows operating system.

It's a third-party driver, often associated with:

RGB lighting control: Many gaming peripherals and PC components use this driver to manage their RGB lighting effects.

Fan control software: Some third-party fan control applications rely on this driver for specific hardware interactions.
 
  • Like
Reactions: harlan4096
lokamoka820

lokamoka820

Level 21
Mar 1, 2024
1,060
Lynx said:
No, inpoutx64.sys is not a standard part of the Windows operating system.

It's a third-party driver, often associated with:

RGB lighting control: Many gaming peripherals and PC components use this driver to manage their RGB lighting effects.

Fan control software: Some third-party fan control applications rely on this driver for specific hardware interactions.
Click to expand...
So it will depend on his installed software if it needs it or not?
 
lokamoka820

lokamoka820

Level 21
Mar 1, 2024
1,060
pvsurfer said:
I tried sending "inpoutx64.sys" (complete path) to VirusTotal but received an error message that the file could not be opened. So should I allow BD to quarantine it, or ignore it?
Click to expand...
You don't need to send the complete path, you need to upload the file itself to VirusTotal to be scanned:
  1. Visit VirusTotal.
  2. Click choose file and use the file explorer window to go through the path of "inpoutx64.sys", or drag and drop "inpoutx64.sys" file on VirusTotal window, both methods will work.
  3. Wait for the scan results, which will display a comprehensive report.
 
F

ForgottenSeer 114834

lokamoka820 said:
So it will depend on his installed software if it needs it or not?
Click to expand...
Inpout64.sys is a system driver, not a user-level application.

Whether or not a user needs Inpout64.sys depends solely on whether they have hardware that requires it (like RGB keyboards, mice, or other peripherals). The installed software doesn't influence its necessity.

Inpout64.sys can indeed conflict with security applications.

This is primarily due to the following reasons:

Low-level access: As a system driver, it operates at a low level, which can raise flags for security software that is designed to protect against malicious activities.

False positives: Overly aggressive security software might mistakenly identify Inpout64.sys as a threat, leading to conflicts.
 
  • Like
Reactions: SeriousHoax, pvsurfer and harlan4096
pvsurfer

pvsurfer

Level 2
Thread author
Verified
Oct 20, 2019
64
A related question: Over the short time that I've been using Bitdefender Free it has found and quarantined several FPs. Every time I attempt to restore an FP Bitdefender reports "Failed to find the specified path" (see example below)! So how do I go about restoring a quarantined FP?

bd_fp_2024-08-07 110733.png
 
Last edited:
  • Like
Reactions: SeriousHoax
lokamoka820

lokamoka820

Level 21
Mar 1, 2024
1,060
pvsurfer said:
A related question: Over the short time that I've been using Bitdefender Free it has found and quarantined several FPs. Every time I attempt to restore an FP Bitdefender reports "Failed to find the specified path" (see example below)! So how do I go about restoring a quarantined FP?

View attachment 284840
Click to expand...
Is the file still in the quarantine? Because this is not a file, this is a registry key.
 
Last edited:
  • Sad
Reactions: pvsurfer
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,861
It's a vulnerable driver so the detection is not surprising. The detection name "Gen:Application.Venus.Ganymede.Inpoutx.6ay1@a4SbT2hi" clearly shows that it's not random genetic signature rather an exact signature/heuristic for the "Inpoutx" driver.
Some vendors like ESET create file-based signature for every vulnerable driver even if part of a safe program and usually detect them as PUA. Others sometimes do not create a file-based signatures for drivers (especially if the driver is part of a known good program) but would stop any exploit attempt by the AVs other protection layer (Avast, BD, Kaspersky, etc).
If you don't need this driver, then don't restore it. If you really need it, then restore and add to exclusion. But excluding drivers may not always prevent detection (Happens with Avast).
pvsurfer said:
A related question: Over the short time that I've been using Bitdefender Free it has found and quarantined several FPs. Every time I attempt to restore an FP Bitdefender reports "Failed to find the specified path" (see example below)! So how do I go about restoring a quarantined FP?

View attachment 284840
Click to expand...
Search Bitdefender on start menu, right-click and run as administrator, it should launch the BD UI, and you should be able to restore.
 
  • +Reputation
Reactions: Trident, brambedkar59, roger_m and 3 others

Similar threads

RoboMan
    • Like
    • Thanks
    • Applause
  • Locked
Known Problems with Most Common AV's
Replies
146
Views
29,639
General Security Discussions
Pkjfkknm
P
3
    • Like
Is Your Antivirus Software Spying on You? - Restore Privacy
Replies
23
Views
9,804
Privacy and encryption
Gandalf_The_Grey
Gandalf_The_Grey
D
    • Like
Here's how the new Meltdown patch for Windows is enforced for AMD systems
Replies
16
Views
10,112
General Security Discussions
Zhou He
Zhou He

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top