Question Is inpoutx64.sys safe?

Please provide comments and solutions that are helpful to the author of this topic.

pvsurfer

Level 2
Thread author
Verified
Oct 20, 2019
61
I'm in the U.S.A. so because of our government's recent Kaspersky ban, 10-days ago I replaced Kaspersky Free with Bitdefender Free on my 8 year old laptop, now running Win11 (23H2). Since then, Bitdefender keeps notifying me about "inpoutx64.sys", inside Windows\system 32\drivers, suggesting it be quarantined. The thing is, Kaspersky never reported a problem with "inpoutx64.sys"!

I tried sending "inpoutx64.sys" (complete path) to VirusTotal but received an error message that the file could not be opened. So should I allow BD to quarantine it, or ignore it?
 
Last edited:

Bot

AI-powered Bot
Apr 21, 2016
4,192
"inpoutx64.sys" is typically a legitimate file associated with hardware input-output operations. It's possible that Bitdefender is giving a false positive. However, it's also possible that malware is disguising itself as this file. If VirusTotal can't open it, try uploading the file to another online scanner like Jotti's malware scan. If all scans come back negative, it's likely safe. Always ensure to keep your antivirus software updated for accurate detection.
 
F

ForgottenSeer 114834

The genuine inpoutx64.sys file is usually located in the C:\Windows\System32\drivers folder.

Right-click on the file, select "Properties", and check the following:

File version: Compare it to the version information available online for the legitimate file.

Digital signature: Ensure it's signed by a trusted publisher (usually Microsoft).

Date modified: Check if the modification date seems unusual.
 

lokamoka820

Level 18
Mar 1, 2024
901
Bitdefender is a great antivirus, but it has false positives, I recommend you keep "Rescan quarantine after threat information update" option enabled in Bitdefender quarantine settings, it will help even if it quarantined a legitimate file.

bitdefender-quarantine-settings.png

from Bitdefender customer support page:
It is advisable to keep this option active to automatically scan quarantined files after each threat information database is updated. Cleaned files are automatically moved back to their original location.
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
If I were you I'd report it to BD support. If it is FP, they will whitelist it.

Edit

May I ask what component of BD is reacting to this file?
 
  • +Reputation
Reactions: pvsurfer

pvsurfer

Level 2
Thread author
Verified
Oct 20, 2019
61
Feature:Antivirus
The app C:\Windows\System32\drivers\inpoutx64.sys has been detected as a potentially unwanted application and was blocked. Detection name: Gen:Application.Venus.Ganymede.Inpoutx.6ay1@a4SbT2hi
 

pvsurfer

Level 2
Thread author
Verified
Oct 20, 2019
61
Bitdefender is a great antivirus, but it has false positives, I recommend you keep "Rescan quarantine after threat information update" option enabled in Bitdefender quarantine settings, it will help even if it quarantined a legitimate file.

View attachment 284810

from Bitdefender customer support page:
Thanks for the tip, but exactly where do I find Quarantine Settings?
 

lokamoka820

Level 18
Mar 1, 2024
901
Feature:Antivirus
The app C:\Windows\System32\drivers\inpoutx64.sys has been detected as a potentially unwanted application and was blocked. Detection name: Gen:Application.Venus.Ganymede.Inpoutx.6ay1@a4SbT2hi
I checked my system and didn't find this as a windows' installation component, so it maybe installed by other software, I searched about it and find that it detected as "potentially dangerous application" by ESET Smart Security too:
So I checked more and find that the driver is in the list of known vulnerable drivers, which allows privileged users to access kernel-land:
I recommend you to scan your system with some second opinion scanners because it looks that Kaspersky missed it, not a false positive of Bitdefender.
 
  • Like
Reactions: SeriousHoax
F

ForgottenSeer 114834

I checked my system and didn't find this as a windows' installation component, so it maybe installed by other software, I searched about it and find that it detected as "potentially dangerous application" by ESET Smart Security too:
So I checked more and find that the driver is in the list of known vulnerable drivers, which allows privileged users to access kernel-land:
I recommend you to scan your system with some second opinion scanners because it looks that Kaspersky missed it, not a false positive of Bitdefender.
No, inpoutx64.sys is not a standard part of the Windows operating system.

It's a third-party driver, often associated with:

RGB lighting control: Many gaming peripherals and PC components use this driver to manage their RGB lighting effects.

Fan control software: Some third-party fan control applications rely on this driver for specific hardware interactions.
 
  • Like
Reactions: harlan4096

lokamoka820

Level 18
Mar 1, 2024
901
No, inpoutx64.sys is not a standard part of the Windows operating system.

It's a third-party driver, often associated with:

RGB lighting control: Many gaming peripherals and PC components use this driver to manage their RGB lighting effects.

Fan control software: Some third-party fan control applications rely on this driver for specific hardware interactions.
So it will depend on his installed software if it needs it or not?
 

lokamoka820

Level 18
Mar 1, 2024
901
I tried sending "inpoutx64.sys" (complete path) to VirusTotal but received an error message that the file could not be opened. So should I allow BD to quarantine it, or ignore it?
You don't need to send the complete path, you need to upload the file itself to VirusTotal to be scanned:
  1. Visit VirusTotal.
  2. Click choose file and use the file explorer window to go through the path of "inpoutx64.sys", or drag and drop "inpoutx64.sys" file on VirusTotal window, both methods will work.
  3. Wait for the scan results, which will display a comprehensive report.
 
F

ForgottenSeer 114834

So it will depend on his installed software if it needs it or not?
Inpout64.sys is a system driver, not a user-level application.

Whether or not a user needs Inpout64.sys depends solely on whether they have hardware that requires it (like RGB keyboards, mice, or other peripherals). The installed software doesn't influence its necessity.

Inpout64.sys can indeed conflict with security applications.

This is primarily due to the following reasons:

Low-level access: As a system driver, it operates at a low level, which can raise flags for security software that is designed to protect against malicious activities.

False positives: Overly aggressive security software might mistakenly identify Inpout64.sys as a threat, leading to conflicts.
 

pvsurfer

Level 2
Thread author
Verified
Oct 20, 2019
61
A related question: Over the short time that I've been using Bitdefender Free it has found and quarantined several FPs. Every time I attempt to restore an FP Bitdefender reports "Failed to find the specified path" (see example below)! So how do I go about restoring a quarantined FP?

bd_fp_2024-08-07 110733.png
 
Last edited:
  • Like
Reactions: SeriousHoax

lokamoka820

Level 18
Mar 1, 2024
901
A related question: Over the short time that I've been using Bitdefender Free it has found and quarantined several FPs. Every time I attempt to restore an FP Bitdefender reports "Failed to find the specified path" (see example below)! So how do I go about restoring a quarantined FP?

View attachment 284840
Is the file still in the quarantine? Because this is not a file, this is a registry key.
 
Last edited:
  • Sad
Reactions: pvsurfer

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,835
It's a vulnerable driver so the detection is not surprising. The detection name "Gen:Application.Venus.Ganymede.Inpoutx.6ay1@a4SbT2hi" clearly shows that it's not random genetic signature rather an exact signature/heuristic for the "Inpoutx" driver.
Some vendors like ESET create file-based signature for every vulnerable driver even if part of a safe program and usually detect them as PUA. Others sometimes do not create a file-based signatures for drivers (especially if the driver is part of a known good program) but would stop any exploit attempt by the AVs other protection layer (Avast, BD, Kaspersky, etc).
If you don't need this driver, then don't restore it. If you really need it, then restore and add to exclusion. But excluding drivers may not always prevent detection (Happens with Avast).
A related question: Over the short time that I've been using Bitdefender Free it has found and quarantined several FPs. Every time I attempt to restore an FP Bitdefender reports "Failed to find the specified path" (see example below)! So how do I go about restoring a quarantined FP?

View attachment 284840
Search Bitdefender on start menu, right-click and run as administrator, it should launch the BD UI, and you should be able to restore.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top