AMD Adrenalin ships an unsigned driver file (amdihk64.dll) which is placed into /system32/ folder.
Certain anti-cheats kick the player from game because of "untrusted system file", for example EAC does so for the game Rust since a recent update. It seems to be at the game developers' discretion, as some EAC-powered games have suffered from amdihk DLL in the past.
There are good technical reasons for anti-cheats of a variety of games to desire blocking unsigned/untrusted driver files in the system32 and system driver folders. I can know, as an anticheat developer (from another game) myself.
AMD, or any driver publisher, should NEVER ship unsigned driver files. "AMDIHK64" (AMD DVR component) is, as far I know, the only of such file that lacks a digital signing certificate. It's not just not valid, but completely absent, throughout recent releases of Radeon software.
The SHA256 hash of affected file, as Radeon Software version 19.6.2 installs to my PC, is 5ecf02b6de23f8c6736b3e757a273520ce926a8e1aa9e41d492933fc7cba75d6
The SHA256 hash of previous Radeon software (19.6.1) which was also affected, is 9d9790a63831f32596fcea09c7bd6365e0c58a0f587d2cd6da877775811f225c
Its not just anti-cheats that are affected, there are obvious reasons why DLL files of known, major (driver) software that are placed in system folders need to be signed. A lot of software can do trust checks and eventually fail. For the anti-cheat of popular games using EAC, you have now impacted hundreds of thousands of users, and they may decide to manually remove amdihk DLL file in safemode, leading to them not benefitting from AMD DVR functionality.. just in a bid to play the game. This isn't ideal.
Again, software/driver publishers should have developers that know what proper project practise is. Shipping out 99% valid signed DLLs and a single or a few unsigned files, is bad practise. Under correct practise, no issues like the anticheat one would arise. The solution is obvious.
I hope that this issue is forwarded, so that it can be resolved. You can find more past occurences of issues caused by AMD in this way, by going to: https://www.google.com/search?q=amdihk64.dll+eac
Please note that I was able to reproduce the problem by a clean install of Windows 10 build 1903 and immediately installing the latest Radeon Adrenalin software package; ATI drivers really place that unsigned file into your system32 folder, it's not corrupted or infected, it's not our PC's, it is AMD doing that by mistake.
I will personally solve it by removing the DLL file in windows safe mode, but I realize tons of other people are affected, so it needs to be reported. Note: I attached the latest version of the mentioned problematic file into this topic. It got included in the official driver update of 2 days ago, and lacks a digital signature entirely. I don't know if amdihk32.dll is also affected, since I don't have it.
Solved! Go to Solution.
Guys, i just noticed AMD has finally fixed it, today! Probably as a result of me asking attention for the issue here.
The driver update release notes: https://www.amd.com/en/support/kb/release-notes/rn-rad-win-19-7-1
It states in "fixed issues": Some users may be experiencing AMD DLL file signing issues with Easy Anti-Cheat™. A clean install of Radeon Software Adrenalin 2019 Edition 19.7.1 may be required to fix this issue.
So this is good news, everyone impacted should update their driver to Adrenalin version 19.7.1
Please address this problem. Its causing Division 2 to crash every 5 minutes or less. Thanks. I have 19.6.2 installed.
If you wish to inform AMD of your issue, report it to them.
I already reported it using the problem form like that.
But im also pretty certain a lot of others did so in the past, because, again, as you can see many others have had issues from this: https://www.google.com/search?q=amdihk64.dll+eac
This means the problem has existed for potentially years.
It looks like AMD either doesn't care, no one reads the problem report forms, or forum isn't read by them/nothing is escalated.
Because also, any software engineer that you ask can tell you why driver publishers should never deliver unsigned DLL's. It's so obvious.. most AMD DLL's are signed, just not this one, and it's put in a sensitive location that anti-cheats don't like if its not signed and placed there.
There's no way to deny this is an issue and bad practise on the driver developer's side, but I can also guarantee you this won't be solved for a long time to come. Unless they realize now that Rust players started getting kicked, I mean realize the consequences of this bad practise, and do something for real.
I did just before 19.6.3 came out.
I sbumitted the report.
uninstalled 19.6.2
installed 19.6.3
three crashes in a row for Division 2
now for a workaround, i switched to DX 11 renderer, windowed full screen. its been good for the past 2 days.
but framerates are lower compared to DX 12 renderer. :/
To be honest dxter6666 I think you're talking about a different issue.. we are talking not about crashes, but about amdihk causing problems with external software such as Anti-cheat of games, because of not being digitally signed by AMD like all other driver files in sensitive locations like system32 folder, are. If you got a crash issue (even if it's that DLL) then please open your own topic elsewhere.
Same issue here with The Division 2. It seems the issue comes and goes. It won't let me load the game at first (error message) but at the second attempt, it works. Very annoying and just started for me. Never had this issue before. And a bit strange that they are using unsigned driver files. Just bad all around. Perhaps a simple mistake that will be fixed next update. At least I am hoping so.
Well unloadedone it is certainly a simple mistake by ATI developers, but apparently it's not possible to get noticed by those who can fix it. It causes issues with more anticheats than just EAC, I can already see this related topic below:
after installing 16.12.1 cant play planetside 2 which is !! from late 2016. It never got fixed. And like i said obviously a lot of people have been submitting issue reports in the meanwhile. other than the links i previously provided to show how common this issue is around the web, I found a search term that indicates this scale even better: https://www.google.com/search?q=amdihk64.dll - a lot of the results (not all) are related to Anti-cheats of variety of games kicking for this official AMD file.
Note to your situation specifically: EAC seems to have started being more strict recently for unsigned files in critical folders like here system32, like with Rust, maybe other AC's like the one from your game also started doing this. This is possible an anti-cheat industry move, because kernel based hacking is on the rise (harder to detect) and those are usually not signed. So, AMD unwittingly made themselves a target to these AC's by not signing some files that are used (and located) in ways like this DLL file amdihk64 is. While this is completely avoidable, by as you and I said, digitally signing driver files like they are supposed to be, avoiding such problems for gamers. They now gotta go into safemode cuz file is in use by whole OS, and delete this file to play (not get kicked) sometimes. So it's also not as simple as AMD saying "Hey, report this to that game publisher or anti-cheat software" because the issue is a result of AMD doing things like it shouldn't (always driver files that operate on a level like system32 need to be signed, as I said also all driver and software publishers, especially programmers, would understand why)
What bothers me also is that developers of games affected (like now Rust with EAC) are not sure and advising users that it's their PC's problem: like at https://support.facepunchstudios.com/hc/en-us/articles/115001271745-Untrusted-System-File while as I said this issue is so much a direct placement by AMD Adrenalin drivers of the untrusted file amdihk64.dll straight into your system32 folder.. like, the file is literally contained within AMD driver package.
* edit while writing: oh, I noticed Facepunch changed article from DLL name to in general.. but a lot of game publishers still would send you off with this stuff
So basically if your so-called "system issue or corruption" PC is used for this:
1) completely re-install with Windows 10
2) download official, latest AMD Adrenalin driver package from the real AMD.com site
3) install it
4) end result: you will have the unsigned driver file in your system32 folder! So it's clearly not your issue.
Note: im not sure if amdihk64.dll gets placed only when PC meets certain requirements or hardware capabilities, since it's for DVR.. so not sure if everyone that tries will find it there
So its not possible to be a problem of the user or their PC. Not at all. Nada.
Still, we are getting Tier-1 advises that cannot possibly solve it.. and it never gets told to AMD devs.
If it doesn't get 'told' to AMD it means nobody took the time to report it to them. If the issue is as wide spread as you indicate...there should be numerous issue reports received by AMD engineering. Generally, that's not the case. You should furnish this link to anyone with the same issue. Don't assume that anyone else has reported it. If AMD gets 1-2 reports...that's not enough to get their attention...if they receive numerous reports, that puts it in a different category.
well, seen that the recent years' AMD driver releases are downloaded by hundreds of thousands of people, and that they contain this unsigned DLL, therefore affecting these users once they want to play a game with anti-cheat that (recently became) is strict and kicks them out, it would surprise me if not 10,000s of people are affected by this mistake. I just think herd mentality means almost everyone google's it to find out how to solve it for them, at that moment, by using safemode to delete the DLL.. in addition to that they might believe the AMD form doesn't get read (common belief) and that they just want to play.
But that doesn't mean its not annoying those users. AMD, through a mistake, is just causing a lot of frustration, even more so now that AC's became more strict (like I pointed out earlier) on such improper files. All that AMD needs to do to avoid this, is ensure they are doing things properly for this DLL.
Same issue here, Trying to load Scum, worked fine up untill couple days ago, crashes system says " amdihk64.dll " file is untrusted by EAC. un believable.
I would add that maybe you should load the suggested driver as they are WHQL which likely are SIGNED drivers. The optional are still out for validation from Microsoft and may not be digitally signed? Nobody is forcing anyone to use the BETA drivers and they are listed as optional.
I believe 19.5.2 is the last suggested WHQL driver. You might see if that fixes this. If not report to AMD: Online Service Request | AMD
I tried this and it does not change anything. Same issue. In fact I did not upgrade your drivers until after the problem happened. So something changed and caused the issue, but the issue is still the fact your AMD .dll driver isn’t jiving with current game anti cheat programs. Please advise asap.
Yes, using various versions even the 'stable' doesnt work, also not signed, this guy just tries to be in defense of AMD without actually trying out his theories first. Even it doesnt need to be signed by Microsoft, AMD just can use its own digital signing certificate like they do with the majority of their (DLL) files.. except for this one. Unfortunately this is long-standing incorrect practise for that DLL, so it goes back months and years and you cannot find a version in which it was signed, or maybe dive back into the years, who knows. Anyways, your words "so something changed" - yes, anticheats like EAC recently became more strict about stuff like this, exposing bad practise like AMD's.
"Please advise ASAP" soulr8per: what you need to do (workaround for now, until fixed) is go into Windows safe mode and manually delete this file from your C:\Windows\system32 folder. So it's not in use.. it would normally not only be in use by AMD processes, but also deep Windows processes and be unable to get deleted without safemode or forced system crash.
it isn't MY DRIVER. I and, other than a couple mods that are not driver development for AMD are all users like you. This is a USER TO USER forum only. If you wan't to talk to AMD open a support request. Online Service Request | AMD
Relax, I did type "your" as i answered you before realizing this wasnt the AMD tech response. sorry if i offended anyone.
The fact is i still have the problem even after several AMD tech support email. Cant find an answer any where.
No worries. A lot of people come here and think they are complaining to AMD when they are actually preaching to the choir. This community does it's best to help other users. At times we share their dissatisfaction and at other times we defend against the trolls. We want people to get the help they need and unfortunately when it comes to actual support from AMD they only give one avenue, the link I gave above. Most that come here don't realize that.
ok, then I hope this thread helps other people realize the true issue isn't on their end, but on AMD's, motivating them to send more bug reports than usual when only troubleshooting so they can continue playing. Because they will keep facing it after each driver update, if they successfully used an workaround, because the file gets placed back. I also dont know about how critical this DLL is to certain parts of the driver/software, or if it could affect anything.. but user modifications to integer drivers (removing something) is always less than ideal. So it needs to be pressed anyhow.
actually, since this also serves to help others find a solution, and apparently soulr8per doesn't have one yet (or shall I say doesnt understand) like i said multiple times before:
WORKAROUND for anyone that is stuck and needs help to continue playing their favourite game without getting blocked:
1) go into Windows Safe Mode - Windows 10 how-to at Microsoft site
2) locate the file amdihk64.dll in your system32 folder (ex. C:\Windows\System32\)
3) delete the file manually
4) reboot PC normally, issue gone, and as far I observed over a few weeks there's no adverse symptoms of the removal.
The problem is that you can't delete it in normal windows mode, because its not only used by AMD hosts and software (which yes, you'd first try to end in taskmanager) but as you will find out later, also by OS processes of which an end-process will cause forced shutdown or system crash. So you really need to go into safemode.
Like I said, every time you update your AMD/ATI graphics drivers, you'll need to repeat the procedure and remove the file again, as it's placed there.
Note: if AMD isn't gonna prevent the issue by implementing proper practise (code signing that DLL), then maybe as a last resort we need a petition towards most popular anti-cheats to massively whitelist the DLL, supported by cases like this as background. I really doubt AMD is going to solve it as I pointed out earlier it's been an on-and-out issue for at least 2 years worldwide, and I guess also at the mercy of AC industry that lax or stricten up 'untrusted file' policy at any random moment. So one month there could be a limited group of affected users, and like now we've seen EAC started pushing the restrictions on certain game(s) like Rust, and as someone has written above here somewhere, The Division 2, all of a sudden. It's also known issue on AC's like BattlEye.
Also i read a bit on the web about actual game (application) crashes followed by the detection/kick message.. as an AC engineer myself, I can say that perhaps some AC's first tries to modify execution of untrusted files, which could then lead to an actual crash, (that may show AMDIHK module as culprit/crashing module) like it hooks into it or shields the game process against interaction with it, or whatever - I dont know, just saying I may have been wrong about dxter6666's problem (my response to him) if its actually a chain reaction there as well.
A long shot..but do you allow ' AMD User Experience Program' ?
That file is part of AMD DVR feature in Radeon Driver: What is amdihk64.dll?
This previous AMD Thread explains how to disable AMD DVR (Radeon Relive) by disabling the files in Task Manager or Autoruns: Is there an options at AMD Radeon Settings to disable AMDRSServ.exe and amdow.exe?
AMD DVR.exe is also part of "AMD Problem Report Wizard" which you can disable when installing the Driver package.
Thanks for the info, I have been using ReLive video recording successfully without issues after deleting the DLL, so if its an DLL tied to ReLive then I wonder what the (hidden) effects of willfully corrupting your driver installation (by deleting it) would be.. like, using other features of ReLive that I didnt test could be broken or cause issues. Also, being able to use ReLive without restrictions is a huge part of the AMD/ATI customer quality experience, as it's a great tool. So disabling ReLive is a less than ideal solution for most users.
Clearly, a fix in the drivers would be the only proper solution rather than not using ReLive (to its full extent) or risking to induce other issues by either workaround.
But im glad to say that AMD has fixed it already in yesterday's driver update, refer to my reply below! So no one should mess with ReLive.
Guys, i just noticed AMD has finally fixed it, today! Probably as a result of me asking attention for the issue here.
The driver update release notes: https://www.amd.com/en/support/kb/release-notes/rn-rad-win-19-7-1
It states in "fixed issues": Some users may be experiencing AMD DLL file signing issues with Easy Anti-Cheat™. A clean install of Radeon Software Adrenalin 2019 Edition 19.7.1 may be required to fix this issue.
So this is good news, everyone impacted should update their driver to Adrenalin version 19.7.1
Unfortunately this hasn't worked for me, I'm out of ideas - I really, really, really don't want to do a clean install of Win 10, as I will be building a new system in a few months.
cevad that would be odd, since the fix in latest driver means that file (amdihk64.dll) is really signed. I verified the new signature that AMD has placed in:
Although Windows seems to think there is a problem with the certificate:
But here, that doesn't affect me: EAC no longer has a problem and seems to approve the signing. That may have to do with a future Windows update that contains catalog lists.
Anyways, please pay close attention to the need for a full clean install of your graphics drivers, as listed in the AMD release notes.
Remark: I found that the x86 counterpart of amdihk64, which is called amdihk32, is still not signed. In my case (64-bit OS), this file is located in C:\Windows\SysWOW64 so that's where I was able to verify it from; I'm not sure if the ATI driver installer would extract another file (properly signed) on 32-bit OS, like I stated before I was unable to say if amdihk32.dll would also be affected by the digital signing or anti-cheat kicking issue.
But here, on the latest driver update (19.7.1) amdihk32.dll is not signed in that folder, with a SHA256 of ce33de0dc94b2057b61b5342cf71f338b9a17a4e0c00e7404cbace97f30358d5
It is possible that if the same issue is present (actually, it clearly is, since the same story goes:it's a driver file in a trusted system folder, on 32-bit OS that would be exactly system32 instead of syswow), AMD simply forgot fixing it also for the 32-bit variant. That would be a kinda short-sighted response to the discovery of this issue. But I'd like to alert them of it at this point. If they made sure that all 64-bit driver files/DLL's are now signed, then this should also be for any 32-bit DLL's that are packaged.
Do you run a 32-bit Windows, cevad?
I completely forgot that AMD has stopped releasing driver updates for 32-bit OS, as announced previously: read https://www.ghacks.net/2018/10/26/amd-announces-end-of-32-bit-video-driver-support/ and the latest driver version available for x86 is 18.9.3 (https://www.amd.com/en/support/kb/release-notes/rn-rad-win-18-9-3)
I'm writing this in a new post since this has implications of its own; as the file amdihk32.dll remains unsigned through this fix, it is possible that players of games with an anti-cheat like EAC that discriminates such file problems like it did with 64 one, keep getting blocked & kicked. The chance this is the case is high also because the amdihk files (both 32 and 64) had been unsigned for years (until now last week, AMD noticed and fixed it) as I have demonstrated before, so there's a probability the amdihk32 has also never been signed until the latest supported release for 32-bit OS (18.9.3).
So unless a fix for the 32-bit version will still be released in the flow of this part:
The only exception to the rule is that AMD may patch critical issues that are discovered in the near future. Whether that means critical security issues, stability issues, or issues with individual games is unclear at this point in time.
I would say this is a critical issue with the usability of certain multiplayer games, so it would be egilible for a hotfix update to the latest available 32-bit driver package. I hope AMD notices and reviews this.
Again, as I'm not a 32-bit OS user I cannot verify the impact of this relating to anti-cheat of games for it.
But if anyone is affected, then please refer back to the work-around that I posted earlier (safe mode deleting that file manually) or perhaps the one posted by elstaci, in case AMD is unable to deliver a hotfix update for that as well. Or just do things properly and upgrade your Windows OS to a 64-bit version, and keep receiving the latest driver updates instead of being stuck with old versions of everything.
It is real easy to check...32bit is not supported. So AMD did right...but keep the suggestions coming! Thru the AMD Issue Reporting Form
Radeon™ RX 580 Drivers & Support | AMD
m105 wrote:
Remark: I found that the x86 counterpart of amdihk64, which is called amdihk32, is still not signed. In my case (64-bit OS), this file is located in C:\Windows\SysWOW64 so that's where I was able to verify it from; I'm not sure if the ATI driver installer would extract another file (properly signed) on 32-bit OS, like I stated before I was unable to say if amdihk32.dll would also be affected by the digital signing or anti-cheat kicking issue.
But here, on the latest driver update (19.7.1) amdihk32.dll is not signed in that folder, with a SHA256 of ce33de0dc94b2057b61b5342cf71f338b9a17a4e0c00e7404cbace97f30358d5
It is possible that if the same issue is present (actually, it clearly is, since the same story goes:it's a driver file in a trusted system folder, on 32-bit OS that would be exactly system32 instead of syswow), AMD simply forgot fixing it also for the 32-bit variant. That would be a kinda short-sighted response to the discovery of this issue. But I'd like to alert them of it at this point. If they made sure that all 64-bit driver files/DLL's are now signed, then this should also be for any 32-bit DLL's that are packaged.
Mine is signed,
I know that 32-bit thing, as I later remarked in a second post. I also think that while AMD isn't obliged to do anything, it would be able to fall under this clausule (exceptions for non-update policy on 32 bit):
The only exception to the rule is that AMD may patch critical issues that are discovered in the near future. Whether that means critical security issues, stability issues, or issues with individual games is unclear at this point in time.
As to which I replied by saying:
I would say this is a critical issue with the usability of certain multiplayer games, so it would be egilible for a hotfix update to the latest available 32-bit driver package. I hope AMD notices and reviews this.
Although apparently, the DLL that goodplay demonstrated is signed properly, while that is an earlier version than my syswow64 contains. I didn't verify if the latest supported update for 32-bit has a signed version of it. As the date of build version in my syswow folder is much newer than the latest release (from a few months ago), perhaps it has another source: the 64-bit latest installer still extracting it (although not making use of 32-bit driver components), or Windows packaging it natively, it always contains a bunch of ATI driver components and my Windows 10 is version 1903, recent enough for that to add up (but then in a bad way, as in not being signed, but who knows just for 64 users whom it won't affect). Also the reason some popular pre-driver update fix workarounds for amdihk64 AC kick (like on youtube) worked, is because when people do that, reset Windows, your OS will rely on these default driver files (DLLs and graphics driver) which are WHQL signed or where advanced files like amdihk may even be absent (no ReLive?) for basic driver functionality and not Adrenalin features.
Anyways, let's not speculate, as I said im not a 32-bit user and I cannot confirm anything im saying, let alone with a range of driver versions. I was just worrying for 32-bit users in advance, wanting to at least put my ideas about what may be the case out here.
m105, no I'm running 64-bit Windows 10 (which recently updated to 1903). I've done clean installs via the driver package, and also using the AMD driver uninstall tool amdcleanuputility-x64.exe (which uses Safe Mode to uninstall), and then installed 9.7.1 (and didn't install ReLive - since I understand that is where amdihk32.dll used). I even did a clean install using the uninstall tool yesterday and then installed 9.4.1 (again without ReLive), and still Division 2 crashes just after character selection for me. I will have a look tonight to see if amdihk64.dll remains after using the uninstall tool, and then I may try an even earlier version of the driver package.
Hopefully this isn't related, however my Windows 10 installation is an inplace upgrade from Windows 7- I did not do a fresh install (I hate reinstalling stuff lol), but if I don't get this resolved soon, I may just do it and hope that my issues don't remain.
I appreciate everyone's thoughts and suggestions - however, I would guess that I am not alone in this situation. I've been using ATI/AMD cards for ages (maybe 20 years - I switched to them after my Matrox Mystique G200 card didn't cut it any more, and am proud to say I have never owned an Nvidia card ), and have never had a similar issue before - and needless to say it's very very frustrating.
Ok, didn't find amdihk64.dll in C:\Windows\SysWOW64, but I did find amdihk32.dll in there, so I deleted it, and reinstalled the 9.7.1 drivers - no luck, crashed in same spot in Division 2.
cevad wrote:
and still Division 2 crashes just after character selection for me
I believe you're talking about a different issue, the one dxter6666 also mentioned and to which I responded the same. I would advise you to open a separate thread about your game crash, or file a new bug report dedicated to it.
However, that other user who crashed said this as a workaround:
now for a workaround, i switched to DX 11 renderer, windowed full screen. its been good for the past 2 days. but framerates are lower compared to DX 12 renderer. :/
Perhaps give that a try. Still file a bug report, though.
This worked for me also, awesome, hope others get the same results
How odd, when i only start getting not signed messages after upgrading to 19.7.1.
I will try it with A DDU first.
However the solution and quite simple, it is enough to block the access to the anti-cheat program to this part of the system and problem solved, moreover I had asked Ubi the question of what right they authorized the scanning of my files system without my authorization, they answered me: "at no time our anti-cheat system scans the files installed on your PC", I gave them the opposite proof and deleted my question in their forum
Translated with www.DeepL.com/Translator