advcare.sys
Advantech industrial-PC hardware utility driver
advcare.sys is a signed kernel driver from Advantech, a Taiwanese maker of industrial PCs and embedded boards. It ships with Advantech's hardware-health and monitoring utilities for those systems. The binary dates from 2014, and the signature is still valid, so it loads on modern 64-bit Windows even on machines that have no Advantech hardware attached.
It is uncommon on a typical gaming PC; its natural home is industrial and embedded deployments. It reached the public LOLDrivers list through a 2026 research submission (credited to the researcher sai2fast) reporting that the driver exposes low-level hardware access, including model-specific-register and physical-memory access, to any local caller without an authorization check. No CVE has been assigned, and there is no documented real-world abuse; it is catalogued on the strength of that capability.
If you find advcare.sys and do not run Advantech industrial tooling, identify the software that placed it and remove it. Microsoft's Vulnerable Driver Blocklist blocks known-bad builds from loading.
advcare.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “advcare.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/advcare-sys
