tvicport64.sys
TVicPort developer toolkit driver
tvicport64.sys (and the 32-bit tvicport.sys) is the kernel driver for TVicPort, a long-running commercial developer toolkit from EnTech Taiwan that gives Windows user-mode programs direct access to hardware I/O ports and memory-mapped I/O. Most people never install it directly. It rides along inside niche industrial control software, lab instrument suites, and older hardware diagnostic tools that embed it as a way to talk to hardware with no normal Windows API.
CVE-2026-30769 documents a local privilege-escalation path in the v5.2.1.0 driver shipped with TVicPort 4.0. Because the driver is signed by EnTech, attackers can drop a copy onto an already-compromised system and use it as a BYOVD primitive without needing their own kernel code.
If you find it and you do not recognize the parent application that put it on disk, uninstalling that application is the practical step. Microsoft's Vulnerable Driver Blocklist will keep the older signed build from loading.
tvicport64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “tvicport64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/tvicport64-sys
