Is RtVOsd.exe ok to allow?

Hello everyone,
I got tired of sandboxing RtVOsd.exe, so I started blocking it. Now I allow it. Is this a safe executable? Where do I enter this in the application so I don’t need to keep acting on it? Note: this is only on my laptop and not my pc. Thanks, Alan

It looks like it belongs to one of Realtek’s driver according to this: http://www.backgroundtask.eu/Systeemtaken/taakinfo/41374/RtVOsd.exe/ .

This page gives for two versions the matching Hash code. Can you check if the hash code is the same as the one given there? I use Hashtab to retrieve and compare hash codes of files.

Can you see if this file is digitally signed? If so check the signature and see if it is valid.

RtVOsd.exe is not signed so there is no need to see the certificate since if it’s from realtek it will not have it.

Like Eric said the best way to determine if the file is really a part of realtek compare the hash to one of there


1846B3350918FD3197AC004182079959
AC7E8D970E94D70C8B06FE68C658BB8F

Ok. I installed HASHTAB, but now what? This isn’t a Windows pop-up box that I get. It’s a COMODO DEFENSE+ ALERT pop-up. I can’t right click on it.

Can you post a screenshot of the D+ alert you get and it what situation it occurs?

I might be reposting this same reply. I can’t see it took. Anyway, I attached the screenshot. Here’s steps followed for the error:
-restarted laptop
-appeared when clicked firefox
-restarted
-appeared when clicked ie
-restarted
-popped up after about 2 minutes (no browser open)
-started composing this message.
-walked away for half hour
-came back and woke up laptop
web page still up with no popup box
-popup appeared.

[attachment deleted by admin]

To see the Hash code of RtVOsd.exe you need to look up the file in Windows Explorer. Select it, right click , choose Properties and navigate to the File Hashes tab. Now you can compare the hash provided in this topic with the hash code of the file.

When in the Properties dialogue please check the version number of RtVOsd.exe.

Where do I find the file?

Assuming you have Windows 7;

  1. Open Device Manager
  2. Open the “Sound, video and game controllers” item
  3. Locate your Realtek audio device in the list
  4. Right click this entry and select PROPERTIES
  5. In the Properties windows, click DRIVER DETAILS
  6. In the Drive File Details windows, scroll down until you find the entry for RtVOsd.exe
  7. This will show the file location path
  8. In Explorer, go to the file path from step 7
  9. Find RtVOsd.exe and then right click, select Properties and navigate to the File Hashes tab
  10. Now you can compare the hash provided in this topic with the hash code of the file on your system

Hope this helps,
Ewen :slight_smile:

These are the only executables on the list:
aertsr64
ravbg64
ravcpl64
rtkngui64
rtlupd64

Is it one of these?

No, so RtVOsd.exe is an application not a driver.

Have you tried doing a Windows search for RtVOsd.exe? Either that or tried looking for a folder called something like “Realtek” in your PROGRAM FILES folder?

Ewen :slight_smile:

If you’ve been blocking the file, all the information you need to find it will be in the firewall and/or Defense+ log files. However, if I remember correctly, it should be found in:

C:\Program Files\Realtek\Audio\OSD\

It’s related to the Realtek audio subsystem.

Attached is a snapshot of the hash.

[attachment deleted by admin]

If you copy the MD5 hash from the site Eric linked to http://www.backgroundtask.eu/Systeemtaken/taakinfo/41374/RtVOsd.exe/ in to the Has Comparison text field and click Compare a file, it will tell you if they’re same. try the third one for version 1.0.0.6

AlanT is using a 64 bits Win 7. It is not clear to me whether the files at that page are for 32 bits or 64 bits OS.

I have an Realtek onboard audio chip. The executables of the driver suite are all digitally signed. The quickest way to get an answer to whether the file is what it says it is,is to see if the file is digitally signed and has a valid signature.

How do I tell if the file is digitally signed and has a valid signature?

Look up the RtVOsd.exe with Windows Explorer, select it, click right and choose Properties. Then go to the Digital Signatures tab. Now select the signer and click on Details. See attached image for reference.

[attachment deleted by admin]

Will the hash comparison tell me if the file is digitally signed and has a valid signature?

The hash comparison will simply tell you if your copy of the EXE has the same hash total as the real EXE.

Details of the digital signature are in the properties of the file, as explained previously.

Ewen :slight_smile:

I checked one of Realktek’s digitally signed executables (under View Certificate) and the signature has two functions it says

  • Ensures software came from software publisher
  • Protects software from alteration after publication

See also attached image.

Comparing hash values to published hash values and checking digital signatures are two different ways of making sure a file is the file which it said it is and has not been changed.

[attachment deleted by admin]