rdbss.sys

Windows SMB Redirector Driver

System DriverSafeNetwork/Files

CPU Usage

0-2%

Memory

5-60 MB

Location

C:\Windows\System32\drivers

Publisher

Microsoft Corporation

Quick Answer

rdbss.sys is a legitimate Windows driver. It supports SMB network file sharing by coordinating remote access to network shares and caching file requests.

Is it a Virus?

✔ NO - Safe

Located in C:\Windows\System32\drivers\rdbss.sys and signed by Microsoft

Warning

Kernel driver with SMB involvement

High activity usually relates to network share access or SMB operations

Can I Disable?

✔ YES

Disabling the driver is not generally recommended. You can disable SMB client features if you do not use network shares, but expect loss of network drive access.

What is rdbss.sys?

rdbss.sys is a Windows kernel-mode driver that implements the Redirected Drive Buffering SubSystem for SMB (Server Message Block). It enables remote file access over the network by coordinating read/write requests to network shares and caching data for performance.

rdbss.sys is a kernel driver that works with the SMB stack to route I/O to network shares. It participates in the caching and I/O management for remote files, ensuring secure and efficient access across network paths.

Quick Fact: RDBSS was designed to support scalable network shares by delegating SMB operations to the appropriate kernel components and cache layers.

Types of rdbss-related Processes

Kernel-Mode SMB Redirector: Core driver handling remote file requests over SMB
SMB Cache Handler: Manages metadata and data caching for network shares
Network I/O Dispatcher: Routes SMB read/write requests to network endpoints
VFS Integration: Works with the Windows Virtual File System to present remote files locally
Security & Access Control: Enforces permissions for remote shares within the SMB stack

Is rdbss.sys Safe?

Yes, rdbss.sys is safe when it is the legitimate Microsoft driver shipped with Windows.

Is rdbss.sys a Virus or Malware?

The real rdbss.sys is NOT a virus. Malware may impersonate names; verify path and digital signature.

How to Tell if rdbss.sys is Legitimate or Malware

File Location: Must be in C:\Windows\System32\drivers\rdbss.sys. Any other path is suspicious.
Digital Signature: Right-click the file in File Explorer -> Properties -> Digital Signatures. Should show a signature from Microsoft Windows.
Resource Usage: Normal kernel-mode drivers use minimal user-mode CPU; unexpected spikes may indicate issue or tampering.
Behavior: Driver should be loaded as part of normal SMB operations and not trigger unusual activity when network shares are idle.

Red Flags: If rdbss.sys is located outside C:\Windows\System32\drivers, lacks a valid digital signature, or shows persistent high kernel activity without SMB usage, scan for malware and verify Windows integrity.

Why Is rdbss.sys Running on My PC?

rdbss.sys runs as part of the Windows SMB client/server stack. It is loaded to support access to network shares, map drives, and handle remote I/O through the SMB protocol.

Reasons it's running:

Active Network File Sharing: Accessing remote shares or mapped drives triggers the SMB redirector to run.
Background Sync for Network Locations: Windows may synchronize or refresh data for network paths in the background.
Startup and Logon Activity: With mapped drives or network resources configured, rdbss.sys may load during logon.
SMB Session Establishment: New or re-established SMB sessions cause the driver to engage to route I/O.
Caching and I/O Routing: RDBSS coordinates caching and directs read/write operations for remote files.

Can I Disable or Remove rdbss.sys?

Disabling rdbss.sys is not recommended. It is a core driver for Windows SMB file sharing. If you do not use network shares, you can minimize SMB features, but expect loss of network drive access.

How to Stop rdbss.sys

Stop SMB Client Usage: Unmap network drives and disable automatic re-connection to network shares via File Explorer and Network settings.
Disable SMB Features: Control Panel -> Programs and Features -> Turn Windows features on or off -> Off SMB 1.0/CIFS File Sharing Support or related SMB components.
Disable Related Services: Open Services (services.msc) and stop the Workstation and/or Server services if you do not require SMB shares.
Reboot System: Restart the computer to apply changes and ensure rdbss.sys is not reloaded for SMB usage.
Re-Evaluate Needs: If you later re-enable network shares, SMB components may re-load automatically.

How to Remove SMB Client Support

✔ Windows Settings -> Apps -> Optional Features -> More Windows features -> Uncheck SMB-related features and the SMB Client component if listed.
✔ Restart the computer after changes to remove SMB client functionality.
✔ Note: This will disable access to network shares and mapped drives; only proceed if network file sharing is not required.

Common Problems: SMB/Network-Related Driver Activity

If rdbss.sys shows unusual kernel activity or network share issues:

Common Causes & Solutions

Unmapped network drives or stale sessions: Disconnect all mapped drives and reconnect as needed; restart the Computer if necessary to clear stale sessions.
Outdated Windows or SMB components: Run Windows Update to ensure SMB components are current; restart afterward.
Corrupted driver or system files: Run System File Checker: sfc /scannow from an elevated command prompt; consider DISM restorehealth if issues persist.
Malware mimicking SMB components: Run full system malware scan with updated AV signatures; verify rdbss.sys integrity and path.
Misconfigured network shares: Review share permissions and network credentials; ensure proper network path configurations.
SMB protocol vulnerabilities: Disable outdated SMB versions if not required (e.g., SMB 1.0); enable recommended security settings in group policy.

Quick Fixes:
1. Disconnect and re-map network drives if necessary
2. Run sfc /scannow and check for corrupted system files
3. Update Windows to the latest build and restart
4. Run a full system antivirus/malware scan
5. Review and disable unused SMB features if network shares are not used

Frequently Asked Questions

What is rdbss.sys?

rdbss.sys is a Windows kernel-mode driver that enables SMB network file sharing, handling remote I/O and caching for network drives.

Is rdbss.sys safe?

Yes, when it is located at C:\Windows\System32\drivers\rdbss.sys and is signed by Microsoft. Verify the digital signature to confirm legitimacy.

Why is rdbss.sys using network resources?

It handles SMB network file sharing; activity is expected when you access network shares or mapped drives.

Can I disable rdbss.sys?

Not recommended. You can disable SMB features if you do not need network shares, but this will prevent remote file access.

How do I verify rdbss.sys integrity?

Check file path (C:\Windows\System32\drivers\rdbss.sys), verify digital signature (Microsoft), and optionally compute a hash (certutil -hashfile C:\Windows\System32\drivers\rdbss.sys SHA256).

Will disabling SMB affect file sharing?

Yes. Disabling SMB components will prevent access to remote network shares on this device.

Related Processes

svchost.exe

Host Process for Windows Services; SMB-related services may run under svchost to support network sharing.

services.exe

Service Control Manager; manages Windows services including those related to SMB components.

explorer.exe

Windows Explorer; can access network shares via SMB and trigger rdbss.sys activity.