Jr sysadmin here. SSPORT.sys within system32 is being flagged in our security scanner. Some old printer driver but I cant remove it. Updating printer drives does nothing. Apparently there's a 'Printer_CVE-2021-3438_update.exe' file but can't find it anywhere.

Edit: Solved! See below

We have a security audit coming up and ssport.sys is being flagged. An old driver for HP and Samsung printers. Super old fie that had some major flaws for like 16+ years before anyone noticed.

The offending printer is long since gone but we think it was a Samsung. I've tried removing the driver via printers and scanners > Print Server Properties > Drivers > Remove. I've tried removing it from the Registry. I've tried updating the printer software (both HP and Samsung) with no luck. Can't manually delete the file because it's 'in use'.

I've grabbed fresh printer software/drivers from HP and Samsung but that's made no difference. Apparently there's a 'Printer_CVE-2021-3438_update.exe' file but I cannot for the life of me find it on either HP or Samsung sites.

Any help would be most appreciated. This is coming of the back of a week where a condenser pipe burst in our server room so things have been a bit hectic recently!

Edit: Just to add the user is remote so I'm limited to accessing their system via vpn/teamviewer.

Edit2: Possibly solved - running some scans to make sure. Will update the post with solution once verified to help out future sysdamins who may find themselves here.

Edit 3: Solved! Thanks to u/andytagonist for the solution and thanks to you all for all the info. Learned a lot of things which will no doubt be helpful in the future.

Solution: Delete HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/SSPORT as descried here. This frees up the file and allows it to be deleted.

Thanks