MajorBrynek 0 Posted April 19, 2022 Share Posted April 19, 2022 Hello, ESET is flagging MSIO64.SYS as a potential malware. The file is located in C:\Program Files(x86)\MSI\MysticLight\MSIO64.SYS As far as I know, this is just a driver for the mystic light app (MSI RGB control app), so ESET shouldn't do that. When I scanned this file with ESET and Windows defender, nothing came up. Is it normal for ESET to mark drivers as potential malware? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,915 Posted April 19, 2022 Administrators Share Posted April 19, 2022 The detection is correct. For more information about the vulnerability, please read https://vuldb.com/?id.145294: The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. If you use the driver deliberately, it's safe to create a detection exclusion. Link to comment Share on other sites More sharing options...
MajorBrynek 0 Posted April 20, 2022 Author Share Posted April 20, 2022 Hello, thank you for your reply. If the driver is a potential threat to my computer, shall I delete it? And if so, shall I also delete the MsIo32.sys which my ESET doesn't mark as dangerous? Will my programs be working after I delete those drivers? I understand that these questions might sound trivial but I have never purposely deleted a driver (or a system file). Again thanks for the reply. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,915 Posted April 20, 2022 Administrators Share Posted April 20, 2022 You can keep the file on your machine since it wasn't planted there by a crook and you installed it intentionally. Only if the file appeared on your machine out of the blue without your knowledge, it would be suspicious. Link to comment Share on other sites More sharing options...
MajorBrynek 0 Posted April 20, 2022 Author Share Posted April 20, 2022 Yeah I think it was just installed with the MSI app manager and all the MSI motherboard stuff. Last question if the file was on my computer since 2019/2018 (which is around the time that I got it) why didn't ESET or windows defender detect it? On the site that you sent here it says that it was first published in 2019. It also says there that updating to version 1.1 eliminates this threat. Updating to version 1.1 of what, because Mistic Light (which I believe it was a driver of) is curently on version 3. sth. Link to comment Share on other sites More sharing options...
Recommended Posts