Jump to content

ESET flagging drivers as potential malware.


Recommended Posts

Hello,

ESET is flagging MSIO64.SYS as a potential malware.

The file is located in C:\Program Files(x86)\MSI\MysticLight\MSIO64.SYS

As far as I know, this is just a driver for the mystic light app (MSI RGB control app), so ESET shouldn't do that. When I scanned this file with ESET and Windows defender, nothing came up. Is it normal for ESET to mark drivers as potential malware?

Link to comment
Share on other sites

  • Administrators

The detection is correct. For more information about the vulnerability, please read https://vuldb.com/?id.145294:

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

If you use the driver deliberately, it's safe to create a detection exclusion.

Link to comment
Share on other sites

Hello, 

thank you for your reply. If the driver is a potential threat to my computer, shall I delete it? And if so, shall I also delete the MsIo32.sys which my ESET doesn't mark as dangerous? Will my programs be working after I delete those drivers? I understand that these questions might sound trivial but I have never purposely deleted a driver (or a system file).

Again thanks for the reply.

Link to comment
Share on other sites

  • Administrators

You can keep the file on your machine since it wasn't planted there by a crook and you installed it intentionally. Only if the file appeared on your machine out of the blue without your knowledge, it would be suspicious.

Link to comment
Share on other sites

Yeah I think it was just installed with the MSI app manager and all the MSI motherboard stuff. Last question if the file was on my computer since 2019/2018 (which is around the time that I got it) why didn't ESET or windows defender detect it? On the site that you sent here it says that it was first published in 2019. It also says there that updating to version 1.1 eliminates this threat. Updating to version 1.1 of what, because Mistic Light (which I believe it was a driver of) is curently on version 3. sth. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...