ivar9091 0 Posted July 18 Posted July 18 Relatively new to Eset and I am very unexperienced when it comes to computers. Recently turned an option that showed Unsafe applications. Since then Winlo64.sys has been popping up at potentially unsafe. The location of these files is in C:\Program Files (x86)\MSI\Dragon Center. Unsure if this is simply a false positive or something worse. Their is also a Winlo32.sys on my device in the same folder if that matters at all. I tried to do some research but was unable to find anything conclusive on what this might be. Was wondering if their is any way to know for sure. The alert usually pops up on booting the computer, doing a scan for another problem i had, and getting anywhere near the folder the file is contained in. Appreciate any possible help or advice. Thanks!
Administrators Marcos 5,444 Posted July 18 Administrators Posted July 18 It's a detection of a vulnerable driver: https://www.exploit-db.com/exploits/40426
ivar9091 0 Posted July 18 Author Posted July 18 Tried to read through the link but I must admit I still didn’t really understand. Is there a way to make it not vulnerable? Am I stuck with it? Or do I have to find a way to remove it. Sorry I’m not very good with technology.
matte 5 Posted July 18 Posted July 18 (edited) A vulnerable driver is a piece of software which by itself is fully legitimate and safe, however the software itself contains a bug in the code which could be used by malicious actors to gain further control over your system, hence the "potentially unsafe" warning. You cannot remove the vulnerability from a driver yourself, usually the driver vendor (in this case MSI) will patch the bug in an update, so I would start by checking if there's an update to MSI Dragon Center available. Edited July 18 by matte
itman 1,800 Posted July 18 Posted July 18 I believe the problem here is MSI Dragon Center is no longer supported and has been replaced by MSI Center. Downloading the current version of Dragon Center might just install the same version of Dragon Center with the vulnerable driver. I would contact MSI on the best way to proceed here.
ivar9091 0 Posted July 19 Author Posted July 19 So tried to see if I could function without dragon control center which ended up making it so my fans stopped being controllable and for some reason couldn’t access bios to control them. So went back and installed dragon control center 2 which while having a new color had the same issue with detecting that same file. I’m assuming my best course of action now is just to contact Msi? Appreciate the help so far. Is there anything else that might work at this point?
Administrators Marcos 5,444 Posted July 19 Administrators Posted July 19 If there's no newer version of the software available and you need to use it, create a detection exclusion based on the detection name and the hash or path to the file which was detected so that the driver located in different paths would still be detected if dropped by malware.
itman 1,800 Posted July 19 Posted July 19 5 hours ago, ivar9091 said: So went back and installed dragon control center 2 which while having a new color had the same issue with detecting that same file This was my my initial suspicion as posted previously. Here's what you can try. Download MSI Center from either; MSI web site: https://www.msi.com/Landing/MSI-Center or, Microsoft Store: https://apps.microsoft.com/detail/9nvmnjcr03xv?hl=en-US&gl=US Uninstall MSI Dragon Center. Then install MSI Center you just downloaded. Hopefully, MSI Center will duplicate the functionality you had with MSI Dragon Center. Most important and hopefully, it will not contain any vulnerable drivers.
ivar9091 0 Posted July 19 Author Posted July 19 Would a detection exclusion keep it safe or just stop the notification from popping up? I tried doing msi center but unfortunately it didn’t work properly for some reason as it didn’t show any controls over fans or how the pc was running. Perhaps I made a mistake though.
itman 1,800 Posted July 19 Posted July 19 30 minutes ago, ivar9091 said: Would a detection exclusion keep it safe or just stop the notification from popping up? I A detection exclusion will stop the Eset PUA alert about the vulnerable driver. As far as being safe, it is possible an attacker could download malware that exploits the vulnerable diver. How likely that would occur on your device is unknown.
ivar9091 0 Posted July 20 Author Posted July 20 Ahh I see. I know it’s unknown how likely that would happen. However is it something that would happen on a regular basis or rarely. I’m also going to reach out to Msi and see what they recommend.
Recommended Posts