over the last couple of days we have seen a lot of behavioural alerts with svulnerable_driver_dropped_WinRing0.sys preventing HP and Lenovo signed drivers being updated. Obviously these are false positives, as WF and VT confirms-
Before I open a ticket, does anybody see similar behaviour?
Hi @MartinPfeil ,
this rule was brought in with content update 650. This is a behavioural threat event and has nothing to do with wildfire verdict being malware/benign. Rather, it is triggered because the Winring.0.sys is listed as a vulnerable driver software used by multiple vendors. The vendors have brought out new patches into their driver softwares and in cases of endpoints which have the outdated driver, and are dropped, Cortex detects and prevents the same.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!