05-23-2023 04:41 AM
Today we started to get alerts for all our MSI laptops with the reason: "Behavioral threat detected (rule: msi_stolen_certificate.1)". The alerts trigger on the MSI software installed on the latops, like "MSI center", or "One dragon center".
Are these false positives?
05-23-2023 06:37 PM
Thanks for reaching out on LIVEcommunity.
The BTP rules you've mentioned are not a part of a bug or unintended action of Cortex XDR. With that being said it would not be possible for me to determine if those alerts are false positive or not. They'd need to be investigated thoroughly. I might suggest reaching out to support if you think these alerts are being created in error so they can examine the issue more closely.
I hope this information helps. Have a great day!
05-24-2023 02:10 AM
We got the same alert for Intel Arc. Turns out Intel uses a component called Rivatuner in their setup and this is made by MSI. I guess leak of MSI certificates have caused cortex to consider all certificates from MSI as insecure? Would like to know more about this too.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!