MSI stolen certificate alerts

Showing results for 
Show  only  | Search instead for 
Did you mean: 

MSI stolen certificate alerts

L0 Member

Today we started to get alerts for all our MSI laptops with the reason: "Behavioral threat detected (rule: msi_stolen_certificate.1)". The alerts trigger on the MSI software installed on the latops, like "MSI center", or "One dragon center".


Are these false positives?


L4 Transporter

HI @MRoberti,


Thanks for reaching out on LIVEcommunity.


The BTP rules you've mentioned are not a part of a bug or unintended action of Cortex XDR.  With that being said it would not be possible for me to determine if those alerts are false positive or not. They'd need to be investigated thoroughly.  I might suggest reaching out to support if you think these alerts are being created in error so they can examine the issue more closely.


I hope this information helps.  Have a great day!

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events: Cortex XDR Customer Corner

L1 Bithead

We got the same alert for Intel Arc. Turns out Intel uses a component called Rivatuner in their setup and this is made by MSI. I guess leak of MSI certificates have caused cortex to consider all certificates from MSI as insecure? Would like to know more about this too.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!