HP/Conexant Audio Driver and detection (SecurityRisk.Mtray)

book

Article ID: 169985

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Some Conexant HD Audio Drivers, commonly distributed with HP laptops, store keystrokes in the product's debug log. This behavior is similar to other Security Risks and could be used by someone with malicious intent as a keylogger.

Resolution

Due to the inherent risk to our customers' security, Symantec has created the signature SecurityRisk.Mtray to detect the audio drivers exhibiting this behavior.  This signature went live in Rapid Release sequence 186893 (version 08/16/2017 revision 3).

Users of Norton-branded products will see a prompt for removal, while Symantec Endpoint Protection will by default quarantine the file.

For details on affected versions of the driver and patched drivers, please visit the HP Customer Support Center:
https://support.hp.com/lamerica_nsc_carib-en/document/c05519670

Note: Because the files involved are part of the audio driver, the sound on the computer may be affected after removal. The installation of the vendor's updated driver version will restore audio (See download links in the above HP URL).