- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My security software Cynet has detected that this binary which is located at C:\ProgramData\Intel\AGS\Libs is a potentially malicious software.
Upon checking at virustotal, two other security softwares have detected it as well.
For now, i manually delete this binary file upon detection as a safety precaution. Unless you can explicitly advise if this software is legitimate and safe. Im worried about its existence because this binary is unsigned.
All my endpoints are running Windows 10 LTSC
There was an old thread discussing the same here.. but it is inconclusive and the topic was locked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
Based on the research performed, I would like to let you know that the agsrunner.bin element is installed as part of Intel Graphics Command Center, specifically for the 'AutoGameSettings' component, thus Intel confirms this is a false positive and the file is indeed safe and provided by Intel.
Intel is working on providing it with a digital signature to prevent this alert from occurring in the future (actually should be included in the next 1 or 2 driver releases), in the meantime you can safely add it to a white-list or exception list on the security software."
Regards,
Deivid A.
Intel Customer Support Technician
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
additional details on this file
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
Thank you for posting on the Intel® communities.
In order to better assist you, please provide the following:
1. Run the Intel® System Support Utility (Intel® SSU) to gather more details about the system.
· Download the Intel® SSU and save the application on your computer: https://downloadcenter.intel.com/download/25293/Intel-System-Support-Utility-for-Windows-
· Open the application, check the "Everything" checkbox, and click "Scan" to see the system and device information. The Intel® SSU defaults to the "Summary View" on the output screen following the scan. Click the menu where it says "Summary" to change to "Detailed View".
· To save your scan, click Next and click Save.
2. What is the exact name of the security software? Get several matches with only "Cynet".
3. Did you get an alert when opening an app or on idle when you noticed the potentially malicious software? Or how did you notice it?
4. Have you updated your system (drivers, windows, BIOS)?
Regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1.) as this is a company computer, is it okay i truncate all company-confidential information on the attachment?
2.) cynet is our EDR : https://www.cynet.com
3.) our EDR has a policy of doing a scan on a binary file that has at least 1-virustotal detection
4.) drivers, windows - yes ; bios - no (does this matter for this detection) ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
Thanks for the information provided.
In order to avoid sharing sensitive information, I will ask you for the Intel® System Support Utility report by email. Please reply to that email only with the information requested.
Regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
Were you able to check the email sent and get the information requested? Please let me know if you need more assistance.
Regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
We have not heard back from you, so we will close this inquiry. If you need further assistance or if you have additional questions, please create a new thread and we will gladly assist you.
Regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello JoeBloggs,
Thank you for the information provided
I will proceed to check the issue internally and post back soon with more details.
Best regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
In order to proceed further, can you provide/try the following:
1. Update the BIOS to the latest version.
2. Is this happening on any other computer from the organization?
3. Have you presented any issues since you noticed this file?
Regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi David A.
1. Sorry, but does that matter at all on such file to appear? I don't see any technical connection between the bios and this file?
2. Yes it started appearing across my endpoints
3. No it did not. But i am worried that this might indicate to a malware payload or something that can potentially be used for potential malware payload as the file is unsigned.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
Thank you for the information provided
I will proceed to check this situation further and as soon as I have any updates I will let you know.
Best regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
After an investigation, we confirmed that the file is safe. You can add it as a white list or exception. As per the request to update the BIOS, it was because there could be a microcode that helps to protect the computer on its latest version.
If you have any concerns, just let me know.
Regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Deivid,
Would it be possible in the future that this binary be signed?
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Curious as to what is the purpose of that file and that it needs to be unsigned also?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
In order to address your inquiries, I will check internally to make sure that I will provide you with accurate information.
Thanks for your comprehension.
Regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Deivid,
For the time being, i have set my endpoint protection to delete any of such file detection (agsrunner.bin) for safety. I am just super cautious as it might/can be weaponized to inject payloads if neither of us has confirmation on its purpose.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
Based on the research performed, I would like to let you know that the agsrunner.bin element is installed as part of Intel Graphics Command Center, specifically for the 'AutoGameSettings' component, thus Intel confirms this is a false positive and the file is indeed safe and provided by Intel.
Intel is working on providing it with a digital signature to prevent this alert from occurring in the future (actually should be included in the next 1 or 2 driver releases), in the meantime you can safely add it to a white-list or exception list on the security software."
Regards,
Deivid A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello edmoncu,
Were you able to check the previous post? Please let me know if you need more assistance.
Regards,
Deivid A.
Intel Customer Support Technician
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page