Processors
Intel® Processors, Tools, and Utilities
14503 Discussions

agsrunner.bin in %programdata%\intel

edmoncu
Novice
‎07-13-2021 06:32 PM
18,899 Views
Solved Jump to solution

edmoncu_1-1626226029362.png

My security software Cynet has detected that this binary which is located at C:\ProgramData\Intel\AGS\Libs is a potentially malicious software.

 

Upon checking at virustotal, two other security softwares have detected it as well.

 

For now, i manually delete this binary file upon detection as a safety precaution. Unless you can explicitly advise if this software is legitimate and safe. Im worried about its existence because this binary is unsigned.

 

All my endpoints are running Windows 10 LTSC

 

There was an old thread discussing the same here.. but it is inconclusive and the topic was locked.

0 Kudos
1 Solution
DeividA_Intel
Employee
‎09-14-2021 05:40 PM
18,349 Views
Solved Jump to solution

Hello edmoncu, 



Based on the research performed, I would like to let you know that the agsrunner.bin element is installed as part of Intel Graphics Command Center, specifically for the 'AutoGameSettings' component, thus Intel confirms this is a false positive and the file is indeed safe and provided by Intel. 


Intel is working on providing it with a digital signature to prevent this alert from occurring in the future (actually should be included in the next 1 or 2 driver releases), in the meantime you can safely add it to a white-list or exception list on the security software."





Regards,  

   

Deivid A. 

Intel Customer Support Technician 


View solution in original post

0 Kudos
Copy link

Link Copied

22 Replies
edmoncu
Novice
‎07-13-2021 07:16 PM
17,732 Views
Solved Jump to solution

additional details on this file

edmoncu_0-1626228603989.png

edmoncu_1-1626228994237.png

 

0 Kudos
Copy link
DeividA_Intel
Employee
‎07-15-2021 11:38 AM
17,706 Views
Solved Jump to solution

Hello edmoncu,  

  


Thank you for posting on the Intel® communities.   

  


In order to better assist you, please provide the following:  


  


1. Run the Intel® System Support Utility (Intel® SSU) to gather more details about the system.  


· Download the Intel® SSU and save the application on your computer:   https://downloadcenter.intel.com/download/25293/Intel-System-Support-Utility-for-Windows-


· Open the application, check the "Everything" checkbox, and click "Scan" to see the system and device information. The Intel® SSU defaults to the "Summary View" on the output screen following the scan. Click the menu where it says "Summary" to change to "Detailed View".  


· To save your scan, click Next and click Save.  



2. What is the exact name of the security software? Get several matches with only "Cynet".


3. Did you get an alert when opening an app or on idle when you noticed the potentially malicious software? Or how did you notice it?


4. Have you updated your system (drivers, windows, BIOS)?






Regards,  

  

Deivid A. 

Intel Customer Support Technician 


0 Kudos
Copy link
edmoncu
Novice
‎07-18-2021 05:52 AM
17,685 Views
Solved Jump to solution
In response to DeividA_Intel

1.) as this is a company computer, is it okay i truncate all company-confidential information on the attachment?

2.) cynet is our EDR : https://www.cynet.com

3.) our EDR has a policy of doing a scan on a binary file that has at least 1-virustotal detection

4.) drivers, windows - yes ; bios  - no (does this matter for this detection) ?

In response to DeividA_Intel
0 Kudos
Copy link
DeividA_Intel
Employee
‎07-19-2021 03:42 PM
17,641 Views
Solved Jump to solution

Hello edmoncu, 



Thanks for the information provided.



In order to avoid sharing sensitive information, I will ask you for the Intel® System Support Utility report by email. Please reply to that email only with the information requested.





Regards,     


Deivid A.  

Intel Customer Support Technician  


0 Kudos
Copy link
edmoncu
Novice
‎08-01-2021 08:42 AM
17,572 Views
Solved Jump to solution
In response to DeividA_Intel

Email sent. Sorry for the late revert.

In response to DeividA_Intel
0 Kudos
Copy link
DeividA_Intel
Employee
‎07-22-2021 04:13 PM
17,622 Views
Solved Jump to solution

Hello edmoncu,  


  


Were you able to check the email sent and get the information requested? Please let me know if you need more assistance.   


  


Regards,  

  


Deivid A.  

Intel Customer Support Technician  


0 Kudos
Copy link
edmoncu
Novice
‎08-01-2021 08:42 AM
17,572 Views
Solved Jump to solution
In response to DeividA_Intel

Sent the attached log via email

In response to DeividA_Intel
0 Kudos
Copy link
DeividA_Intel
Employee
‎07-27-2021 12:55 PM
17,606 Views
Solved Jump to solution

Hello edmoncu, 


  


We have not heard back from you, so we will close this inquiry. If you need further assistance or if you have additional questions, please create a new thread and we will gladly assist you.  

  


Regards,  


Deivid A.  

Intel Customer Support Technician  


0 Kudos
Copy link
DeividA_Intel
Employee
‎08-02-2021 04:17 PM
17,535 Views
Solved Jump to solution

Hello JoeBloggs, 


  


Thank you for the information provided 


  


I will proceed to check the issue internally and post back soon with more details. 


  


Best regards, 


Deivid A.  

Intel Customer Support Technician 


0 Kudos
Copy link
DeividA_Intel
Employee
‎08-04-2021 03:29 PM
17,506 Views
Solved Jump to solution

Hello edmoncu, 



In order to proceed further, can you provide/try the following:



1. Update the BIOS to the latest version.


2. Is this happening on any other computer from the organization?


3. Have you presented any issues since you noticed this file? 





Regards,  


Deivid A. 

Intel Customer Support Technician 


0 Kudos
Copy link
edmoncu
Novice
‎08-04-2021 07:44 PM
17,493 Views
Solved Jump to solution
In response to DeividA_Intel

Hi David A.

 

1. Sorry, but does that matter at all on such file to appear? I don't see any technical connection between the bios and this file?

2. Yes it started appearing across my endpoints

edmoncu_2-1628131404886.png

3. No it did not. But i am worried that this might indicate to a malware payload or something that can potentially be used for potential malware payload as the file is unsigned.

In response to DeividA_Intel
0 Kudos
Copy link
DeividA_Intel
Employee
‎08-05-2021 03:04 PM
17,484 Views
Solved Jump to solution

Hello edmoncu, 


  


Thank you for the information provided 


  


I will proceed to check this situation further and as soon as I have any updates I will let you know.


  


Best regards, 


Deivid A.      

Intel Customer Support Technician 


0 Kudos
Copy link
DeividA_Intel
Employee
‎08-09-2021 06:40 PM
17,454 Views
Solved Jump to solution

Hello edmoncu, 



After an investigation, we confirmed that the file is safe. You can add it as a white list or exception. As per the request to update the BIOS, it was because there could be a microcode that helps to protect the computer on its latest version.



If you have any concerns, just let me know.





Regards,  


Deivid A. 

Intel Customer Support Technician 


0 Kudos
Copy link
edmoncu
Novice
‎08-09-2021 06:43 PM
17,450 Views
Solved Jump to solution
In response to DeividA_Intel

Hi Deivid,

 

Would it be possible in the future that this binary be signed?

 

Thank you!

In response to DeividA_Intel
0 Kudos
Copy link
edmoncu
Novice
‎08-10-2021 12:03 AM
17,438 Views
Solved Jump to solution
In response to DeividA_Intel

Curious as to what is the purpose of that file and that it needs to be unsigned also?

In response to DeividA_Intel
0 Kudos
Copy link
DeividA_Intel
Employee
‎08-11-2021 12:00 PM
17,420 Views
Solved Jump to solution

Hello edmoncu, 



In order to address your inquiries, I will check internally to make sure that I will provide you with accurate information.


Thanks for your comprehension.




Regards,  


Deivid A. 

Intel Customer Support Technician 


0 Kudos
Copy link
edmoncu
Novice
‎08-26-2021 08:00 PM
17,309 Views
Solved Jump to solution
In response to DeividA_Intel

Thank you Deivid,

 

For the time being, i have set my endpoint protection to delete any of such file detection (agsrunner.bin) for safety. I am just super cautious as it might/can be weaponized to inject payloads if neither of us has confirmation on its purpose.

 

Regards,

In response to DeividA_Intel
0 Kudos
Copy link
DeividA_Intel
Employee
‎09-14-2021 05:40 PM
18,350 Views
Solved Jump to solution

Hello edmoncu, 



Based on the research performed, I would like to let you know that the agsrunner.bin element is installed as part of Intel Graphics Command Center, specifically for the 'AutoGameSettings' component, thus Intel confirms this is a false positive and the file is indeed safe and provided by Intel. 


Intel is working on providing it with a digital signature to prevent this alert from occurring in the future (actually should be included in the next 1 or 2 driver releases), in the meantime you can safely add it to a white-list or exception list on the security software."





Regards,  

   

Deivid A. 

Intel Customer Support Technician 


0 Kudos
Copy link
DeividA_Intel
Employee
‎09-17-2021 03:54 PM
17,123 Views
Solved Jump to solution

Hello edmoncu,  



Were you able to check the previous post? Please let me know if you need more assistance.   


  


Regards,  


Deivid A.  

Intel Customer Support Technician  


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.