Endpoint Protection

  • Private Community
 View Only

  • 1.  How to fix MicTray issue

    Posted Mar 07, 2018 08:19 AM

    Hello there,

    I have some devices with problem Audio Driver HP reporting on SEPM as Risk.Mtray. The proposed solution was to update driver but I noticed after update testing in some cases continue reporting issue.

    I saw in some articles that the path of the crash was specifically C: \ Windows \ System32 \ MicTray64.exe but
    I have computers pointing to failure also in the C: \ Windows \ System32 \ spool \ drivers \ x64 \ 3 \ Xerox \ Product Data \ Public \ DCPs \ x2UNIVMS \ V5.0 \ swsetup \ Audio \ Audio \ X86 \ MicTray \ MicTray \ MicTray .exe

    Someone got solve completely that issue? Or give me a suggestion how to do?

    Thanks!



  • 2.  RE: How to fix MicTray issue

    Posted Mar 07, 2018 08:22 AM

    SEP was/is detecting vulnerable versions and removing them. Supposedly, a driver was released that fixed all of this and patched the vulnerability. We haven't seen issues since so are you sure that these are patched with the latest version?



  • 3.  RE: How to fix MicTray issue

    Posted Mar 07, 2018 08:47 AM

    Brian,

    We download the patch on website https://support.hp.com/rs-en/document/c05519670. I'll try to update manually another device and observe its behavior.



  • 4.  RE: How to fix MicTray issue

    Posted Mar 07, 2018 08:50 AM

    SEP is only detecting vulnerable versions so I can only assume the latest patch has not been applied and/or something was corrupted. I'm not sure it could be a false positive as I haven't seen others chime in or have observed this in our environment. But you never know...



  • 5.  RE: How to fix MicTray issue

    Posted Mar 08, 2018 05:14 AM

    Hi Henrique,

    Thanks for the post. Yes, the best solution is updating to drivers that were built after last May's fix. Some more information:

    HP/Conexant Audio Driver and detection (SecurityRisk.Mtray)
    http://www.symantec.com/docs/TECH247287



  • 6.  RE: How to fix MicTray issue

    Posted Mar 12, 2018 08:27 AM

    Hi Mick2009,

    I updated de driver but now its showed infection on file 

    C:\Windows\System32\spool\drivers\x64\3\Xerox\Product Data\Public\DCPs\x2UNIVMS\V5.0\swsetup\Audio\Audio\X86\MicTray\MicTray\MicTray.exe

    I saw on log risk in desciption tab like 

    AP realtime deferred scanning

    Do I need to do anything else?



  • 7.  RE: How to fix MicTray issue

    Posted Mar 12, 2018 09:36 AM

    Hi Henrique,

    What's the hash of the file detected?  Check how old that file really is through a third-party resource like virustotal.com.  I expect that it will date from before the fixed versions were built and released. 



  • 8.  RE: How to fix MicTray issue

    Posted Mar 12, 2018 10:30 AM

    Follow below Mick,

    Hash: 

    1AE0432382A7726EF67C7B8774F8301A5F9BD3AA31465772D0309892E078538F

    Result Virus Total:

     

    History

    <paper-icon-button aria-disabled="false" class="style-scope vt-expandable-subsection x-scope paper-icon-button-2" icon="vt-icons:info-outline" id="info" noink="" role="button" style="display: inline-block; position: relative; padding: 8px; outline: none; user-select: none; cursor: pointer; z-index: 0; line-height: 1; width: 30px; height: 30px; -webkit-tap-highlight-color: transparent; box-sizing: border-box; border-radius: 50%; color: rgb(116, 116, 116); top: -4px;" tabindex="0"><iron-icon class="style-scope paper-icon-button x-scope iron-icon-0" id="icon" style="display: inline-flex; align-items: center; justify-content: center; position: relative; vertical-align: middle; fill: currentcolor; stroke: none; width: 14px; height: 14px;"></iron-icon></paper-icon-button><paper-tooltip animation-delay="0" class="tooltip-info style-scope vt-expandable-subsection x-scope paper-tooltip-0" for="info" noink="" position="right" role="tooltip" style="display: block; position: absolute; outline: none; z-index: 1002; user-select: none; cursor: default; box-sizing: border-box;" tabindex="-1"></paper-tooltip>
    <vt-file-details-history class="style-scope vt-result-file" style="box-sizing: border-box;"><vt-keyval-table class="style-scope vt-file-details-history x-scope vt-keyval-table-0" id="history-properties" style="line-height: 1.3em;">
    Creation Time
    2015-10-26 07:09:10
    First Seen In The Wild
    2015-10-26 02:09:10
    First Submission
    2015-12-12 10:25:25
    Last Submission
    2017-12-22 05:25:39
    Last Analysis
    2018-02-22 16:13:18
    Signature Date
    2015-10-26 08:21:00
    </vt-keyval-table></vt-file-details-history>

     



  • 9.  RE: How to fix MicTray issue

    Posted Mar 12, 2018 10:56 AM

    That's what I was expecting.  &: )

    Creation Time
    2015-10-26 07:09:10

     
    That version of the tool is the vulnerable one, dating from before the fix was implemented last year. 

     



  • 10.  RE: How to fix MicTray issue

    Posted Mar 13, 2018 12:11 PM

    Hi again Henrique,

    Please do update this thread with any new questions or with confirmation that you have received your answer.  It is still marked "needs solution."