Issue/Security: HASS.Agent Installs vulnerable driver

[leankuroneko]

Describe the bug After installing HASS.Agent, ESET Endpoint Security raised an alert and quarantined the file inpoutx64.sys for being potentially unsafe

Searching about this I found in the ESET Forum that although not infected this file has vulnerabilities that can be used in Privilege Escalation (further investigation). This concern was also raised in MalwareTips and in a Windows Community post where it's mentioned to be blocked by Riot's Anti Cheat Engine.

Maintainer: Personally I haven't used the thing myself for about 7 years https://forums.highrez.co.uk/viewtopic.php?p=17167&sid=c775cbad2219955de63ce2821f17cbd5#p17167

Footer: The Author makes no guarantee that this software is free from bugs and will not harm your system. https://highrez.co.uk/

I'd suggest its removal or replacement since given it seems abandoned

Screenshots

Scan Module: Real-Time File System Protection Object: C:\WINDOWS\system32\Drivers\inpoutx64.sys Detection: Win64/HighRez.A (Potentially Unsafe Application) User: NT AUTHORITY\SYSTEM Information: An event occurred in a new file created by the application: C:\Program Files\HASS.Agent\Service\HASS.AgentSatelliteService.exe (4E72406DE7447604BB86085F5DDAFAB8BAOB57C5). Hash: 6AFC6B04CF73DD461E4A4956365F25C1F1162387

Misc info (please complete the following information):

• Windows build: 23H2 (22631.4169)
• Windows' UI language: es_AR
• HASS.Agent version: 2.0.1
  • ESET Endpoint Security: 11.1.2039.2 (Detection engine: 29912)

Please check what's applicable (multiple answers possible):

• [x] Installed via installer
• [x] Problem occurs in HASS.Agent

[amadeo-alex]

Thank you for the information! Looks like the next release after 2.1.0 will be a security themed one. I'll have quite more time next week (starting tmrw) to work on HASS.Agent so I'll take a deeper dive to investigate this.

[patrickdickey52761]

I'm having a similar issue with the Satellite Service driver. As soon as I finished the installation, Avast blocked the driver. On their end, the only way to allow the driver is to turn off the protection completely (which is a bug in their program, IMHO). Here's a screenshot of the warning message. I'm adding it to this as opposed to creating a new issue because it's related to the underlying issue of potentially unsafe drivers/code being used.

Have a great day. :) Patrick.