I have an MSI gaming laptop that runs MSI Center. There is a file called FixNorton.exe located at C:\Program Files (x86)\MSI\MSI Center\PushCast\Push20221215131801\FixNorton.exe dated 12/19/22 v.1.2022.1219.1. There is a new scheduled task called "MSI Task Host - FixNorton.exe" that runs this file at logon. No one on the MSI Forums seems to know what this file does, but acknowledges they also have this file and task, even though some do not even have Norton installed. Norton File Insight says this file was released a month ago and is trusted, mature, and that Hundreds of thousands of users in the Norton Community have used this file. This file is signed by MICRO-STAR INTERNATIONAL CO., LTD. and does not appear to be part of Norton 360. As the file name implies, it appears to fix Norton at every log on. Yet I have disabled this file from running with no adverse effects with my Norton 360 or any other function of my PC. I have no errors logged regarding this file not running. I know this file and scheduled task was installed with the MSI Center App update from the MS Store back on 12/19/22 and did not exist prior to the update.
Since Norton File Insight says this file is used by users in the Norton Community, I'm reaching out to see if anyone can shed light on this file and what it does.
Hello All, I want to thank you for all the comments and advice. I was able to fix this issue by using the MSI Center Uninstall Tool to completely uninstall the MSI Center and all associated files and restarted my PC. I then ran Norton Virus Scan with no viruses detected. I ran Ccleaner to check the registry. I then searched all files and the registry for any "MSI Center" "PushCast" or "FixNorton" directories and files. I verified the scheduled task was also removed. Satisfied there are no latent files left behind and my system appears to be clean, I did a fresh install of MSI Center from the MS Store; v.2.0.6.0. Wallah, no "PushCast" sub-directory, no FixNorton.exe, and no scheduled tasks. It has been 2 weeks and all is well. I will monitor every MSI Center update from now on.
You're most welcome. Malicious files being used by a third party are using valid digital signatures from various vendors to gain access into Windows in today's world. A number of security sites have reported and still do regarding the ever evolving landscape with Microsoft along with other companies not properly vetting their software in the realm of security. Taking money seems to be the overall one thing companies to very well. Quality assurance and support not so much. I would also run a full system scan with your Norton product after removal of your MSI Center just to be on the safe side of things.
Edited: If you also have a pre-installed version of Norton provided by MSI I would convert to a fully fledged Norton product as well.
Hello SoulAsylum, I thank you for your information. I had no idea of the vulnerabilities with MSI apps. Your advice seems wise. FYI, I was in contact with MSI Technical Support, who told me they do not have this file listed and have no information on the file. At first they told me it is there because Norton trial is preinstalled. When I asked what this file does, they said that they cannot know every file involved with all the software and he could not answer that. Because the file is digitally signed by MSI and came via MS Store it has been check and is safe. Yeah, Right! He was of no help regarding this. Thanks again for your advice. AMX831
Hello AMX831. Personally I have never seen the file mentioned appear on any of my machines, all run different versions of Norton. MSI Center appears to be the issue here. Alike Dell and HP update utilities, I've had both as I own devices from each manufacturer. They produce things that are bogus at times. Needless startup entries that confuse customers. They've also been known for having vulnerabilities allowing for remote code to be executed and privilege escalation without user consent. My advice is remove MSI Center for those reasons, as I have on all my Dell / HP machines right out of the box. Please review the following below regarding MSI Center and recent vulnerabilities. Note that the top 5 listings are still active and have not been assigned a score, meaning the vendor has not taken action.