Skip to main content
Microsoft Security Intelligence
Published May 16, 2017 | Updated May 17, 2017


Detected by Microsoft Defender Antivirus

Aliases: No associated aliases


Windows Defender AV detects and removes this threat.

This threat is a flaw in an out-of-date Conexant HD Audio Driver installation that is pre-installed on some models of HP PCs. As part of debugging code that was accidently left in by Conexant, this outdated driver can log keystrokes to a file that can be accessed by other users logged into the same PC and under some configurations can be accessed remotely by other people on your local network. It is important to note that any data logged is erased each time a user logs off or restarts their PC.

This detection removes the Conexant component that causes this keylogging. Doing so also disables the keyboard short cut that turns the microphone on and off.  The keylogging was caused by debug code that was unintentionally left by Conexant and was not meant to be included in the final shipped version. No keylogging data is sent to HP or Conexant. HP has fixes available and these fixes are installed automatically for customers who use Windows Update.  These fixes remove any logging of keys, and also automatically remove the logfile.  See their security advisory for more information.

To restore functionality of the laptop microphone shortcuts after this detection, install the latest version of the Conexant HD Audio Drivers automatically provided through Windows Update or download it from HP.COM. You can check for Windows updates manually from the following sites:

Alternatively, you can manually download and install the updates to your device from HP:

You can also refer to the following content from HP for additional information:


Run antivirus or antimalware software

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan.

Use cloud protection

Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10. 

To check if it's running, go to All settings > Update & security > Windows Defender and make sure that your Cloud-based Protection settings is turned On.

Get more help

You can also see our advanced troubleshooting page for more help or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page

If you think that an application has been wrongfully identified, submit the file here along with the detection name in the comments section.

Follow us