Crowdstrike EDR repeatedly flags m365copilot_autostarter.exe

Hello,

Here's what I would recommend.

This looks like a legitimate Microsoft 365 Copilot / OfficeHub component that’s triggering low-confidence, ML-based informational alerts in CrowdStrike because the autostarter binary is not presenting a normal Authenticode signature.

- Coordinate with CrowdStrike: submit the sample (or CrowdStrike can pull it) so Falcon analysts can mark it as a false positive or tune models. Request a detection rule update so the informational alerts stop reoccurring in customers where the file is verified clean.  
- Prefer publisher/package exceptions in your EDR policy rather than hash exceptions. Hashes will change with updates; publisher/package exceptions survive updates better (but only do this after vendor confirmation).  
- Monitor for changes: if Microsoft pushes updated OfficeHub/Copilot releases, track new hashes and repeat verification. Consider automating hash collection from your fleet and a change-detection alert for unknown publisher/signature changes.

Jovan.