[ad_1]
Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be flagged as malware and the Windows registry to be incorrectly modified.
According to hundreds of customer reports that began streaming earlier this week on the company’s forum and on social media, the affected false-positive update packages stored in the Microsoft Edge installation folder.
As users revealed, Trend Micro Apex One marked browser updates as Virus/Malware: TROJ_FRS.VSNTE222 and Virus/Malware: TSC_GENCLEAN.
Correction and solution available
The cybersecurity software maker has addressed the issue and posted an advisory urging customers to update their products and ensure that the Smart Scan Agent Pattern and Smart Scan Pattern are updated to the latest version.
“Trend Micro is aware of a detection issue reported today regarding a possible false positive with Microsoft Edge and a Trend Micro Smart Scan pattern,” the company said.
“The pattern has been updated to remove the detection in question and we are investigating the root cause of the issue. More information can be provided once the investigation is complete.
“Confirm that the Smart Scan Agent Pattern is 17.541.00 or later AND the Smart Scan Pattern is 21474.139.09 or later, which resolves the issue.”
Trend Micro also shared a workaround if the pattern update did not fix the issue that requires adding multiple Microsoft Edge folders to the Apex One exclusion list.
Restoring registry changes
While the solution provided by Trend Micro for the false positive can be easily applied by updating Apex One, some customers have also reported that this issue also caused Windows registry entries to be modified after the Agent Damage Cleanup tool was run.
“It was reported that some customers observed some registry changes as a result of detection based on their endpoint cleanup configuration settings,” Trend Micro added.
This requires affected users to restore backups made by the Apex One agent through a procedure that will help revert changes made by Damage Cleanup.
The company also shared a script that would help system administrators automate the registry restore procedure with the help of group policy or other enterprise scripting tools.
However, you should first test this automation tool before running it on your entire environment.
“Please note that administrators looking to use this script as a batch file or through another method should first carefully review the script and test it in their environment before any widespread development,” Trend Micro explained.
“Customers who continue to experience issues are encouraged to contact their authorized Trend Micro representative for further assistance.”
[ad_2]
