[German]A brief addendum to Trend Micro WFBS 10.0 SP1: Patch Build 2178. It looks like this patch is causing some minor issues. Several readers reported, that suddenly a spyware infection is reported on the clients during the scan.
Trend Micro released a patch with build 2178 for its Worry Free Business Security version 10.0 Service Pack 1 on October 26, 2019. This patch is intended to close a 0-day vulnerability in the web console. I reported about the update in the blog post Trend Micro WFBS 10.0 SP1: Patch Build 2178 released and also mentioned a workaround for installation issues.
Suddenly (false) Spyware Warnings
Several users are reporting that TM WFB SP1 Build 2178 reports suddenly false Spyware alarms during a scan. The comments may be found within my blog post Trend Micro WFBS 10.0 SP1: Patch Build 2178 released. Matthew Warburton for instance writes about it:
Hi, we installed this latest patch and have noticed on every computer it is detecting between 80 and 100 pieces of spyware (all the same). I’m pretty sure they are false positives as we are seeing no issues with any of the PCs and all the pieces of spyware are ranging between around 2003 and 2012 – so it’s not like they are new instances of spyware. Has anyone else noticed this?
Also user Alessando (and two other has confirmed this issues. Blog reader Alessando wrote:
Yes, the same problem here.
Now on every computer it is detecting around 530 spywares every manual scan (the same spywares on all the clients).
Moreover, after the patch the clients can’t update theirselves (network/proxy error): after the rollback the clients can update theirselves, but they detect the 530 spywares (because the patch on the client remain the 2178).
Even more critical is that after installing patch 2178, clients can no longer update themselves and report a network/proxy error. After I published the German blog post Spyware-Probleme mit Trend Micro WFBS 10.0 SP1: Patch Build 2178 a couple of hours ago, German user Calvin left this comment:
The installation went smoothly for me, but since installing the patch countless spywares have been detected with every scan (50 to 100 per client), but they definitely seem to be “false positives”. The registry keys are not present at all, neither before nor after the scan and they are mostly very old spyware. The patch seems to have been knitted with too hot a needle.
And Calvin left the English comment here with a similar message. It seems that Trend Micro needs to patch again. I will check, if I can inform them via twitter.