{"id":24288,"date":"2022-05-03T13:30:12","date_gmt":"2022-05-03T11:30:12","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=24288"},"modified":"2024-10-05T21:31:41","modified_gmt":"2024-10-05T19:31:41","slug":"trend-micro-apex-one-lst-fehlalarm-beim-microsoft-edge-101-0-1210-32-aus","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/05\/03\/trend-micro-apex-one-lst-fehlalarm-beim-microsoft-edge-101-0-1210-32-aus\/","title":{"rendered":"Trend Micro Apex One triggers false positive with Microsoft Edge 101.0.1210.32"},"content":{"rendered":"

\"Sicherheit[German<\/a>]A quick note for administrators and users who use the Trend Micro Apex One product and at the same time use Microsoft Edge as a browser under Windows. I have now received numerous reports on the blog that Trend Micro Apex One is classifying the msedge_200_percent.pak file from Edge 101.0.1210.32 as malware\/trojan. This is a false positive. Addendum:<\/strong> An update to fix the issue has been released.<\/p>\n

<\/p>\n

Microsoft Edge 101.0.1210.32<\/h2>\n

\"\"Microsoft  has updated the Chromium Edge browser to version Edge 101.0.1210.32 as of April 28, 2022. This is a maintenance update that closes the two vulnerabilities CVE-2022-29146<\/a>(privilege elevation) and CVE-2022-29147<\/a> (information retrieval) (see also the release notes<\/a> for the new version). In addition, a number of CVEs that have already been fixed in Google Chrome have also been included in the Edge update. I had reported on this in the blog post Microsoft Edge 101.0.1210.32<\/a>. <\/p>\n

hat zum 28. April 2022 den Chromium-Edge Browser auf die Version Edge 101.0.1210.32 aktualisiert. Es handelt sich um ein Wartungsupdate, das die beiden Schwachstellen  (Privilegienerh\u00f6hung) und  (Abrufen von Informationen) schlie\u00dft (siehe auch die Release Notes-Seite<\/a> zur neuen Version). Zudem wurden eine Reihe CVEs, die bereits im Google Chrome gefixt wurden, auch im Edge-Update ber\u00fccksichtigt. Ich hatte im Blog-Beitrag Microsoft Edge 101.0.1210.32 Sicherheitsupdate<\/a> dar\u00fcber berichtet. <\/p>\n

Trend Micro Apex One false positive alarm<\/h2>\n

Since today, May 3, 2022, I've been getting more and more feedback from administrators on my blog about Trend Micro's Apex One security solution raising a false alarm and supposedly detecting a Trojan. The first German comment here<\/a> already describes the situation:<\/p>\n

\n

The update causes a false positive on Trend Micro Apex One! <\/p>\n

All of our client agents are currently alerting on the automatic update, pointing to the following file:<\/p>\n

C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\101.0.1210.32\\msedge_200_percent.pak<\/pre>\n
Virus\/Malware: TROJ_FRS.VSNTE222
Virus\/Malware: TSC_GENCLEAN <\/p>\n
We are currently analyzing the incident and therefore we cannot give exact information about it yet.<\/p>\n<\/blockquote>\n
The whole thing is confirmed by other administrators. The file msedge_200_percent.pak from Edge 101.0.1210.32 is reported as
\"TROJ_FRS.VSNTE222\". Reader Thomas<\/a> uploaded the file to Virustotal. Only Trend Micro recognizes it as a virus. Peter L. reports here<\/a> that also the registry entry:<\/p>\n
HKEY_USERS\\$SID\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop\\NoChangingWallpaper<\/pre>\n
ris changed. Based on what is known so far, this is likely to be a false positive. <\/p>\n
Forum thread at Trend Micro<\/h2>\n
Since a few minutes there is also this thread at Trend Micro in the forum, where a user also complains about this false alarm in Edge.   <\/p>\n
\n
we are getting this message from every client since several minutes.
Is it a false positiv error or do we have a real trojaner problem ? <\/p>\n
Virus\/Malware: TROJ_FRS.VSNTE222 <\/p>\n
Endpoint: W10NBSV066 <\/p>\n
Domain: xxxxx\\Workstations\\Group5\\ <\/p>\n
File: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\101.0.1210.32\\msedge_200_percent.pak <\/p>\n
Date\/Time: 5\/3\/2022 11:17:51 <\/p>\n
Result: Action required – Apex One detect<\/p>\n<\/blockquote>\n
The whole thing is also confirmed by numerous users there. One user there confirmed that the malware team was informed about the false alarm and was working on an update.<\/p>\n
\n
Hi Team, <\/p>\n
Our Malware Team are already aware of these False Alarms and is currently checking the issue. Will provide an update once we receive new feedbacks. <\/p>\n
Best regards, <\/p>\n
Paulo Obrero <\/p>\n
Customer Service Engineer <\/p>\n
Trend Micro Inc.<\/p>\n<\/blockquote>\n
All that remains is to wait until the update arrives – and in the meantime to declare the file in question as an exception. <\/p>\n
\n
Note: I also received reports, that Trend Micro Worry Free Business Security has also this false positive alarm.<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
[German]A quick note for administrators and users who use the Trend Micro Apex One product and at the same time use Microsoft Edge as a browser under Windows. I have now received numerous reports on the blog that Trend Micro … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[780,466,69,1671],"class_list":["post-24288","post","type-post","status-publish","format-standard","hentry","category-security","tag-chrome","tag-problem","tag-security","tag-trend-micro"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=24288"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24288\/revisions"}],"predecessor-version":[{"id":35843,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24288\/revisions\/35843"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=24288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=24288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=24288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}