Trend Micro Anti-Virus Accidentally Modifies Windows Registry: Fix Provided

Apex One, the Trend Micro antivirus software, has announced

that it has fixed a false positive detection in which a Microsoft Edge update was tagged as a malware, incorrectly modifying the Windows registry.

https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US

According to reports that began circulating on the company’s forums and social networks, the false positives affected update packages stored in the Microsoft Edge installation folder.

In addition, Trend Micro Apex One appears to have flagged the browser update as a virus/malware, showing “TROJ_FRS.VSNTE222” and “Virus/Malware: TSC_GENCLEAN”.

Fixes and workarounds

To address this issue, we have released an advisory that encourages you to update your product and update your Smart Scan Agent Pattern and Smart Scan Pattern to the latest versions.

Trend Micro is aware of a detection issue related to possible false positives in the reported Microsoft Edge and Trend Micro Smart Scan patterns.

We have updated the pattern to remove the problematic detection and are investigating the root cause of the issue.

More information will be provided once the investigation is complete.

Please confirm that both the smart scan agent pattern 17.541.00 or later AND the smart scan pattern 21474.139.09 or later will resolve the issue.

Trend Micro also informed us that we need to add multiple Microsoft Edge folders to the Apex One exclusion list as a temporary workaround if the pattern update does not resolve the issue.

Restore registry changes

While the fix for the false positives provided by Trend Micro can be easily applied by updating Apex One, some users have also reported that this issue has caused changes to Windows registry entries after running the agent’s Damage Cleanup tool.

The fix for the false positives can be easily applied by updating Apex One.

Trend Micro states that “Due to Endpoint Cleaning configuration settings, some customers have reported seeing registry modifications as a result of the detection.”

As a result, affected users will need to restore backups made with the Apex One agent through the Damage Cleanup procedure to undo the changes

We also shared a script that allows system administrators to automate the registry restore procedure using Group Policy and other enterprise scripting tools.

https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US#:~:text=Reference%20Script%20For%20Restoration

However, this automation tool must be tested before it is run in the entire environment.

Please note that administrators who intend to use this script in a batch file or otherwise should first carefully review and test the script in their own environment before deploying it widely

Leave a Reply

Your email address will not be published.