Trend Micro classifies Microsoft’s Edge updates as malware

Trend Micro’s Apex One endpoint security solution has mistakenly recognized Microsoft’s Edge web browser updates as malware. Any Windows registry changes made by mistake can be repaired.

False positives have always poisoned the lives of security managers. Even more so when the latter come from totally legitimate solutions, as was the case with Edge updates which were triggered as such by a Trend Micro solution. Specialized in the protection of endpoints, Apex One has indeed detected the version upgrades of Microsoft’s web browser as malware. A finding that was expected like wildfire on the web by several hundred users both on the forums of the security editor and on reddit. These false positives use package updates built into the Microsoft Edge installation folder, detected as malware by Apex One as TROJ_FRS.VSNTE222 and Virus/Malware: TSC_GENCLEAN.

“Trend Micro is aware of a detection issue that was reported earlier today regarding a potential false positive with Microsoft Edge and a Trend Micro Smart Scan model. The model has been updated to remove the detection in question and we are investigating the root cause of the issue. “Please verify that the Smart Scan Agent Pattern is version 17.541.00 or later and the Smart Scan Pattern is version 21474.139.09 or later, which resolves the issue.”

A possible workaround

In the event that applying the update does not work, the security editor offers a workaround of excluding the location of the msedge_200_percent.pak package file that Apex One mistakenly detected. This exclusion applies to the following locations:

C:Program Files (x86)MicrosoftEdgeApplication101.0.1210.32*;
C:Program FilesMicrosoftEdgeApplication101.0.1210.32*;
C:Program Files (x86)MicrosoftEdgeWebViewApplication101.0.1210.32*;
C:Program Files (x86)MicrosoftEdgeCore101.0.1210.32*;
C:Program Files (x86)MicrosoftEdgeApplication101.0.1210.32*;
C:Program Files (x86)MicrosoftEdge BetaApplication101.0.1210.31*.

Repair Windows Registry Changes

Unfortunately, other issues could also be reported by users: “It has been reported that some customers have observed registry changes as a result of detection based on their endpoint wipe configuration settings,” said Micro trend. To overcome this situation, a procedure has also been pushed to recover the changes made to the Windows registers.

1. On the activated machine, open an order prompt with elevated administrator rights;
2. Navigate to the Backup folder on the affected machine running the Apex One Agent (usually C:Program Files (x86)Trend MicroSecurity AgentBackup).
3. There must be a file named, TSE_GENCLEAN_XXXX_XX_XX_XX_XX_XXX_XXX_XXX.DAT in the folder and write down this name (ex: TSC_GENCLEAN_2022_05_03_17_54_14_118_035.DAT);
4. Go back to the Agent folder (usually C:Program Files (x86)Trend MicroSecurity Agent);
5. Launch/execute the following command:
a. 64-bit systems: tsc64.exe -restore=.backupTSC_GENCLEAN_XXXX_XX_XX_XX_XX_XXX_XXX_XXX.DAT
b. 32-bit machines: tsc.exe -restore=.backupTSC_GENCLEAN_XXXX_XX_XX_XX_XX_XXX_XXX_XXX.DAT

The editor clarifies that the TSC_GENCLEAN_XXXX_XX_XX_XX_XX_XXX_XXX_XXX.DAT file in command string a and b should be replaced with the name of the one noted in step number 3.” Please note that admins looking to use this script as a batch file or through another method should first carefully review the script and tester in their environment before any large-scale development,” the publisher explained. “Customers who are already experiencing issues are encouraged to contact their authorized Trend Micro representative for assistance. »

Leave a Comment