Trend Micro antivirus flagging Everything as 'spyware' :-(

General discussion related to "Everything".
Post Reply
StanJ
Posts: 1
Joined: Sat Jul 11, 2020 3:18 pm

Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by StanJ »

Apparently a new update to Trend Micro has decided that Everything is spyware. :roll:

It seemingly flags it due to FileSearcher.c as far as I can tell from Trend's pitiful logs.

Image

It deleted the installer off of my system, and looks like it also deleted the executable from someone else's system, as I know she's been using a fairly recent version of Everything (downloaded within the last 6 months).

One of our IT guys googled something else and said 'Try this one instead'. Yeah, thanks for your weak effort, but NOT interested! I've been happy with Everything for about 10 years, and have no interest in some other off-brand search tool.

Any chance you folks could contact Trend Micro and get Everything whitelisted? Yeah, I know it's a pain dealing with them, but I can't do much as an end-user. My word that Everything isn't spyware doesn't hold much weight. An established company that's been around since 2004? should tell them that you fine folks don't distribute malware.
horst.epp
Posts: 1447
Joined: Fri Apr 04, 2014 3:24 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by horst.epp »

I guess you can itself Whitelist Everything in your Trend Micro client.
Also Virus Total doesnt' complain about actual Everything.exe in none of its 72 scanners including Trend Micro.
https://www.virustotal.com/gui/file/78b ... /detection
void
Developer
Posts: 16745
Joined: Fri Oct 16, 2009 11:31 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by void »

Thank you for your post.

Everything does not contain any spyware.

The latest build is currently not flagged.

I'm reaching out to Trend Micro..
Alister
Posts: 4
Joined: Wed Jul 22, 2020 11:36 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by Alister »

Trend Micro just removed Everything from my machine, but in my case it called it PUA.Win32.FileSearcher.D

Trend Micro is absolutely notorious for spurious false positives and they never seem to learn, they do it over and over again to the same software. I would strongly encourage anyone who has any say in such things to make sure they don't use Trend Micro.
Alister
Posts: 4
Joined: Wed Jul 22, 2020 11:36 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by Alister »

Oh, I see it did PUA.Win32.FileSearcher.C back on July 10. That was just the installer, whereas this was was the installed program.
void
Developer
Posts: 16745
Joined: Fri Oct 16, 2009 11:31 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by void »

My guess is someone is doing something malicious with Everything 1.4.1.969.

I've updated the installer to version 1.4.1.986.

Please make a false positive report on Trend Micro's website:
https://success.trendmicro.com/smb-new-request
Select Threat Issue
Select File False Positive.
Alister
Posts: 4
Joined: Wed Jul 22, 2020 11:36 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by Alister »

I would, except it requires a sample to be uploaded, and I don't know where to find the sample, since TM "cleaned" it. Also I suspect I wouldn't be able to fill in everything on the customer information tab... guess I need to see if our IT are feeling more helpful than usual.
maphew
Posts: 2
Joined: Wed May 23, 2018 4:05 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by maphew »

I tried to report the false positive but am unable to complete the form at step two. This step asks for the product name and version, and the product we are using is not in the list. The only Apex One listed is for MacOS. I tried using that product, plus a couple of other ones, but no go. The blocker is the mandatory "Product Activation Code" field. I don't have this since our scanner is installed on our machines from central IT by group policy. I tried to spoof the activation code with "000" and '123" etc. That let me get to Step 3, but whenever I tried to finish the submission it refused, saying I hadn't completed all the mandatory fields.

Our scanner info:

Apex One Security Agent
Agent version: 14.0.2170
Virus scan engine: 12.000.1008
Last updated: 2020-23-07

I did learn something though: it's only the 64bit version of Everything that is being flagged (by our scanner anyway). I am able to install and use x86 Everything.exe (on 64bit Win10 Enterprise build 1909).
void
Developer
Posts: 16745
Joined: Fri Oct 16, 2009 11:31 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by void »

Thanks for the information.

Please politely let Trend Micro know Everything from voidtools is not unwanted by submitting a ticket.
Alister
Posts: 4
Joined: Wed Jul 22, 2020 11:36 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by Alister »

maphew wrote: Thu Jul 23, 2020 10:21 pm I did learn something though: it's only the 64bit version of Everything that is being flagged (by our scanner anyway). I am able to install and use x86 Everything.exe (on 64bit Win10 Enterprise build 1909).
The issue I found is that I had it configured to index network folders and after installing it doesn't remember these. Not sure if this was caused by Trend deleting the settings, or what
void
Developer
Posts: 16745
Joined: Fri Oct 16, 2009 11:31 pm

Re: Trend Micro antivirus flagging Everything as 'spyware' :-(

Post by void »

Please see the main thread for more information:
viewtopic.php?f=2&t=9214
Post Reply