Trend Micro Apex One triggers false positive with Microsoft Edge 101.0.1210.32

Sicherheit (Pexels, allgemeine Nutzung)[German]A quick note for administrators and users who use the Trend Micro Apex One product and at the same time use Microsoft Edge as a browser under Windows. I have now received numerous reports on the blog that Trend Micro Apex One is classifying the msedge_200_percent.pak file from Edge 101.0.1210.32 as malware/trojan. This is a false positive. Addendum: An update to fix the issue has been released.

Microsoft Edge 101.0.1210.32

Microsoft  has updated the Chromium Edge browser to version Edge 101.0.1210.32 as of April 28, 2022. This is a maintenance update that closes the two vulnerabilities CVE-2022-29146(privilege elevation) and CVE-2022-29147 (information retrieval) (see also the release notes for the new version). In addition, a number of CVEs that have already been fixed in Google Chrome have also been included in the Edge update. I had reported on this in the blog post Microsoft Edge 101.0.1210.32.

hat zum 28. April 2022 den Chromium-Edge Browser auf die Version Edge 101.0.1210.32 aktualisiert. Es handelt sich um ein Wartungsupdate, das die beiden Schwachstellen  (Privilegienerhöhung) und  (Abrufen von Informationen) schließt (siehe auch die Release Notes-Seite zur neuen Version). Zudem wurden eine Reihe CVEs, die bereits im Google Chrome gefixt wurden, auch im Edge-Update berücksichtigt. Ich hatte im Blog-Beitrag Microsoft Edge 101.0.1210.32 Sicherheitsupdate darüber berichtet.

Trend Micro Apex One false positive alarm

Since today, May 3, 2022, I've been getting more and more feedback from administrators on my blog about Trend Micro's Apex One security solution raising a false alarm and supposedly detecting a Trojan. The first German comment here already describes the situation:

The update causes a false positive on Trend Micro Apex One!

All of our client agents are currently alerting on the automatic update, pointing to the following file:

C:\Program Files (x86)\Microsoft\Edge\Application\101.0.1210.32\msedge_200_percent.pak

Virus/Malware: TROJ_FRS.VSNTE222
Virus/Malware: TSC_GENCLEAN

We are currently analyzing the incident and therefore we cannot give exact information about it yet.

The whole thing is confirmed by other administrators. The file msedge_200_percent.pak from Edge 101.0.1210.32 is reported as
"TROJ_FRS.VSNTE222". Reader Thomas uploaded the file to Virustotal. Only Trend Micro recognizes it as a virus. Peter L. reports here that also the registry entry:

HKEY_USERS\$SID\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

ris changed. Based on what is known so far, this is likely to be a false positive.

Forum thread at Trend Micro

Since a few minutes there is also this thread at Trend Micro in the forum, where a user also complains about this false alarm in Edge.  

we are getting this message from every client since several minutes.
Is it a false positiv error or do we have a real trojaner problem ?

Virus/Malware: TROJ_FRS.VSNTE222

Endpoint: W10NBSV066

Domain: xxxxx\Workstations\Group5\

File: C:\Program Files (x86)\Microsoft\Edge\Application\101.0.1210.32\msedge_200_percent.pak

Date/Time: 5/3/2022 11:17:51

Result: Action required – Apex One detect

The whole thing is also confirmed by numerous users there. One user there confirmed that the malware team was informed about the false alarm and was working on an update.

Hi Team,

Our Malware Team are already aware of these False Alarms and is currently checking the issue. Will provide an update once we receive new feedbacks.

Best regards,

Paulo Obrero

Customer Service Engineer

Trend Micro Inc.

All that remains is to wait until the update arrives – and in the meantime to declare the file in question as an exception.

Note: I also received reports, that Trend Micro Worry Free Business Security has also this false positive alarm.

This entry was posted in Security and tagged , , , . Bookmark the permalink.

2 Responses to Trend Micro Apex One triggers false positive with Microsoft Edge 101.0.1210.32

  1. PSC says:

    Update new smart scan pattern to drop the detection, Smart Scan Pattern 21474.139.09, was already released.

Leave a Reply

Your email address will not be published. Required fields are marked *