Trend Micro Antivirus Mistakenly Modified Windows Registry – How To Fix


Antivirus Trend Micro has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be marked as malware and incorrectly modified in the Windows registry.

According to hundreds of customer reports that began circulating earlier this week on the company’s forum and social media, update packages affected by false positives stored in Microsoft’s installation folder edge.

As users further revealed, Trend Micro Apex One reported browser updates as Virus/Malware: TROJ_FRS.VSNTE222 and Virus/Malware: TSC_GENCLEAN.

Fix and workaround available

The cybersecurity software maker has addressed the issue and issued a notice urging customers to update their products and ensure that the Smart Scan Agent Pattern and Smart Scan Pattern are updated to the latest version.

“Trend Micro is aware of a detection issue that was reported earlier today regarding a potential false positive with Microsoft Edge and a Trend Micro Smart Scan model,” the company said.

“The model has been updated to remove the detection in question and we are investigating the root cause of the issue. More information can be provided once the investigation is complete.

“Please confirm that the Smart Scan Agent Pattern is 17.541.00 or later AND Smart Scan Pattern is 21474.139.09 or later, which resolves the issue.”

Trend Micro also shared a temporary workaround if the template update did not resolve the issue that requires multiple Microsoft Edge folders to be added to Apex One’s exclusion list.

Restoring Registry Changes

While the fix provided by Trend Micro for the false positive can easily be applied by updating Apex One, some customers have also reported that this issue also causes Windows registry entries to change after running the Damage Cleanup tool of the agent.

“It has been reported that some customers have observed registry changes as a result of detection based on their Endpoint Wipe configuration settings,” Trend Micro added.

Widnows registry changes seen by Trend Micro customer
Widnows registry changes seen by Trend Micro customer

This forces affected users to restore backups made by the Apex One agent through a procedure that will help undo the changes made by Damage Cleanup.

The company also shared a script that would help system administrators automate the procedure of restoring the registry using group policies or other enterprise scripting tools.

However, you should test this automation tool first before running it on the whole environment.

“Please note that administrators looking to use this script as a batch file or through another method should first carefully review the script and test it in their environment prior to any large-scale development,” Trend Micro explained.

“Customers who continue to experience issues are encouraged to contact their authorized Trend Micro representative for assistance.”


Comments are closed.