Enpass has been the recommended Password Manager in our company for a couple of years now so it's installed on a few Desktops and Mobile phones.
Yesterday and today, some of our desktops have been flagged by Crowdstrike and the EnpassStartup.exe has been quarantined.
Here are some of the reported data from Crowdstrike:
ACTIONS TAKEN Process blocked, File quarantined
SEVERITY Low
OBJECTIVE Falcon Detection Method
TACTIC & TECHNIQUE: Machine Learning via Cloud-based ML
TECHNIQUE ID CST0008
SPECIFIC TO THIS DETECTION This file meets the File Analysis ML algorithm's low-confidence threshold for malware.
TRIGGERING INDICATOR
Associated IOC (SHA256) 60456913d5f80b7793b213c6ca47e801c781698d7a162727862b65523c9eacd9
GLOBAL PREVALENCE Common
LOCAL PREVALENCE Common
HASH PREVENTION ACTION None
Associated File
\??\C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe
COMMAND LINE
"C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe"
FILE PATH
\Device\HarddiskVolume2\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe
