Writer Posted September 15, 2020 Report Posted September 15, 2020 I've been using Enpass for a couple of years now, but since a couple of days it's been tripping by McAfee detection: McAfee deletes these files, but the next day they're back and detected again. I'm on 6.4.3 (666) on a Windows 10 laptop.
Writer Posted September 15, 2020 Author Report Posted September 15, 2020 The threat is being detected when I try to update to the latest version through the Windows Store.
Pratyush Sharma Posted September 15, 2020 Report Posted September 15, 2020 Hi @Writer, Welcome to the forums! That's strange! We will notify the McAfee team about this false detection. Could you please share the McAfee product Name, DAT version and the engine version. Until then, you can try excluding Enpass from McAfee detection.
Writer Posted September 16, 2020 Author Report Posted September 16, 2020 Thanks for the welcome, although I would rather not have been here ;) I uninstalled the Windows Store version completely and tried to reinstall it from the Store. It immediately triggered McAfee again and made the install useless. So I had to uninstall again and tried installing the desktop windows version from your site. This didn't result in any errors so I could now use Enpass again. On your questions, my laptop and McAfee are managed by my employer so i can not exclude Enpass from McAfee detection nor do I think that's a smart suggestion to make to customers. I tried to paste the data from McAfee here but that resulted in a warning that my message was spam, so can't share that? 1
Pratyush Sharma Posted September 17, 2020 Report Posted September 17, 2020 Hi @Writer, Thanks for writing back in. Please share the details McAfee product Name, DAT version, and the engine version with us on support@enpass.io to help you better.
Dentonthebear Posted September 17, 2020 Report Posted September 17, 2020 17 hours ago, Writer said: Thanks for the welcome, although I would rather not have been here I uninstalled the Windows Store version completely and tried to reinstall it from the Store. It immediately triggered McAfee again and made the install useless. So I had to uninstall again and tried installing the desktop windows version from your site. This didn't result in any errors so I could now use Enpass again. On your questions, my laptop and McAfee are managed by my employer so i can not exclude Enpass from McAfee detection nor do I think that's a smart suggestion to make to customers. I tried to paste the data from McAfee here but that resulted in a warning that my message was spam, so can't share that? Assuming Sinew have proper in-house quality control (which, yes you have to take on blind faith) that would stop an infected product being uploaded to the Windows Store it does sound as though McAfee is producing a false positive, especially as other Enpass users, who again I am assuming are using other competing antivirus products, have not reported an issue. According to an old post on the McAfee forum an item designated as an Artimis Trojan is something that the software does not recognize and maybe a possible risk, basically it is being overly protective and giving you a warning. Excluding the items from a scan is I agree not best practice, but a quality AV solution even if an item of malware was excluded by name should then stop it making erroneous changes to the system. McAfee forum post: https://is.gd/j2vCOm Instead of pasting (was the error generated by the forum software?) the McAfee data maybe you could enter it in manually, yes I understand this would take more time and effort, but it would help the developers to be able to communicate the problem with a third party such as McAfee quickly and easily. Long term this would help yourself, your work colleges if they too use Enpass, and the rest of the community.
jedison Posted October 15, 2020 Report Posted October 15, 2020 On 9/16/2020 at 4:45 PM, Writer said: Thanks for the welcome, although I would rather not have been here ;) I uninstalled the Windows Store version completely and tried to reinstall it from the Store. It immediately triggered McAfee again and made the install useless. So I had to uninstall again and tried installing the desktop windows version from your site. This didn't result in any errors so I could now use Enpass again. On your questions, my laptop and McAfee are managed by my employer so i can not exclude Enpass from McAfee detection nor do I think that's a smart suggestion to make to customers. I tried to paste the data from McAfee here but that resulted in a warning that my message was spam, so can't share that? Thanks for the advice. I am in the same situation. I can open McAfee settings, but after adding an Exclusion for Enpass, it is promptly removed by McAfee. Downloading the traditional Win32 version seems to be the workaround. McAfee product Name: McAfee Endpoint Security 10.6.1 DAT version -- Engine version, sorry, those are not obvious anywhere. Analyzer / Detector Analyzer content creation date 9/13/2020 8:21 AM Product name McAfee Endpoint Security Product version 10.6.1 McAfee GTI query Yes Task name On-Access Scan Feature name On-Access Scan Threat Action taken Delete Threat category Malware detected Threat detected on creation No Threat event ID 1027 Threat handled Yes Threat name Artemis!4397290DA94C Threat severity Critical Threat timestamp 9/14/2020 1:40 PM Threat type Trojan Source Source hostName xxxxxxxx-BE Source process name C:\Windows\explorer.exe Target Target access time 9/14/2020 1:39 PM Target create time 9/14/2020 1:31 PM Target file size (bytes) 9216 Target hash 4397290da94cb862684facd9382c3047 Target host name xxxxxxxx-BE Target modify time 9/14/2020 1:39 PM Target name EnpassBridge.exe Target path C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassBridge Target user name xxxxxxxx-BE\xxxxxxxx Other Vector type Local System Cleanable Yes Detection message Threat Prevention Alert! Detection quarantine ID {FDBCDCFE-C33D-4DFF-AF27-9051A2EDE5C5} Duration before detection (days) 0 Description xxxxxxxx-BE\xxxxxxxx ran C:\Windows\explorer.exe, which attempted to access C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassBridge\EnpassBridge.exe. The Trojan named Artemis!4397290DA94C was detected and deleted. First action status Succeeded First attempted action Clean Second action status Failed Second attempted action Delete
Pratyush Sharma Posted October 15, 2020 Report Posted October 15, 2020 Hi @jedison, Thanks for sharing it. We are looking and analyzing the issue, and will soon share an update.
Garima Singh Posted October 20, 2020 Report Posted October 20, 2020 Hey @jedison Thanks for the patience. We tested the issue on latest 10.7 version and issue is not in that version. So, we will recommend you to update the software from v10.6 to v10.7 and antivirus definitions. If the problem still persists, please revert us back. Thanks!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now