Jump to content
Writer

Trojan detected

Recommended Posts

I've been using Enpass for a couple of years now, but since a couple of days it's been tripping by McAfee detection:

qLGZzBz.png

McAfee deletes these files, but the next day they're back and detected again.

I'm on 6.4.3 (666) on a Windows 10 laptop.

 

 

Share this post


Link to post
Share on other sites

Hi @Writer,

Welcome to the forums!

That's strange! We will notify the McAfee team about this false detection. Could you please share the McAfee product Name, DAT version and the engine version. Until then, you can try excluding Enpass from McAfee detection.

  • Thanks 1

Share this post


Link to post
Share on other sites

Thanks for the welcome, although I would rather not have been here ;)

I uninstalled the Windows Store version completely and tried to reinstall it from the Store. It immediately triggered McAfee again and made the install useless. So I had to uninstall again and tried installing the desktop windows version from your site. This didn't result in any errors so I could now use Enpass again. 

On your questions, my laptop and McAfee are managed by my employer so i can not exclude Enpass from McAfee detection nor do I think that's a smart suggestion to make to customers. 

I tried to paste the data from McAfee here but that resulted in a warning that my message was spam, so can't share that?

 

  • Like 1

Share this post


Link to post
Share on other sites
17 hours ago, Writer said:

Thanks for the welcome, although I would rather not have been here ;)

I uninstalled the Windows Store version completely and tried to reinstall it from the Store. It immediately triggered McAfee again and made the install useless. So I had to uninstall again and tried installing the desktop windows version from your site. This didn't result in any errors so I could now use Enpass again. 

On your questions, my laptop and McAfee are managed by my employer so i can not exclude Enpass from McAfee detection nor do I think that's a smart suggestion to make to customers. 

I tried to paste the data from McAfee here but that resulted in a warning that my message was spam, so can't share that?

Assuming Sinew have proper in-house quality control (which, yes you have to take on blind faith) that would stop an infected product being uploaded to the Windows Store it does sound as though McAfee is producing a false positive, especially as other Enpass users, who again I am assuming are using other competing antivirus products, have not reported an issue.  According to an old post on the McAfee forum an item designated as an Artimis Trojan is something that the software does not recognize and maybe a possible risk, basically it is being overly protective and giving you a warning.  Excluding the items from a scan is I agree not best practice, but a quality AV solution even if an item of malware was excluded by name should then stop it making erroneous changes to the system.

McAfee forum post: https://is.gd/j2vCOm

Instead of pasting (was the error generated by the forum software?) the McAfee data maybe you could enter it in manually, yes I understand this would take more time and effort, but it would help the developers to be able to communicate the problem with a third party such as McAfee quickly and easily.  Long term this would help yourself, your work colleges if they too use Enpass, and the rest of the community.

 

 

Share this post


Link to post
Share on other sites
On 9/16/2020 at 4:45 PM, Writer said:

Thanks for the welcome, although I would rather not have been here ;)

I uninstalled the Windows Store version completely and tried to reinstall it from the Store. It immediately triggered McAfee again and made the install useless. So I had to uninstall again and tried installing the desktop windows version from your site. This didn't result in any errors so I could now use Enpass again. 

On your questions, my laptop and McAfee are managed by my employer so i can not exclude Enpass from McAfee detection nor do I think that's a smart suggestion to make to customers. 

I tried to paste the data from McAfee here but that resulted in a warning that my message was spam, so can't share that?

 

Thanks for the advice. I am in the same situation. I can open McAfee settings, but after adding an Exclusion for Enpass, it is promptly removed by McAfee. Downloading the traditional Win32 version seems to be the workaround.

McAfee product Name: McAfee Endpoint Security 10.6.1
DAT version -- Engine version, sorry, those are not obvious anywhere.


Analyzer / Detector
Analyzer content creation date    9/13/2020 8:21 AM
Product name    McAfee Endpoint Security
Product version    10.6.1
McAfee GTI query    Yes
Task name    On-Access Scan
Feature name    On-Access Scan
 
Threat
Action taken    Delete
Threat category    Malware detected
Threat detected on creation    No
Threat event ID    1027
Threat handled    Yes
Threat name    Artemis!4397290DA94C
Threat severity    Critical
Threat timestamp    9/14/2020 1:40 PM
Threat type    Trojan
 
Source
Source hostName    xxxxxxxx-BE
Source process name    C:\Windows\explorer.exe
 
Target
Target access time    9/14/2020 1:39 PM
Target create time    9/14/2020 1:31 PM
Target file size (bytes)    9216
Target hash    4397290da94cb862684facd9382c3047
Target host name    xxxxxxxx-BE
Target modify time    9/14/2020 1:39 PM
Target name    EnpassBridge.exe
Target path    C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassBridge
Target user name    xxxxxxxx-BE\xxxxxxxx
 
Other
Vector type    Local System
Cleanable    Yes
Detection message    Threat Prevention Alert!
Detection quarantine ID    {FDBCDCFE-C33D-4DFF-AF27-9051A2EDE5C5}
Duration before detection (days)    0
Description    xxxxxxxx-BE\xxxxxxxx ran C:\Windows\explorer.exe, which attempted to access C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassBridge\EnpassBridge.exe. The Trojan named Artemis!4397290DA94C was detected and deleted.
First action status    Succeeded
First attempted action    Clean
Second action status    Failed
Second attempted action    Delete

Share this post


Link to post
Share on other sites

Hey @jedison

Thanks for the patience.

We tested the issue on latest 10.7 version and issue is not in that version. So, we will recommend you to update the software from v10.6 to v10.7 and antivirus definitions. If the problem still persists, please revert us back. Thanks!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...