Jump to content
Sign in to follow this  
JP Duvillard

EnpassStartup.exe flagged as True Positive by Falcon Crowdstrike

Recommended Posts

Enpass has been the recommended Password Manager in our company for a couple of years now so it's installed on a few Desktops and Mobile phones.

Yesterday and today, some of our desktops have been flagged by Crowdstrike and the EnpassStartup.exe has been quarantined.

Here are some of the reported data from Crowdstrike:

  • ACTIONS TAKEN Process blocked, File quarantined
  • SEVERITY Low
  • OBJECTIVE Falcon Detection Method
  • TACTIC & TECHNIQUE: Machine Learning via Cloud-based ML
  • TECHNIQUE ID CST0008
  • SPECIFIC TO THIS DETECTION This file meets the File Analysis ML algorithm's low-confidence threshold for malware.
  • TRIGGERING INDICATOR
    • Associated IOC (SHA256) 60456913d5f80b7793b213c6ca47e801c781698d7a162727862b65523c9eacd9
    • GLOBAL PREVALENCE Common
    • LOCAL PREVALENCE Common
    • HASH PREVENTION ACTION None
    • Associated File
      \??\C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe
    • COMMAND LINE
      "C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe"
    • FILE PATH
      \Device\HarddiskVolume2\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe

Share this post


Link to post
Share on other sites

Hi @JP Duvillard,

Welcome to the forums!

We reported about this false positive to the CrowdStrike team and here's their reply:

"Our team carefully analyzed your false positive request and determined that the file does not meet our detection criteria.
The file will not be detected by our scanner. 
Thank you for helping us improve our product"

The update regarding this will be released by them soon.

  • Thanks 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...