Enpass has been the recommended Password Manager in our company for a couple of years now so it's installed on a few Desktops and Mobile phones.

Yesterday and today, some of our desktops have been flagged by Crowdstrike and the EnpassStartup.exe has been quarantined.

Here are some of the reported data from Crowdstrike:

• ACTIONS TAKEN Process blocked, File quarantined
• SEVERITY Low
• OBJECTIVE Falcon Detection Method
• TACTIC & TECHNIQUE: Machine Learning via Cloud-based ML
• TECHNIQUE ID CST0008
• SPECIFIC TO THIS DETECTION This file meets the File Analysis ML algorithm's low-confidence threshold for malware.
• TRIGGERING INDICATOR
  • Associated IOC (SHA256) 60456913d5f80b7793b213c6ca47e801c781698d7a162727862b65523c9eacd9
  • GLOBAL PREVALENCE Common
  • LOCAL PREVALENCE Common
  • HASH PREVENTION ACTION None
  • Associated File
    \??\C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe
  • COMMAND LINE
    "C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe"
  • FILE PATH
    \Device\HarddiskVolume2\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe

Hi @JP Duvillard,

Welcome to the forums!

We reported about this false positive to the CrowdStrike team and here's their reply:

"Our team carefully analyzed your false positive request and determined that the file does not meet our detection criteria.
The file will not be detected by our scanner. 
Thank you for helping us improve our product"

The update regarding this will be released by them soon.