span8
span4
span8
span4
Trend Micro Office Scan quarantined my 2016 FME desktop and in the log it comes up with unauthorized file encryption.I have been able to reinstall FME to a new location but eventually is get caught again.
Has any other users experienced the same issue?
Hi All - there has been an update in this space which might see this addressed.
What is happening currently is that we have not been digitally signing fme.exe the same as we have for our other executables (e.g., fmeworkbench.exe and fmedatainspector.exe).Starting in 2017.1.1 and 2018.0 betas, we are now digitally signing fme.exe as well.We think this will greatly help in these false positives from antivirus software.Other than that, if users still run into this I recommend companies manually white-list fme.exe in their antivirus software as is suggested by@JeroenR.
I can see that for some users even fmeworkbench.exe is getting quarantined too so it may not help but it should in most cases.
I got a response from Trend Micro after having chat and mail contact.Below is their solution to the problem: (I expected a bit more from them to solve this problem instead of just whitelisting it.)
Hi Jeroen, This is Prescious from Trend Micro Support.Based on your problem description, Trend Micro program is detecting your application FME is that correct?Please add it on the exclusion list of Behavior Monitoring: 1.) Navigate to Devices.2.) Select a desktop or server group.3.) Click Configure Policy.4.) Click Windows.5.) Click Behavior Monitoring.6.) Update the following as required: -- Exceptions: Exceptions include an Approved Program List and a Blocked Program List.Programs in the Approved Programs List can be started even if they violate a monitored change, while programs in the Blocked Program List can never be started.Enter Program Full Path: Type the full Windows or UNC path of the program.Separate multiple entries with semicolons.Click Add to Approved List.Enter all the program full paths provided above.7.) Click Save.NOTE: You may need to do this for multiple groups if there are other groups for which the issue is present.After applying these settings and deploying the new settings to all agents, please monitor the systems to see if the issues still occur.If they still do, please check the WFBS logs to determine which logs the programs are being seen in, since they may be triggering more than one module, or there may be other programs or file paths which need to be included in the Approved List: http://docs.trendmicro.com/en-us/smb/worry-free-business-security-services-57-sp1/reports-and-logs/wfbs-querying-logs.aspx Best Regards,
刚刚联系趋势科技他们说that they would start an investigation into this possible false positive case.
I had a similar issue about a month and a half ago with a proces that used a WorkspaceRunner.My antivirus (Kasperksy) flagged it as potential malware, quarantined fme.exe, causing me to re-install.Problem persisted though.It was logged as a support case with ref number C124988
I am having trouble with this aswell when overwriting a file.Both fme.exe and fmeworkbench.exe are quarantined after i run a flow for the second time.
Had it with the 17289 build and the 17291 build.Adding FME.exe to the safe files had no effect.
© 2019 Safe Software Inc |Legal