Beta quarantined by Trend Micro when attempting to empty trash

Downloaded yesterday. Emptied the trash today and Trend Micro quarantined Scrivener.exe because of “Unauthorized file encryption”.

The project was hosted on a flash drive. Not sure if that is part of the signature of the problem or not.

Here’s what Trend Micro did to me (It’s the February 27th stuff I’m referencing; TM runs my virus scan each day at 1 pm local):

I thought I had the Scrivener directory in my exclusions list (it turns out I’ve been installing the betas in the Program Files directory, not Program Files (x86) directory) so I’ve added Program Files (x86)\Scrivener to my exclusions list now.

I’ll once again mention how uncomfortable this makes me (not only knowing TM almost always has a beef with Scrivener, but also how uncomfortable it is having to keep TM shut down while I update to each new version.)

I do IT professionally and support large installations of Exchange Server, SQL Server, Windows Active Directory, and other Microsoft applications.

Every organization I have supported or customer I have worked with that uses the Trend Micro enterprise AV offerings has had massive issues with false positives on major applications (like Exchange and SQL Server) from Microsoft and other top-tier vendors. One entertaining time we even had a Trend Micro installation that was reporting the Windows Internal Database component as a virus (this is literally a stripped-down version of SQL Server Express that is included as an optional feature in Windows Server.)

Trend Micro may have some good code, but they have been garbage for years because they put 100% of the work on dealing with the fallout of false positives on the end user. I’ve seen the desktop version throw a flag on installing Office, Teams, Firefox, Chrome, and apps from just about every major software publisher.

Your experiences are, sadly, par for the course.

Do you really, or (based on your sigline) is your cat the IT pro and you just feed it and take the credit? :slight_smile:

No, it’s me. He’s too lazy. My career is definitely aimed at keeping him in food, though.

Also sadly, I was afraid someone was going to say that.

'Cause, if’n it was L&L behind what I’m seeing, I would have a smidgeon of hope it would stop being an issue someday.

Still, I do know how to tell TM to shut up and go sit in the corner when it pleases me, as it does in this case.

I appreciate the input.

I also work in IT. Third-party AV is overrated. Just use the built-in Defender that’s part of Windows 10 and save yourself some cash. Also, you don’t need to spin CPU cycles doing manual scans of your files. It’s a dated idea. Any executable code that is pulled into memory will be scanned by the on-access scanner. You are just duplicating work. Files being downloaded will also be scanned by Defender.

Defender is a long way behind some of the specialist AV software.

Trend is especially bad at generating incidents like this. Personally I’ve had better results with Kaspersky, and more lately Norton seems to have moved on from taking 100% of resources and being a memory hog.

I will never install Kaspersky on any system I am responsible for. There are places where I have consulted where installing Kaspersky is a fireable offense.

I’m unsurprised, given the reported ties to Russian Intelligence (true or not.)

  1. Why should it be a fireable offence specifically on Kaspersky (other than per below)? It regularly is rated first or second in effectiveness and stability in head to head evals.

I’ve worked for/with the world’s largest (yes very largest) corporations, and yes, it CAN be a fireable offence to install ANY non-approved software on company equipment, Kaspersky is not singled out. (Same would apply to installing Norton, Trend etc)

  1. That smacks of the “Macca’s use pork fat in their fries’ type of conspiracy theories.

No, there was some pretty detailed analysis a few years back from some folks in the security community, and there is good evidence that there is a link, although how big of one is debatable. Given Kaspersky’s insistence that there was no such link, even that is a worry.

False. You are looking at old data.

No, True, looking at the very current data. While it is a damned sight better than it was, it is still short of best in class.

There were accusations made in the press (inc Bloomberg who have a history of wild unsupportable claims), however, was no confirmation, or even reasonable accusation backed by fact. If you want to hamper your biggest competitor, get Bloomberg to do one of their hit pieces. As I said, a bit like the pork fat episode.

I have no issue with Kaspersky, though even worst case, not involved in anything that would be remotely of interest to FSB anyway.

If you’re paranoid of nature, by all means use one of the US (I’d be more worried about NSA having a back door.) brands other than the problematic Trend.