Trend Micro Office Scan quarantined my 2016 FME desktop and in the log it comes up with unauthorized file encryption. I have been able to reinstall FME to a new location but eventually is get caught again.
Has any other users experienced the same issue?
+7
I am having trouble with this aswell when overwriting a file. Both fme.exe and fmeworkbench.exe are quarantined after i run a flow for the second time.
Had it with the 17289 build and the 17291 build. Adding FME.exe to the safe files had no effect.
+25
I had a similar issue about a month and a half ago with a proces that used a WorkspaceRunner. My antivirus (Kasperksy) flagged it as potential malware, quarantined fme.exe, causing me to re-install. Problem persisted though. It was logged as a support case with ref number C124988
+7
Just had contact with Trend Micro and they said that they would start an investigation into this possible false positive case.
+7
I got a response from Trend Micro after having chat and mail contact. Below is their solution to the problem: (I expected a bit more from them to solve this problem instead of just whitelisting it.)
Hi Jeroen,
This is Prescious from Trend Micro Support.
Based on your problem description, Trend Micro program is
detecting your application FME is that correct?
Please add it on the exclusion list of Behavior
Monitoring:
1.) Navigate to Devices.
2.) Select a desktop or server group.
3.) Click Configure Policy.
4.) Click Windows.
5.) Click Behavior Monitoring.
6.) Update the following as required:
-- Exceptions: Exceptions include
an Approved Program List and a Blocked Program List.
Programs in the Approved Programs List can be started even if
they violate a monitored change, while programs in the Blocked
Program List can never be started.
Enter Program Full Path: Type the full Windows or UNC
path of the program. Separate multiple entries with semicolons. Click
Add to Approved List. Enter all the program full paths provided
above.
7.) Click Save.
NOTE: You may need to do this for multiple groups if
there are other groups for which the issue is present.
After applying these settings and deploying the new
settings to all agents, please monitor the systems to see if the issues still
occur. If they still do, please check the WFBS logs to determine which logs the
programs are being seen in, since they may be triggering more than one module,
or there may be other programs or file paths which need to be included in the Approved
List:
http://docs.trendmicro.com/en-us/smb/worry-free-business-security-services-57-sp1/reports-and-logs/wfbs-querying-logs.aspx
Best Regards,
+13
Hi All - there has been an update in this space which might see this addressed.
What is happening currently is that we have not been digitally signing fme.exe the same as we have for our other executables (e.g., fmeworkbench.exe and fmedatainspector.exe). Starting in 2017.1.1 and 2018.0 betas, we are now digitally signing fme.exe as well. We think this will greatly help in these false positives from antivirus software. Other than that, if users still run into this I recommend companies manually white-list fme.exe in their antivirus software as is suggested by @JeroenR.
I can see that for some users even fmeworkbench.exe is getting quarantined too so it may not help but it should in most cases.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.