Click on the Category button to get more articles regarding that product.
Trellix ENS 10.7 deletes Windows Defender Update which come from WSUS-Server on German Server 2019
We just did see a false positive on Windows Defender Updates we provide via WSUS with autoaprove on a Windows Server 2019 German with Trellix ENS 10.7 and AMCORE 5554.
The file was deleted from C:\Windows\SoftwareDistribution\Download\
Microsoft affected file:
File Version 1.413.254.0
FILE: AM_Delta_Patch_1.413.234.0.exe
Trellix:
AMCore Content-Version: 5554.0 (File will get DELETED)
AMCore Content-Version: 5555.0 (Error you see: False-Positive-Korrektur für Bedrohungsschutz)
Scan-Modul-Version: 6700.10107
Event with AMCORE 5555.0 :You see False-Positive-Korrektur für Bedrohungsschutz
C:\Windows\SoftwareDistribution\Download\6cd20d816a1bd1893413dd53d76dfbf6\244d5cf8afb651e3cf4484f4a6fc3cbacbf93d5b
C:\Windows\System32\svchost.exe
NT AUTHORITY\SYSTEM
Wahr
Artemis!713C9B62D8F8
Trojaner
T1204.002 NT AUTHORITY\SYSTEM hat den Prozess C:\Windows\System32\svchost.exe ausgeführt, der versucht hat, auf C:\Windows\SoftwareDistribution\Download\6cd20d816a1bd1893413dd53d76dfbf6\244d5cf8afb651e3cf4484f4a6fc3cbacbf93d5b zuzugreifen. Die Bedrohung Trojaner mit dem Namen Artemis!713C9B62D8F8 wurde erkannt und gelöscht.
With following Trellix Setup
AMCore Content-Version: 5554.0
Scan-Modul-Version: 6700.10107
With the ACMORE 5555 you see that Trellix overnight fixed it and does not delete the file:
Amcore 5554:
