Trend Micro is removing the Installer for Everything 188.8.131.529 and flagging it as PUA.Win32.FileSearcher.C
PUA = Potentially Unwanted Application.
Trend Micro is also removing the Installer for Everything 184.108.40.2066 and flagging it as PUA.Win32.FileSearcher.E
For now, Trend Micro recommends adding Everything to your whitelist:
Main console -> gear -> exception list (option on left) -> choose application / program white list.
Or lowering your detection level to normal/medium.
Or, please try the Lite version of Everything.
Please make a false positive report on Trend Micro's website:
Select Threat Issue
Select File False Positive.
Please politely let Trend Micro know Everything from voidtools is not unwanted by submitting a ticket.
Reply from Trend Micro:
Please note that grayware applications do not fall into any of the major threat categories (i.e. virus or Trojan horse) as they are subject to system functionality, as well as user debate.
REFERENCE: https://www.trendmicro.com/vinfo/us/sec ... wanted-app
There are indeed Trend Micro customers who use this tool for File Searching but there are also customers who have the need that they would be notified if such application is present and being used in the environment they are monitoring.
Given the scenario above, the detection for the file as PUA.WIN32.FileSearcher.C needs to be retained.
If a Trend Micro Customer is using this file, they will need to exempt it through Spyware/Grayware Approved List in their product settings.
REFERENCE for OfficeScan: https://docs.trendmicro.com/all/ent/off ... e_Grayware
We hope this this explains that the Everything.exe is not Spyware but recognized as PUA on Trend Micro's Side and the need to retain the detection to meet the needs from both customers.
This tool was used to lists all files on a file system. It allows an attacker to check whether a system is already infected by another piece of ransomware using the search function. This tool is not considered malicious and was developed by a legitimate company but can be used for profiling purposes.
For more info about the file please refer to the following URLs: