WithSecure services Status - Increase in false positive detections since 22nd of March

Increase in false positive detections since 22nd of March - HEUR/AGEN.13

Incident Report for WithSecure services

Resolved

This incident has been resolved.

Posted Apr 03, 2023 - 12:36 UTC

Update

We have resumed releasing updates to our Capricorn engine. The latest update is F-Secure Capricorn Engine 2023-03-29_01.

If you encounter false positives please ensure that Security Cloud is enabled and report them to us via https://www.withsecure.com/en/support/contact-support/submit-a-sample

Posted Mar 29, 2023 - 07:01 UTC

Identified

We have updated our detection logic in our security cloud to further improve the situation.
If you have disabled Security Cloud, we recommend to enable it.

We plan to continue releasing regular updates to our Capricorn engine tomorrow, 29th of March.
Subscribe to this incident to receive a notification about the release.

Posted Mar 28, 2023 - 11:27 UTC

Update

The number of false positives has significantly decreased since the rollback on Friday, 24.3.

We continue to work on a permanent solution.

Posted Mar 27, 2023 - 09:31 UTC

Investigating

We received a number of reports of increased false positive detections in the format of HEUR/AGEN.13* after a database update on the 22nd of March.

We have rolled back the update and are working on a permanent solution.

If you encounter false positives, please report them to us via https://www.withsecure.com/en/support/contact-support/submit-a-sample

We apologize for the inconvenience caused.

Posted Mar 24, 2023 - 18:20 UTC

This incident affected: WithSecure Business Suite (Endpoints (Clients & Servers)) and WithSecure Elements Endpoint Protection (Endpoints (Clients & Servers)).