New Update Trellix Stinger (formerly McAfee Stinger) Updates Thread

Trellix Stinger Release Notes
Build Number: 13.0.0.450
Build Date: 03-September-2025
Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
  • Exploit-CVE2020-1058
  • Exploit-CVE2020-1060.a
  • Exploit-CVE2020-1060.b
  • Exploit-cve2020-1062.a
  • Exploit-cve2020-1135
  • Exploit-cve2020-1143.a
  • Exploit-cve2020-1153.a
  • FlyStudio-Agent
  • Generic exploit.ma
  • Generic trojan.kf
  • Generic trojan.kg
  • Generic trojan.kk
  • Generic trojan.ky
  • LNK/Downloader.ch
  • Ransom-LockBit
  • Ransom-Sodnkibi
  • Trojan-AutoIt.p
  • Trojan-BlueNoroff
  • Trojan-Packed.c
Enhanced Detections:
  • Coinminer.l
  • Exploit-CVE2019-1367
  • FakeAV-DZ
  • Generic Trojan.arc
  • Generic Trojan.kg
  • Generic Trojan.li
  • Generic Trojan.lj
  • Generic Trojan.ll
  • Generic trojan.jz
  • Generic trojan.kh
  • Generic-Trojan.z
  • PS/Agent.bv
  • Trojan-AitInject.aq
  • Trojan-CoinMiner.n
  • Trojan-PWS.k
  • Trojan-Ransom.a
  • Trojan-Ransom.b
  • Trojan-Trickbot.d
  • VBObfus.g
Click to expand...
Source | Download | ePO (32-bit) | ePO (64-bit) | For X64 Systems
 
Trellix Stinger Release Notes
Build Number: 13.0.0.455
Build Date: 08-September-2025
Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Exploit-CVE2020-1058
• Exploit-CVE2020-1060.a
• Exploit-CVE2020-1060.b
• Exploit-cve2020-1062.a
• Exploit-cve2020-1135
• Exploit-cve2020-1143.a
• Exploit-cve2020-1153.a
• FlyStudio-Agent
• Generic exploit.ma
• Generic trojan.kf
• Generic trojan.kg
• Generic trojan.kk
• Generic trojan.ky
• LNK/Downloader.ch
• Ransom-LockBit
• Ransom-Sodnkibi
• Trojan-AutoIt.p
• Trojan-BlueNoroff
• Trojan-Packed.c

Enhanced Detections:
• Coinminer.l
• Exploit-CVE2019-1367
• FakeAV-DZ
• Generic Trojan.arc
• Generic Trojan.kg
• Generic Trojan.li
• Generic Trojan.lj
• Generic Trojan.ll
• Generic trojan.jz
• Generic trojan.kh
• Generic-Trojan.z
• PS/Agent.bv
• Trojan-AitInject.aq
• Trojan-CoinMiner.n
• Trojan-PWS.k
• Trojan-Ransom.a
• Trojan-Ransom.b
• Trojan-Trickbot.d
• VBObfus.g
Click to expand...
Source | Download | ePO (32-bit) | ePO (64-bit) | For X64 Systems
 
Trellix Stinger Release Notes
Build Number: 13.0.0.547
Build Date: 06-October-2025
Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Exploit-CVE2020-1058
• Exploit-CVE2020-1060.a
• Exploit-CVE2020-1060.b
• Exploit-cve2020-1062.a
• Exploit-cve2020-1135
• Exploit-cve2020-1143.a
• Exploit-cve2020-1153.a
• FlyStudio-Agent
• Generic exploit.ma
• Generic trojan.kf
• Generic trojan.kg
• Generic trojan.kk
• Generic trojan.ky
• LNK/Downloader.ch
• Ransom-LockBit
• Ransom-Sodnkibi
• Trojan-AutoIt.p
• Trojan-BlueNoroff
• Trojan-Packed.c

Enhanced Detections:
• Coinminer.l
• Exploit-CVE2019-1367
• FakeAV-DZ
• Generic Trojan.arc
• Generic Trojan.kg
• Generic Trojan.li
• Generic Trojan.lj
• Generic Trojan.ll
• Generic trojan.jz
• Generic trojan.kh
• Generic-Trojan.z
• PS/Agent.bv
• Trojan-AitInject.aq
• Trojan-CoinMiner.n
• Trojan-PWS.k
• Trojan-Ransom.a
• Trojan-Ransom.b
• Trojan-Trickbot.d
• VBObfus.g
Click to expand...
Source | Download | ePO (32-bit) | ePO (64-bit) | For X64 Systems
 
Trellix Stinger Release Notes
Build Number: 13.0.0.551
Build Date: 13-October-2025
Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
  • Exploit-CVE2020-1058
  • Exploit-CVE2020-1060.a
  • Exploit-CVE2020-1060.b
  • Exploit-cve2020-1062.a
  • Exploit-cve2020-1135
  • Exploit-cve2020-1143.a
  • Exploit-cve2020-1153.a
  • FlyStudio-Agent
  • Generic exploit.ma
  • Generic trojan.kf
  • Generic trojan.kg
  • Generic trojan.kk
  • Generic trojan.ky
  • LNK/Downloader.ch
  • Ransom-LockBit
  • Ransom-Sodnkibi
  • Trojan-AutoIt.p
  • Trojan-BlueNoroff
  • Trojan-Packed.c
Enhanced Detections:
  • Coinminer.l
  • Exploit-CVE2019-1367
  • FakeAV-DZ
  • Generic Trojan.arc
  • Generic Trojan.kg
  • Generic Trojan.li
  • Generic Trojan.lj
  • Generic Trojan.ll
  • Generic trojan.jz
  • Generic trojan.kh
  • Generic-Trojan.z
  • PS/Agent.bv
  • Trojan-AitInject.aq
  • Trojan-CoinMiner.n
  • Trojan-PWS.k
  • Trojan-Ransom.a
  • Trojan-Ransom.b
  • Trojan-Trickbot.d
  • VBObfus.g
Click to expand...
Source | Download | ePO (32-bit) | ePO (64-bit) | For X64 Systems
 
  • Like
Reactions: Sorrento
I would AVOID this McAfee branded Trellix Stinger at all costs and rely on a better online alternative if anyone is smart.

Tested it yesterday and it dumped a numerous compliment of about over half a dozen driver files (Driver Folder) ALL WITH THE MCAFEE various name convention as well as added some services (Web Guard too) and a 18 wheeler load of registry entries.

Had to lower/reboot into Safe Mode to clean all their leftover junk out of my system, and wasted a ton of time doing it. Beforehand i searched Trellix Support Site and nowhere was a removal/cleanup tool without a Grant Number- NO SINGLE UNINSTALL TOOL FOR STINGER anywhere.

Eventually ended up restoring a good recent backup image because it fudges once you clean out their crap.

To uninstall Trellix McAfee Stinger, use the McAfee Product Removal Tool (MCPR) by downloading and running the tool, or use the standard Windows "Add or remove programs" feature by finding the Stinger software and clicking uninstall. For Trellix Endpoint Security (ENS) products, you may need to uninstall multiple components through "Add or remove programs"
Click to expand...
 
Last edited:
  • +Reputation
Reactions: simmerskool
EASTER said:
I would AVOID this McAfee branded Trellix Stinger at all costs and rely on a better online alternative if anyone is smart.

Tested it yesterday and it dumped a numerous compliment of about over half a dozen driver files (Driver Folder) ALL WITH THE MCAFEE various name convention as well as added some services (Web Guard too) and a 18 wheeler load of registry entries.

Had to lower/reboot into Safe Mode to clean all their leftover junk out of my system, and wasted a ton of time doing it. Beforehand i searched Trellix Support Site and nowhere was a removal/cleanup tool without a Grant Number- NO SINGLE UNINSTALL TOOL FOR STINGER anywhere.

Eventually ended up restoring a good recent backup image because it fudges once you clean out their crap.
Click to expand...
This is not the experience that you get with Orion Malware Cleaner.
 
  • Like
Reactions: roger_m, simmerskool and EASTER
Trident said:
This is not the experience that you get with Orion Malware Cleaner.
Click to expand...
My thoughts exactly.

It was a free for all transfer of MANY mcafee sys driver drops. Never seen a barrage like that before. I keep a driver load app on 24/7 and was complete nonsense prompt after prompt and sure enough a quick browse revealed them all. Registry was overloaded as well. Script kitty routine.
 
Last edited:
  • +Reputation
Reactions: cartaphilus, Trident and simmerskool
EASTER said:
I would AVOID this McAfee branded Trellix Stinger at all costs and rely on a better online alternative if anyone is smart.

Tested it yesterday and it dumped a numerous compliment of about over half a dozen driver files (Driver Folder) ALL WITH THE MCAFEE various name convention as well as added some services (Web Guard too) and a 18 wheeler load of registry entries.

Had to lower/reboot into Safe Mode to clean all their leftover junk out of my system, and wasted a ton of time doing it. Beforehand i searched Trellix Support Site and nowhere was a removal/cleanup tool without a Grant Number- NO SINGLE UNINSTALL TOOL FOR STINGER anywhere.

Eventually ended up restoring a good recent backup image because it fudges once you clean out their crap.
Click to expand...
Which app do you prefer for a 2nd opinion scanner?
 
  • Like
Reactions: Trident and simmerskool
EASTER said:
My thoughts exactly.

It was a free for all transfer of MANY mcafee sys driver drops. Never seen a barrage like that before. I keep a driver load app on 24/7 and was complete nonsense prompt after prompt and sure enough a quick browse revealed them all. Registry was overloaded as well. Script kitty routine.
Click to expand...
That’s the old McAfee architecture, rich on kernel driver, registry and so on. Now the new architecture only has 2 drivers, ELAM and minifilter, everything else is done through user mode monitoring and kernel hooks.

To execute this architecture, McAfee had to develop very efficient pre-execution protection, which they did.

On the latest AVC test, they had the highest pre-execution detection of 99.3. Of course, like all NGAV architectures, it relies on “weak classifiers” which increases the number of false positives.
IMG_3065.jpeg

In terms of registry entries, PassMark shows McAfee now has the last amount of them. The McAfee configurations are now mostly in files, there are some that are mandatory to be in the registry.
IMG_3064.jpeg

Install size is also amongst the smallest.
IMG_3066.jpeg


IMG_3067.jpeg


Orion Malware Cleaner has 0 registry entries, no installation and is just over a megabyte.
 
Last edited:
  • Like
  • +Reputation
  • Hundred Points
Reactions: Wrecker4923, simmerskool, Parkinsond and 1 other person
Trident said:
That’s the old McAfee architecture, rich on kernel driver, registry and so on. Now the new architecture only has 2 drivers, ELAM and minifilter, everything else is done through user mode monitoring and kernel hooks.

To execute this architecture, McAfee had to develop very efficient pre-execution protection, which they did.

On the latest AVC test, they had the highest pre-execution detection of 99.3. Of course, like all NGAV architectures, it relies on “weak classifiers” which increases the number of false positives.
View attachment 292107

In terms of registry entries, PassMark shows McAfee now has the last amount of them. The McAfee configurations are now mostly in files, there are some that are mandatory to be in the registry.
View attachment 292106
Install size is also amongst the smallest.
View attachment 292108

View attachment 292109

Orion Malware Cleaner has 0 registry entries, no installation and is just over a megabyte.
Click to expand...
Trellix scored great in the latest AVC

Screenshot_19-10-2025_134330_www.av-comparatives.org.jpeg

www.av-comparatives.org

Business Security Test August-September 2025 - Factsheet

The Business Security Test August-September 2025 - Factsheet covering results of our Enterprise main-test series has been released.
www.av-comparatives.org www.av-comparatives.org
 
  • Like
Reactions: Trident
Parkinsond said:
Trellix scored great in the latest AVC

View attachment 292114
www.av-comparatives.org

Business Security Test August-September 2025 - Factsheet

The Business Security Test August-September 2025 - Factsheet covering results of our Enterprise main-test series has been released.
www.av-comparatives.org www.av-comparatives.org
Click to expand...
Yeah both McAfee and Trellix use the GTI which was offloaded to Skyhigh (another McAfee brand). There was this engine on VirusTotal called McAfee GTW (Gateway) which was operated by Skyhigh.

Trellix allows configuration how aggressive you want the GTI and RealProtect (which is still McAfee-owned and operated, not Musarumbra LLC/Trellix).

Trellix also offers DAC (dynamic application containment) which is the same as ASR rules.

Trellix still uses the old architecture though. The same architecture is in the Stinger app.

The entire fusion framework is new for McAfee and only for them, Musarumbra doesn’t use it. It is a complicated decision matrix called Neo (so the inspiration for the name is clear).
 
Last edited:
  • Like
  • +Reputation
Reactions: simmerskool and Parkinsond
Trellix Stinger Release Notes
Build Number: 13.0.0.553
Build Date: 20-October-2025
Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
  • Exploit-CVE2020-1058
  • Exploit-CVE2020-1060.a
  • Exploit-CVE2020-1060.b
  • Exploit-cve2020-1062.a
  • Exploit-cve2020-1135
  • Exploit-cve2020-1143.a
  • Exploit-cve2020-1153.a
  • FlyStudio-Agent
  • Generic exploit.ma
  • Generic trojan.kf
  • Generic trojan.kg
  • Generic trojan.kk
  • Generic trojan.ky
  • LNK/Downloader.ch
  • Ransom-LockBit
  • Ransom-Sodnkibi
  • Trojan-AutoIt.p
  • Trojan-BlueNoroff
  • Trojan-Packed.c

Enhanced Detections:
  • Coinminer.l
  • Exploit-CVE2019-1367
  • FakeAV-DZ
  • Generic Trojan.arc
  • Generic Trojan.kg
  • Generic Trojan.li
  • Generic Trojan.lj
  • Generic Trojan.ll
  • Generic trojan.jz
  • Generic trojan.kh
  • Generic-Trojan.z
  • PS/Agent.bv
  • Trojan-AitInject.aq
  • Trojan-CoinMiner.n
  • Trojan-PWS.k
  • Trojan-Ransom.a
  • Trojan-Ransom.b
  • Trojan-Trickbot.d
  • VBObfus.g
Click to expand...
Source | Download | ePO (32-bit) | ePO (64-bit) | For X64 Systems
 
  • +Reputation
Reactions: Gandalf_The_Grey and Trident
Trellix Stinger Release Notes
Build Number: 13.0.0.578
Build Date: 10-December-2025
Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
  • Exploit-CVE2020-1058
  • Exploit-CVE2020-1060.a
  • Exploit-CVE2020-1060.b
  • Exploit-cve2020-1062.a
  • Exploit-cve2020-1135
  • Exploit-cve2020-1143.a
  • Exploit-cve2020-1153.a
  • FlyStudio-Agent
  • Generic exploit.ma
  • Generic trojan.kf
  • Generic trojan.kg
  • Generic trojan.kk
  • Generic trojan.ky
  • LNK/Downloader.ch
  • Ransom-LockBit
  • Ransom-Sodnkibi
  • Trojan-AutoIt.p
  • Trojan-BlueNoroff
  • Trojan-Packed.c

Enhanced Detections:
  • Coinminer.l
  • Exploit-CVE2019-1367
  • FakeAV-DZ
  • Generic Trojan.arc
  • Generic Trojan.kg
  • Generic Trojan.li
  • Generic Trojan.lj
  • Generic Trojan.ll
  • Generic trojan.jz
  • Generic trojan.kh
  • Generic-Trojan.z
  • PS/Agent.bv
  • Trojan-AitInject.aq
  • Trojan-CoinMiner.n
  • Trojan-PWS.k
  • Trojan-Ransom.a
  • Trojan-Ransom.b
  • Trojan-Trickbot.d
  • VBObfus.g
Click to expand...
Source | Download | ePO (32-bit) | ePO (64-bit) | For X64 Systems
 
Trident said:
That’s the old McAfee architecture, rich on kernel driver, registry and so on. Now the new architecture only has 2 drivers, ELAM and minifilter, everything else is done through user mode monitoring and kernel hooks.

To execute this architecture, McAfee had to develop very efficient pre-execution protection, which they did.

On the latest AVC test, they had the highest pre-execution detection of 99.3. Of course, like all NGAV architectures, it relies on “weak classifiers” which increases the number of false positives.
View attachment 292107

In terms of registry entries, PassMark shows McAfee now has the last amount of them. The McAfee configurations are now mostly in files, there are some that are mandatory to be in the registry.
View attachment 292106
Install size is also amongst the smallest.
View attachment 292108

View attachment 292109

Orion Malware Cleaner has 0 registry entries, no installation and is just over a megabyte.
Click to expand...
That explains it. Trellix unlike it's counterpart full on McAfee was driver drop happy when i ran this new Stinger.

It was a stinger alright.
 
  • +Reputation
  • Hundred Points
Reactions: Trident and simmerskool
Trellix Stinger Release Notes
Build Number: 13.0.0.581
Build Date: 15-December-2025
New Detections:
  • Exploit-CVE2020-1058
  • Exploit-CVE2020-1060.a
  • Exploit-CVE2020-1060.b
  • Exploit-cve2020-1062.a
  • Exploit-cve2020-1135
  • Exploit-cve2020-1143.a
  • Exploit-cve2020-1153.a
  • FlyStudio-Agent
  • Generic exploit.ma
  • Generic trojan.kf
  • Generic trojan.kg
  • Generic trojan.kk
  • Generic trojan.ky
  • LNK/Downloader.ch
  • Ransom-LockBit
  • Ransom-Sodnkibi
  • Trojan-AutoIt.p
  • Trojan-BlueNoroff
  • Trojan-Packed.c
Enhanced Detections:
  • Coinminer.l
  • Exploit-CVE2019-1367
  • FakeAV-DZ
  • Generic Trojan.arc
  • Generic Trojan.kg
  • Generic Trojan.li
  • Generic Trojan.lj
  • Generic Trojan.ll
  • Generic trojan.jz
  • Generic trojan.kh
  • Generic-Trojan.z
  • PS/Agent.bv
  • Trojan-AitInject.aq
  • Trojan-CoinMiner.n
  • Trojan-PWS.k
  • Trojan-Ransom.a
  • Trojan-Ransom.b
  • Trojan-Trickbot.d
  • VBObfus.g
Click to expand...
Source | Download | ePO (32-bit) | ePO (64-bit) | For X64 Systems
 

You may also like...