Trellix, the cybersecurity firm formed from the merger of McAfee Enterprise and FireEye, disclosed on May 4 that hackers gained unauthorized access to “a portion” of its internal source code repository. The company — which protects over 200 million endpoints across 50,000 business and government customers worldwide — said it immediately brought in outside forensic experts and notified law enforcement.
The good news: Trellix says it found no evidence that attackers altered the source code or tampered with the distribution process used to push software updates to customers. In plain terms, your Trellix security products should not have received any malicious updates as a result of this breach. The investigation is ongoing, and the company has promised to share further details as they become available.
How to check if you’re affected
Affected products include all Trellix endpoint protection, XDR, email security, and network security products. Here is how to assess your exposure:
- If your organization uses Trellix products: monitor the official Trellix security advisories page for any updates related to this incident.
- Verify that your Trellix software versions are current — running the latest release means you are using the most recently vetted build.
- If you are an individual home user, Trellix products are primarily enterprise-focused; standard consumer antivirus users are not directly affected.
- Watch for any unusual behavior in Trellix agents on your endpoints and report anomalies to your security team.