On Thu, 21 May 2020 13:30:20 +1200, I wrote:
A researcher investigating Trend Micro’s antimalware
has discovered a routine in it which appears to be able to tell when
the software is running within Microsoft’s WHQL test suite, so the
code can behave one way during testing and certification, and a
different way while running on ordinary punters’ PCs.
Microsoft seems to have confirmed this, by banning the dodgy driver
part of Trend Micro’s Rootkit Buster
Trend Micro continues to deny any intentional wrongdoing.