[German]According to reports from administrators, Microsoft Defender ATP seems to have incorrectly classified the latest 88 version updates of the Google Chrome browser as malware and quarantined them. However, the problem is now said to have been fixed by a new signature file.
Microsoft Defender ATP is Microsoft’s commercial version of it’s the security solution, which can only be used in corporate environments with certain enterprise licenses. However, that’s exactly where there seems to have been problems with updates to Google Chrome browser version 88 yesterday. I already came across this notice a few hours ago, which various administrators are complaining about on Twitter and on the web.
ZDNet first reported for the incident in the article linked in the above tweet. A screenshot shown there indicates that the Chrome language file sl.pak (solven language customization) in the installer is classified as a backdoor. Microsoft Defender for Endpoint, which is included in the package, then automatically blocks the detected files and quarantines them. In other words, the Google Chrome browser has not received any updates since version v88.0.4324.104, which was released on January 19, 2021.
Microsoft has since fixed this false positive again, with Bleeping Computer quoting a store as saying, “We’ve corrected an automation error that incorrectly classified the installation package as malware.” System administrators should use the commands in an administrative command prompt:
cd %ProgramFiles%\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
to update the signatures of Defender. Then the false alarm should be gone again. Were any of you affected by this incident?
Cookies helps to fund this blog: Cookie settings