[German]Microsoft's Defender for Endpoint (an enterprise security platform, see Got lost in Defender? There is something like a Defender Cheat Sheet available) seems to have run a bit amok once again. Administrators reported that since April 20, 2022, Defender has suddenly deemed updates for the Google Chrome browser as malicious and quarantined them.
The first reports can be found on Twitter, for example, where Kevin Gray informs Microsoft that Microsoft Defender for Endpoint is currently running amok.
There are also reports on Reddit.com that confirm this erratic behavior of Microsoft Defender for Endpoint. For example, this post states:
Defender EPP Blowing Up on Google Updater?
UPDATE: It does appear to be a false positive, likely triggered by a .dll being unsigned in the latest Google Updater service.
Just starting to see EPP hit on suspicious services, however all these seem to be legitimate updating operating on Google applications.
Defender detects a file goopdate.dll or the associated service as malicious and blocks it. The problem is confirmed by other users in the thread. More threads from April 20 can be found here on reddit.com and on Twitter. Affected users will receive a warning:
Multi-stage incident involving Execution & Defense evasion
Microsoft was informed about the false alarm via the above-mentioned tweets. The colleagues from Bleeping Computer picked up on the whole thing in this article and write that Microsoft has already fixed the problems. A Microsoft spokesperson is quoted in the article:
We have determined that these are false positives and have updated the logic for this alert to address the issue, which some customers may have experienced.
This is not the first case of false positives by Defender (see also links at the end of the article). The Bleeping Computer article also cites several past examples. Anyone from the blog's readership who was affected by this false alarm?
Microsoft Defender falsely detected Office updates as ransomware activity (03/16/2022)
Microsoft Defender falsely reports Trojans on Dell computers (March 2, 2022)
Defender signatures cause extreme RAM usage (April 2022)
Microsoft warns of (fixed) Defender spoofing vulnerability
Windows 10: Unwanted reboots due to Microsoft Defender Application Control (WDAC)
Microsoft probably secretly fixes vulnerability in Defender under Windows
Windows Defender: Fixes, Issues and Log4j scanner false alarms
Microsoft Defender Version 1.353.1874.0 version 1.353.1874.0 incorrectly reports Emotet
Got lost in Defender? There is something like a Defender Cheat Sheet available!
Cookies helps to fund this blog: Cookie settings