Microsofts Defender flags Google Chrome Updates falsely as malicious (April 20, 2022)

Sicherheit (Pexels, allgemeine Nutzung)[German]Microsoft's Defender for Endpoint (an enterprise security platform, see Got lost in Defender? There is something like a Defender Cheat Sheet available) seems to have run a bit amok once again. Administrators reported that since April 20, 2022, Defender has suddenly deemed updates for the Google Chrome browser as malicious and quarantined them.


Advertising

The first reports can be found on Twitter, for example, where Kevin Gray informs Microsoft that Microsoft Defender for Endpoint is currently running amok.

Defender false Google Chrome Update alarm

There are also reports on Reddit.com that confirm this erratic behavior of Microsoft Defender for Endpoint. For example, this post states:

Defender EPP Blowing Up on Google Updater?

UPDATE: It does appear to be a false positive, likely triggered by a .dll being unsigned in the latest Google Updater service.

Just starting to see EPP hit on suspicious services, however all these seem to be legitimate updating operating on Google applications.

Defender detects a file goopdate.dll or the associated service as malicious and blocks it. The problem is confirmed by other users in the thread. More threads from April 20 can be found here on reddit.com and on Twitter. Affected users will receive a warning:

Multi-stage incident involving Execution & Defense evasion

Microsoft was informed about the false alarm via the above-mentioned tweets. The colleagues from Bleeping Computer picked up on the whole thing in this article and write that Microsoft has already fixed the problems. A Microsoft spokesperson is quoted in the article:


Advertising

We have determined that these are false positives and have updated the logic for this alert to address the issue, which some customers may have experienced.

This is not the first case of false positives by Defender (see also links at the end of the article). The Bleeping Computer article also cites several past examples. Anyone from the blog's readership who was affected by this false alarm?

Similar articles:
Microsoft Defender falsely detected Office updates as ransomware activity (03/16/2022)
Microsoft Defender falsely reports Trojans on Dell computers (March 2, 2022)
Defender signatures cause extreme RAM usage (April 2022)
Microsoft warns of (fixed) Defender spoofing vulnerability
Windows 10: Unwanted reboots due to Microsoft Defender Application Control (WDAC)
Microsoft probably secretly fixes vulnerability in Defender under Windows
Windows Defender: Fixes, Issues and Log4j scanner false alarms
Microsoft Defender Version 1.353.1874.0 version 1.353.1874.0 incorrectly reports Emotet
Got lost in Defender? There is something like a Defender Cheat Sheet available!


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.