Main menu


Microsoft Defender flags Google Chrome updates as suspicious

Microsoft Defender for Endpoint has been labelling Google Chrome refreshes conveyed using Google Update as a dubious movement because of a bogus positive issue.

As per Windows framework administrators' reports [1, 2, 3, 4], the security arrangement (previously known as Microsoft Defender ATP) started stamping Chrome refreshes as dubious beginning last evening.

The individuals who experienced this issue announced seeing "Multi-stage occurrence including Execution and Defense avoidance" cautions on impacted Windows endpoints checked involving Defender for Endpoint.

In a Microsoft 365 Defender administration warning given after reports of these disturbing cautions fired appearing on the web, Microsoft uncovered that they were wrongly set off by a bogus positive and not because of noxious movement.

"Administrators might get a bogus positive alarm for Google Update on Microsoft Defender for Endpoint observed gadgets," Microsoft said.

Approximately one and a half hours after the fact, the warning was refreshed, with Redmond saying the bogus positive issue was tended to and the help reestablished.

"We decided these are misleading positive outcomes and we have refreshed the rationale for this caution to determine the issue a few clients might have encountered," a Microsoft representative told BleepingComputer.

Windows administrators have needed to manage various other Defenders for Endpoint bogus positive issues during the most recent two years.

For example, they were hit by a rush of Defender for Endpoint alarms where Office refreshes were labelled as malevolent in admonitions highlighting ransomware conduct distinguished on Windows endpoints.

In November, Defender ATP hindered Office archives and some Office executables from opening or sending off giving another bogus positive labelling of the documents Emotet malware payloads.

After one month, it erroneously showed "sensor altering" cautions connected to the Microsoft 365 Defender scanner for Log4j processes.

Other comparable Defenders for Endpoint issues incorporate cautions of organization gadgets contaminated with Cobalt Strike and Chrome refreshes as PHP indirect accesses, both brought about by misleading positive discoveries.

Update: Added Microsoft proclamation.