Microsoft Defender was flagging Google Chrome updates as "suspicious", again

Earlier today, system administrators on Reddit, among other places, started reporting (1 , 2) that Google Chrome updates were being flagged as "suspicious" by Microsoft Defender for Endpoint. Apparently, Microsoft"s security solution thought that the "goopdate" DLL file was suspicious since it wasn"t signed by Google Updater service (GoogleUpdate.exe).

As you can see in the image below, Twitter user Kevin Gray noticed the following activity on Defender"s end when running the Google Chrome updates:

Microsoft appears to have confirmed that finding was indeed a false positive and has since resolved the bug according to MVP Ota Hirufumi on Twitter:

SERVICE ADVISORY:
[DZ361393] Admins may receive a false positive alert for Google Update on Microsoft Defender for Endpoint monitored devices
Service: Microsoft 365 Defender
Status: ServiceRestored
LastUpdated: 2022-04-20T00:30:32.717Z

— Ota Hirofumi 📖 Microsoft Teams 踏み込み活用術 (@hrfmjp) April 20, 2022

While Microsoft Defender for Home has generally performed quite well in the recent anti-virus rankings for AV-Comparatives and AV-TEST, the enterprise variant of the product has had many instances where it has flagged genuinely harmless files and services as malicious.

For example, last year in February, the same thing had happened as Defender for Endpoint thought Chrome updates were malicious; and very recently, it even wrongly flagged its own Office updates as malware.

Following that incident, Microsoft published a guidance for false positives / negatives to reduce such errors but the move doesn"t seem to have helped much yet.

via BleepingComputer

Report a problem with article
Next Article

Here's a first look at The Walking Dead: Saints & Sinners Chapter 2 for Quest 2 and PCVR

Previous Article

Guide: Add Terminal to Windows 10 Quick Links (WinX) right-click on Start menu