Microsoft Defender for Endpoint falsely flags latest Chrome update as malware

An image containing the Microsoft and MIcrosoft Defender logos over a black background

Microsoft Defender for Endpoint (formerly known as Microsoft Defender Advanced Threat Protection) began flagging yesterday’s Google Chrome update as malicious, alarming users and admins and creating confusion among them. Some users took to Twitter to report the behavior and to inquire if the detections were false positives.

The folks over at ZDNet shared an image of the detection, where the software flags the 'sl.pak' file as a “Funvalget backdoor”, which was in line with multiple reports on forums such as VirusTotal. The file in question seems to be related to a language localization that is present in the installer for Chrome version 88.0.4324.104 that began rolling out to users yesterday.

It was not clear, at the time, if there was indeed a security risk with the file, or if the detection was falsely being made. The detection meant that the installer was automatically being blocked on many systems. However, as per ZDNet, the consumer version of the security software is currently not flagging the same install files as malicious.

While the company has not made any public statements yet, at least one user on VirusTotal claims that the Redmond firm has acknowledged the detection as being false positive, and that it has removed the detection. The user adds that the firm has provided steps for admins and users to clear cached detections and pull the latest malware definitions. Here are the steps, which can also be found in the documentation here:

  1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
  2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
  3. Run "MpCmdRun.exe -SignatureUpdate""

It is best for system admins to clear cached detection to remedy the issue with the false positive. This should also unblock the installer for the latest Chrome version.

Report a problem with article
white hat hacker
Next Article

Pay What You Want for a Complete White Hat Hacker Certification Bundle

Steam Game Festival promo reading 'Play What's Next'
Previous Article

Steam Game Festival is back with over 500 demos of upcoming indie games

32 Comments - Add comment

Advertisement