Microsoft Defender ATP marks Google Chrome updates as a backdoor

by ·

Some corporate users have discovered that Microsoft Defender Advanced Threat Protection (ATP), the Microsoft antivirus software, reports Google Chrome as a backdoor.

This antivirus software is Microsoft’s endpoint protection software for enterprises. After the report appeared, a large number of enterprise network administrators contacted Microsoft to confirm whether it was a false alarm.

Before Microsoft did not respond, these administrators and some security practitioners tried to conduct their own tests but found that only Microsoft Defender appeared to have such security reports. The Google browser local file was reported as a backdoor program.

This local file should be pushed by Google Chrome through a hot update. Such local files are unlikely to cause security problems.

However, the Microsoft Defender ATP claims that the file is a backdoor program, and Microsoft will automatically block this file so that the update cannot be installed. Of course, the interception is limited to this file.

Users can continue to use Google Chrome without being affected, but if it is a new installation of Google Chrome, it may also be intercepted and the installation process may be abnormal.

As we all know, the false positive rate of Microsoft antivirus software is very high, so many administrators think this is a false positive, and then contact the peers to perform reverse analysis on the file.

Microsoft subsequently published a description of the problem on the support page and admitted that the report was a false positive, and the relevant files did not pose a security threat to the enterprise administrators.

Microsoft did not mention how this problem occurred, only that the report feature is Backdoor: PHP/Funvalget.A.

After the problem lasted for several hours, Microsoft confirmed that it was a false positive and resolved the false positive through the latest virus database update. At present, the enterprise administrator can solve the problem only by updating.

If you cannot install the virus database update in time or there are still false positives, you can use the following method to manually clear the cache detection and install the latest virus database.

cd C:\Program Files\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate

Via: ZDNet

Tags: