Microsoft Defender ATP blocks Chrome update

Microsoft Defender ATP blocks Chrome update
Chrome 88 for Windows has been available for a few hours, but some users have reported a problem that occurred while updating the browser. A file was detected as a backdoor by Microsoft Defender ATP, the corporate version of the antivirus built into Windows 10.

No backdoor in Chrome: false positive

Several IT administrators have pointed out the strange Microsoft Defender ATP's behavior, posting the software warning message on Twitter, according to which the Chrome 88 installer (specifically the sl.pak file) includes the PHP / Funvalget.A backdoor.

Hey @msftsecresponse - Seeing lots of Defender ATP alerts this morning on C: Program Files (x86) GoogleChromeApplication88.0.4324.104Localessl.pak detected as PHP / Funvalget.A. Can you confirm this is a false positive? SHA256 in reply.

- W. David Winslow (@wdwinslow) February 3, 2021

It is unclear why software that is known to be free of malware has been labeled as dangerous . In any case, Microsoft has reported that this is a false positive:

We fixed an automation error that incorrectly classified the installation package as malware.

Administrators must therefore clear the cache and start the Microsoft Defender ATP update by typing the following commands:

cd% ProgramFiles% \ Windows Defender

MpCmdRun.exe -removedefinitions -dynamicsignatures

MpCmdRun.exe -SignatureUpdate

The problem does not occur with the consumer version of the software built into Windows 10.

Speaking of Microsoft Defender ATP (aka Microsoft Defender for Endpoint), the Redmond company announced that the vulnerability assessment is now available for macOS devices. The feature allows you to discover and fix software and operating system vulnerabilities.

Microsoft Defender for Endpoint shows details of the vulnerabilities and suggests possible remedies. These are the same options that have long been present in Windows 10. The functionality has also been added to Windows 8.1.

Source: ZDNet