No backdoor in Chrome: false positive
Several IT administrators have pointed out the strange Microsoft Defender ATP's behavior, posting the software warning message on Twitter, according to which the Chrome 88 installer (specifically the sl.pak file) includes the PHP / Funvalget.A backdoor.Hey @msftsecresponse - Seeing lots of Defender ATP alerts this morning on C: Program Files (x86) GoogleChromeApplication88.0.4324.104Localessl.pak detected as PHP / Funvalget.A. Can you confirm this is a false positive? SHA256 in reply.
- W. David Winslow (@wdwinslow) February 3, 2021
It is unclear why software that is known to be free of malware has been labeled as dangerous . In any case, Microsoft has reported that this is a false positive:
We fixed an automation error that incorrectly classified the installation package as malware.
Administrators must therefore clear the cache and start the Microsoft Defender ATP update by typing the following commands:
cd% ProgramFiles% \ Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate
The problem does not occur with the consumer version of the software built into Windows 10.
Speaking of Microsoft Defender ATP (aka Microsoft Defender for Endpoint), the Redmond company announced that the vulnerability assessment is now available for macOS devices. The feature allows you to discover and fix software and operating system vulnerabilities.
Microsoft Defender for Endpoint shows details of the vulnerabilities and suggests possible remedies. These are the same options that have long been present in Windows 10. The functionality has also been added to Windows 8.1.
Source: ZDNet