If you have pulled in yesterday's Google Chrome update and use Microsoft Defender for Endpoint, you may be seeing Microsoft's security tool flagging the browser as malicious. While that amusing for those on the outside, for admins it caused confusion and concerns. While Microsoft Defender for Endpoint is no longer flagging Chrome, it remains unclear if install file was indeed malicious. It is likely this was a mistake from Microsoft's product because the same install files are no longer being flagged. It is worth noting Microsoft Defender for Endpoint is an enterprise tool. Of course, these days when any program is flagged as malicious admins panic. Organizations face multiple threats from cyber attacks. While a clean install for a Chrome update is unlikely to be malicious, admins cannot take the risk of installing. The file in question was Chrome version 88.9.4324.104. While Defender for Endpoint was flagging the file, the consumer Microsoft Defender was not. That suggests for some reason the enterprise tool was returning false positives. That can happen, but rarely for a download such as Google Chrome.
False PositiveNeither Microsoft nor Google made a statement above this issue, but some customers say Microsoft did confirm to them it was a false positive. Microsoft provides steps to help admins clear cached detections to prevent Chrome being flagged:
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run “MpCmdRun.exe -SignatureUpdate””