If you have pulled in yesterday's Google Chrome update and use Microsoft Defender for Endpoint, you may be seeing Microsoft's security tool flagging the browser as malicious. While that amusing for those on the outside, for admins it caused confusion and concerns.
While Microsoft Defender for Endpoint is no longer flagging Chrome, it remains unclear if install file was indeed malicious. It is likely this was a mistake from Microsoft's product because the same install files are no longer being flagged.
It is worth noting Microsoft Defender for Endpoint is an enterprise tool. Of course, these days when any program is flagged as malicious admins panic. Organizations face multiple threats from cyber attacks. While a clean install for a Chrome update is unlikely to be malicious, admins cannot take the risk of installing.
The file in question was Chrome version 88.9.4324.104. While Defender for Endpoint was flagging the file, the consumer Microsoft Defender was not. That suggests for some reason the enterprise tool was returning false positives. That can happen, but rarely for a download such as Google Chrome.
False Positive
Neither Microsoft nor Google made a statement above this issue, but some customers say Microsoft did confirm to them it was a false positive. Microsoft provides steps to help admins clear cached detections to prevent Chrome being flagged:
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run “MpCmdRun.exe -SignatureUpdate””
If you're unfamiliar with Microsoft Defender for Endpoint, it was previously Microsoft Defender Advanced Threat Protection (ATP). Windows Defender ATP debuted in 2016 and is mostly for enterprise customers on Windows 10. The service provides an early barrier against cyberattacks, detecting and dealing with incoming threats on enterprise networks.
The wider Windows Defender suite, including ATP, was rebranded as Microsoft Defender in May last year. Microsoft has since rebranded the ATP part to Defender for Endpoint.
Tip of the day:
The Windows default font these days is Segoe UI, a fairly simple and no-nonsense typeface that's used across many of Microsoft's products. However, though some like this subdued style, others look to change Windows font to something with a bit more personality.
Thankfully, Microsoft does let you change Windows fonts, but it doesn't make it particularly easy. I our tutorial we show you how to change system font in Windows 10, or restore it again if you don't like the changes.