According to Microsoft Defender yesterday, Google Chrome was “suspicious”, and the anti-virus software was flagging updates. It seems Microsoft Defender for Endpoint mistook the “goodplate” DLL file in Chrome as a suspicious file because it did not have a signature from Google Updater (GoogleUpdate.exe).
The false-positive was first seen by user Kevin Gray, who went on Twitter to show Microsoft Defender flagging Google Chrome updates:
Defender for Endpoint going crazy with detections triggered by google updates this evening 😥 pic.twitter.com/9ifNJmWyr2
— Kevin Gray (@thiskevgray) April 19, 2022
Microsoft MVP Ota Hirufumi later confirmed the issue and said the company had already made changes to solve it. False positives are when an anti-virus tool flags a legitimate tool as being infected and warns users about using it.
Of course, Microsoft Defender for Endpoint is the company's enterprise version of the security protection suite. Flagging good software as suspicious is something that can happen, but it seems to occur more frequently on Defender for Endpoint.
Just last month the program was flagging Microsoft's own Office product as suspicious. At the time, Microsoft said it was working on solutions to make false positives less common. It seems those changes have not yet been implemented.
It is worth noting on the home user front, Microsoft Defender is performing well. In February, AV-TEST ranked Defender as one of the top anti-virus tools currently available. German IT firm AV-TEST compared 20 different anti-virus tools, including some of the biggest names on the market.
AV-TEST gives Microsoft Defender a score of 18, the highest mark. That means Windows Defender has the highest possible 6 points across the metrics of Performance, Usability, and Protection.
Tip of the day: Tired of Windows´s default notification and other system sounds? In our tutorial we show you how to change windows sounds or turn off system sounds entirely.