Search the Community
Showing results for tags 'microsoft defender atp'.
Karlston posted a topic in Security & Privacy NewsMicrosoft Defender ATP detects Chrome updates as PHP backdoors Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. System admins are reporting that Microsoft's enterprise endpoint security platform (previously known as Microsoft Defender ATP) is detecting the sl.pak component in both Chrome 88.0.4324.104 and 88.0.4324.146 (the latest version, released yesterday) installers as a PHP/Funvalget.A backdoor. Even though multiple Microsoft security accounts were tagged on Twitter and the company was also contacted to provide a statement regarding this ongoing issue, Redmond hasn't yet provided an official reply. Reports of Chrome updates tagged as malicious BleepingComputer has also contacted Microsoft for more information and to confirm that this is an issue of a false positive detection but has not heard back. As first reported by ZDNet, according to a screenshot showing the Chrome sl.pak language file being tagged as a backdoor, Microsoft Defender for Endpoint automatically blocks the detected files using quarantine as a remediation action. Defender detecting Chrome installer component as a backdoor (ZDNet) Although Microsoft hasn't yet provided an official statement regarding this issue, at least one report claims that the company has acknowledged it as a false positive and has updated Microsoft Defender's malware definitions. To clear the cached detection on endpoints in their environment, systems admins are advised to update to the latest malware definitions by using this procedure: Go into Defender's directory using a command prompt opened as admin: cd %ProgramFiles%\Windows Defender Run these two commands to clear the current cache and trigger an update: MpCmdRun.exe -removedefinitions -dynamicsignatures and MpCmdRun.exe -SignatureUpdate Microsoft Defender ATP detects Chrome updates as PHP backdoors
steven36 posted a topic in Security & Privacy NewsMicrosoft resolved a known issue causing Microsoft Defender Advanced Threat Protection (ATP) to stop running and fail to send reporting data on some Windows devices after installing the KB4520062 optional non-security update. Some Windows 10 customers affected by the now-fixed bug also received 0xc0000409 errors in the Event Viewer on MsSense.exe according to the known issue's entry. The optional non-security KB4520062 update behind the issue was released on October 15 and it was designed to fix a problem leading to black screens being displayed during startup on the first sign in after installing updates. Microsoft Windows Defender Antivirus not affected The issue was acknowledged by Redmond on October 17, 2019, and it was described as impacting Microsoft Defender ATP on both client and server Windows versions were the Windows 10 October 2018 Update was installed. The full list of affected platforms includes Windows 10 version 1809, Windows 10 Enterprise LTSC 2019, Windows Server version 1809, and Windows Server 2019 platforms. As Microsoft noted on the issue's Windows 10 Health Dashboard entry, the consumer-grade Microsoft Windows Defender Antivirus was not affected by this bug. The company addressed the Microsoft Defender ATP issue in the KB4523205 cumulative update released yesterday, as part of the November 2019 Patch Tuesday. Update and battery drain issues fixed in Windows 10 1903 Yesterday, Redmond also fixed two other known issues introduced over five months ago, causing abnormal battery drain and update installation failures issues on Windows 10 1903 devices. The first resolved issue impacted both client and server Windows 10, version 1903 platforms, while the other affected Windows 10, version 1903 and Windows 10, version 1809 client platforms. The battery drain problems were caused by a range of incompatible Intel Display Audio device drivers (versions 10.25.0.3 through 10.25.0.8). The update failures affected devices where the KB4497935 cumulative update was installed. These Windows 10 1903 known issues were fixed on the same day the Windows 10 November 2019 Update started rolling out (also known as Windows 10, version 1909) with feature improvements and bug fixes. Source
steven36 posted a topic in Security & Privacy NewsMicrosoft says that Microsoft Defender Advanced Threat Protection (ATP) might stop running on Windows 10, version 1809 devices after installing the KB4520062 Cumulative Update. The non-security KB4520062 optional update was released on October 15 and it is designed to fix an issue leading to black screens being displayed at startup during the first sign in after installing an update. KB4520062 also addresses an issue affecting Bluetooth when using certain audio profiles for extended periods and one known to cause high power consumption for devices in Connected Standby mode. Client and server platforms affected, no workaround available Unfortunately, as Microsoft acknowledged today on the Windows 10 Health Dashboard, KB4520062 might also cause the built-in Microsoft Defender ATP anti-malware service to stop running and fail to send report data. Some Windows 10 customers "might also receive a 0xc0000409 error in Event Viewer on MsSense.exe" according to the known issued published today by Microsoft. Redmond says that both client and server versions were the October 2018 Update was installed are affected, the list including the Windows 10 version 1809, Windows 10 Enterprise LTSC 2019, Windows Server version 1809, and Windows Server 2019 platforms. Currently, there is no workaround available for fixing the Microsoft Defender ATP and the company recommends users of platforms affected by this issue to not install the problematic CU. Also, according to Redmond, a solution for this known issue should be available next month, to be pushed out as part of a future update. "At this time, we suggest that devices in an affected environment do not install KB4520062. We are working on a resolution and estimate a solution will be available in mid-November," says Microsoft. Uninstalling the KB4520062 update Since an official workaround is not yet available for those who have already installed the KB4520062 cumulative update and no security mitigations were pushed with it, uninstalling it should fix the Microsoft Defender ATP issues it causes and not increase their devices' attack surface. Microsoft says in the update's details from the Update Catalog that KB4520062 can be removed "by selecting View installed updates in the Programs and Features Control Panel." Uninstalling the KB4520062 update The step by step procedure needed to uninstall this update requires you to open Control Panel, go to Programs > Programs and Features, and click on View installed updates in the left sidebar. Next, right-click on the KB4520062 entry in the list and confirm when asked if "Are you sure you want to uninstall this update?". Next, you'll have to click 'Yes' when asked and then restart your device. Source
mood posted a topic in Security & Privacy NewsMicrosoft Defender ATP now secures networked Linux, macOS devices Microsoft has added support for identifying and assessing the security configurations of Linux and macOS endpoints on enterprise networks using Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection). The secure configuration assessment feature is now in public preview, and it has expanded to include macOS and Linux devices after initially only supporting Windows 10 and Windows Server devices. "With this expansion, organizations can now discover, prioritize, and remediate over 30 known unsecure configurations in macOS and Linux to improve their organization's security posture," Gilad Mittelman, Senior Product Manager at Microsoft, said. "We'll be continuously expanding on the initial set of supported configuration assessments to provide more visibility into your security posture." This feature is implemented as a component of Microsoft Secure Score for Devices used to gauge the security state of enterprise networks to increase the overall security of an organization's endpoints. A higher Microsoft Secure Score for Devices means endpoints on your organization's network are more resilient from cybersecurity threat attacks. Once it reaches general availability, the macOS and Linux configuration assessments will move to the Microsoft Secure Score dashboard. macOS security configuration assessment (Microsoft) This newly added Microsoft Defender for Endpoint feature identifies misconfigured systems and provides recommended actions to increase security. It does that by evaluating the security configuration state of enterprise network devices across the operating system, application, network, accounts, and security controls categories. To increase your endpoints' overall security, you have to remediate the issues added to the security recommendations list. Microsoft Secure Score for Devices will also improve while going through the security recommendations and addressing them one at a time, thus making your org's entire network more resilient against cybersecurity threats and vulnerabilities. The procedure you need to follow to address the issues found by Microsoft Secure Score for Devices while assessing your Linux and macOS network devices is available here. Microsoft Defender for Endpoint was made generally available for Macs in May 2019, and it expanded to Linux devices one year later, in June 2020. Starting with October 2020, Microsoft Defender for Endpoint also provides admins with a report that helps them keep track of vulnerable Windows and macOS devices within their organization's environment. Defender for Endpoint can also help admins discover OS and software vulnerabilities impacting their macOS endpoints. Source: Microsoft Defender ATP now secures networked Linux, macOS devices